record consent acceptance for the half-authenticated user and resume the sign-in (which may then return `mfa_required` or `complete`).
POST
End-user session operationId: accept_consent/v1/auth/consent/accept Authorization
Called from the browser with the publishable application id (x-application-id); the access token lives in memory.
Request body · required
doc_typesstring[]The document types the user accepted (each recorded at its current version).
pending_tokenstring requiredThe `pending_token` from the `consent_required` sign-in response.
Responses
200 Consent recorded; sign-in continued
{
"data": {
"consent_documents": [
{
"doc_type": null,
"url": null,
"version": null
}
],
"mfa": {
"methods": [
null
],
"pending_token": "string"
},
"pending_token": "string",
"status": "string",
"tokens": {
"aal": 0,
"access_token": "string",
"expires_in": 0,
"refresh_token": "string",
"session_id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
"token_type": "string"
},
"user": {
"created_at": "2026-01-15T09:30:00Z",
"email_verified": false,
"id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
"primary_email": "string",
"profile": {},
"status": "string"
}
},
"error": {
"code": "string",
"message": "string"
},
"meta": {
"timestamp": "string"
},
"success": false
} 401 Invalid or expired pending token
Request
curl -X POST "http://localhost:8080/v1/auth/consent/accept" \
-H "Content-Type: application/json" \
-d '{
"doc_types": [
"string"
],
"pending_token": "string"
}'Try it
live requestPOST
http://localhost:8080/v1/auth/consent/accept