Skip to content
eConsent API

Double Opt-in

Double opt-in adds a confirmation step to consent capture. The consumer must reply affirmatively (YES, Y, CONFIRM, SUBSCRIBE) before their consent becomes active. This is a CTIA best practice for marketing SMS and required by some carriers.

How It Works

Section titled “How It Works”
1. Capture consent with require_double_optin: true
2. eConsent returns a confirmation token + suggested message
3. You send the confirmation message to the consumer
4. Consumer replies YES
5. You forward the reply to POST /v1/sms/confirm-optin
6. Consent becomes active — pre-send checks now allow messages

Step 1: Capture with Double Opt-in

Section titled “Step 1: Capture with Double Opt-in”
POST /v1/sms/capture-consent


{
  "phone": "+15551234567",
  "sending_entity": "Acme Insurance",
  "source": "web_form",
  "consent_language": "...",
  "require_double_optin": true
}

Response:

{
  "consent_id": "cst_sms_abc123",
  "status": "pending_confirmation",
  "double_optin": {
    "confirmation_token": "dopt_a1b2c3d4e5f6",
    "suggested_message": "Reply YES to confirm your subscription to Acme Insurance. Msg&Data rates apply. Reply STOP to cancel.",
    "expires_at": "2026-04-18T14:30:00Z"
  }
}

Step 2: Send Confirmation Message

Section titled “Step 2: Send Confirmation Message”

Use your SMS provider (Twilio, Sinch, etc.) to send the suggested_message to the consumer. You can customize the message — just include a clear call to action for the consumer to reply.

Step 3: Confirm Opt-in

Section titled “Step 3: Confirm Opt-in”

When the consumer replies, forward it to eConsent:

POST /v1/sms/confirm-optin


{
  "phone": "+15551234567",
  "sending_entity": "Acme Insurance",
  "confirmation_token": "dopt_a1b2c3d4e5f6",
  "consumer_response": "YES"
}

Accepted Responses

Section titled “Accepted Responses”

YES, Y, CONFIRM, SUBSCRIBE — case-insensitive.

Response

Section titled “Response”
{
  "consent_id": "cst_sms_abc123",
  "confirmed": true,
  "confirmed_at": "2026-04-17T15:02:00Z"
}

Pre-send Behavior

Section titled “Pre-send Behavior”

Until confirmation is received, pre-send checks return:

{
  "allowed": false,
  "reason": "pending_double_optin",
  "consent_id": "cst_sms_abc123",
  "compliance_notes": [
    "Consent requires double opt-in confirmation which has not been received."
  ]
}

After confirmation, the consent is fully active and pre-send checks allow messages normally.