Verify Consent Server-Side

Use this when you need to confirm consent before server-side operations like email sends, data exports, or analytics pipelines.

When to verify server-side

Adding a user to a marketing email list
Storing behavioral data in your data warehouse
Passing data to a third-party API (CRM, ad platform)
Server-side rendering of personalised content

Step 1: Get your API token

Account → API Keys → Create Key with scope receipts:read.

Step 2: Build the user identifier

The identifier must match what ConsentForge uses in the browser. The runtime hashes: {ip}|{userAgent}|{propertyId}|{date} using SHA-256.

const crypto = require('crypto');

function buildUserId(ip, userAgent, propertyId) {
  const date = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
  const raw = `${ip}|${userAgent}|${propertyId}|${date}`;
  return crypto.createHash('sha256').update(raw).digest('hex');
}

async function hasConsent(ip, userAgent, propertyId, category) {
  const userId = buildUserId(ip, userAgent, propertyId);

  const res = await fetch(
    `https://api.consentforge.com/api/v1/consent/check?property_id=${propertyId}&user_id=${userId}&category=${category}`,
    { headers: { Authorization: `Bearer ${process.env.CONSENTFORGE_API_KEY}` } }
  );

  if (!res.ok) return false;
  const { has_consent } = await res.json();
  return has_consent;
}

// Usage:
const canEmail = await hasConsent(req.ip, req.headers['user-agent'], 'prop_abc', 'marketing');
if (canEmail) {
  await addToEmailList(user.email);
}

Caching

Cache consent check results for up to 5 minutes to avoid excessive API calls on high-traffic endpoints. Consent changes are rare within a single session.

When to verify server-side​

Step 1: Get your API token​

Step 2: Build the user identifier​

Step 3: Check consent​

Caching​

When to verify server-side

Step 1: Get your API token

Step 2: Build the user identifier

Step 3: Check consent

Caching