Server-side Verification

For server-side rendering, API endpoints, or any backend operation that depends on consent, use the ConsentForge API to verify consent status before processing data.

When to use server-side verification

Email marketing: verify consent before adding a contact to a list
Analytics pipelines: verify consent before storing behavioral data
Ad tech: verify consent before passing data to a DSP
Any server-side personalization that requires consent

Endpoint

GET https://api.consentforge.com/api/v1/consent/check
Authorization: Bearer YOUR_API_TOKEN

Query parameters

Parameter	Type	Description
`property_id`	string	Your property ID
`user_id`	string	Hashed user identifier (see below)
`category`	string	Consent category to check

Response

{
  "has_consent": true,
  "category": "analytics",
  "receipt_id": "rec_abc123",
  "recorded_at": "2026-03-09T12:00:00Z",
  "policy_version": 3
}

User identifier

The user_id must be a privacy-preserving hash. Use the same hashing method as the ConsentForge runtime:

// SHA-256 of (ip_address + user_agent + property_id + date)
const userId = sha256(`${ip}|${userAgent}|${propertyId}|${date}`);

See the API Authentication docs for your API token.

Do not store raw IPs

The ConsentForge API never stores raw IP addresses. Always hash before querying.

When to use server-side verification​

Endpoint​

Query parameters​

Response​

User identifier​

When to use server-side verification

Endpoint

Query parameters

Response

User identifier