POST /v1/sms/capture-consent

Captures a consumer’s consent to receive SMS messages. Generates an HMAC-SHA256 signed consent record with a unique certificate ID.

Request

POST https://sms.econsent.org/v1/sms/capture-consent
Authorization: Bearer ec_sms_YOUR_KEY
Content-Type: application/json

{
  "phone": "+15551234567",
  "sending_entity": "Acme Insurance LLC",
  "source": "web_form",
  "consent_type": "prior_express_written",
  "consent_language": "By submitting this form, you consent to receive marketing text messages from Acme Insurance. Msg & Data rates may apply. Reply STOP to unsubscribe.",
  "scope": ["marketing"],
  "captured_at": "2026-04-17T14:30:00Z"
}

Field	Type	Required	Description
`phone`	string	Yes	Consumer phone number
`sending_entity`	string	Yes	Your business name
`source`	string	Yes	`web_form`, `keyword_opt_in`, `api`, `inherited`, `paper`
`consent_type`	string	No	`prior_express_written` (default), `prior_express`, `implied`
`consent_language`	string	No	The actual disclosure text shown to the consumer
`scope`	array	No	`["marketing"]`, `["transactional"]`, or both
`captured_at`	string	No	ISO 8601 timestamp (defaults to now)
`require_double_optin`	boolean	No	Set `true` to require confirmation before consent is active

Response

{
  "consent_id": "cst_sms_abc123def456",
  "consent_type": "prior_express_written",
  "source": "web_form",
  "signature": "a59f6d81c8795ecd71d308e65a525acc...",
  "evidence_url": "https://verify.econsent.org/c/cst_sms_abc123def456",
  "status": "captured"
}

Double Opt-in

When require_double_optin: true, the consent is created in a pending state:

{
  "consent_id": "cst_sms_abc123def456",
  "status": "pending_confirmation",
  "double_optin": {
    "confirmation_token": "dopt_a1b2c3d4e5f6",
    "suggested_message": "Reply YES to confirm your subscription to Acme Insurance. Msg&Data rates apply. Reply STOP to cancel.",
    "expires_at": "2026-04-18T14:30:00Z"
  }
}

Send the suggested message to the consumer. When they reply YES, call the confirm endpoint.