Create Consent Receipts in Bulk

post

https://{hostname}/request/v1/consentreceipts/bulk

Use this API when bulk importing consent receipts. This bulk endpoint optimizes performance when processing a large number of consent transactions simultaneously.

🗒
Things to Know

Each collection point must first be set up in the OneTrust Platform to generate a valid JWT, which must be present in the request payload. The JWT can be found on the Integrations tab of the Collection point details screen or via the Get Collection Point Token API.

Response times may vary depending on the number of receipts being processed. Consider implementing appropriate timeout handling in your integration.

In most cases, further authorization is not required. However, additional information for setting up authenticated consent can be found here when needed.

OneTrust recommends including no more than 10 purposes per consent receipt, with an absolute maximum of 20 purposes.

The default rate limit for imports is 3k Calls/Minute and 3M Receipts/Day.

Please validate all inputs before sending data to a Custom API collection point. This API does not perform data type validation to ensure high performance and fast response times. However, invalid data will not be passed to the data subject.

Body Params

requestInformation

string

required

length ≥ 1

The JSON web token (JWT) for a collection point.

test

boolean

Defaults to false

This flag indicates whether the receipt is for testing purposes.

generateInstantLinkToken

boolean

Defaults to false

This flag indicates whether to generate a data subject link token (JWT) that expires after 12 months. This operates independently from the Magic Link settings configured within Global Settings. This parameter is only supported for API-type collection points and cannot be used in conjunction with the shortLinkToken parameter.

shortLinkToken

boolean

Defaults to false

This flag indicates whether to generate a data subject link token with a reduced character length. This parameter cannot be used in conjunction with the generateInstantLinkToken parameter.

consentString

object

The details of the consent string that carries and encodes the data subject's consent choices.

receiptOptions

array of objects

The details of the receipt option.

receiptOptions

source

object

The source details of the consent interaction.

language

string

The language set for the data subject.

identifier

string

required

The data subject identifier of the data subject.

parentPrimaryIdentifiers

array of objects

The parent identifiers to link to a child data subject. This is used when the Enable Parent-child relationship on this collection point setting is enabled for a collection point.

parentPrimaryIdentifiers

dsDataElements

object

The additional information about the data subject provided during their consent interaction.

customPayload

object

This parameter can be used to store custom data in key value pairs against the receipt. The total size of the customPayload data should not exceed 4000 characters.

additionalIdentifiers

object

Additional identifiers for the request, such as secondary email addresses

attachments

array of objects

The details of the uploaded files that contain written consent records. A maximum of 20 attachments can be referenced.

attachments

purposes

array of objects

The details of the purposes involved in the consent interaction.

purposes

interactionDate

string

The date and time that the data subject interacted with the collection point.

privacyNotices

array of objects

The details of the privacy notice linked to the collection point.

privacyNotices

geoLocation

object

The data subject's location where consent was provided.

enableDataElementDateValidation

boolean

Defaults to false

This flag indicates whether interaction date validation is enabled when updating data element values. If set to true, data element values will be overwritten only if the interaction date of the receipt is later than the last updated date of the data subject.

identifierType

string

The type of data subject identifier used for the data subject's primary identifier.

Headers

authorization

string

The signed JWT that can be verified with the Public Key created in the OneTrust application. The value must include the type "Bearer" and should also include a "sub" claim that matches the identifier parameter value.

Responses

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

200OK

429Too Many Requests. For more information, see API Rate Limits.