Skip to main content
POST
/
{locale}
/
sms
/
consent
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "client_ip": "192.168.1.100",
    "client_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "consent_page_url": "https://example.com/newsletter"
  }'

{
  "success": true,
  "message": "Marketing consent registered successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "consent_date": "2025-01-15T10:30:00Z"
  },
  "code": 200
}

Register Marketing Consent

Register or revoke marketing consent for a phone number. Use this endpoint to maintain GDPR-compliant records of consent obtained through your website, app, or other channels.
Marketing consent can also be registered when sending SMS by including marketing_consent: true in the send request.

Path Parameters

locale
string
required
Language code (e.g., lt, en)

Authentication

X-API-Key
string
required
API key from Partners Portal
X-API-Secret
string
required
API secret from Partners Portal

Request Body

Required Fields

phone_number
string
required
Phone number to register consent for. E.164 format recommended.Example: "+37061234567"
consent_given
boolean
required
  • true - Register consent (opt-in)
  • false - Revoke consent (opt-out)
consent_source
string
default:"api"
Source/channel where consent was obtained.Examples: "website_form", "pos", "app", "phone_call"
client_ip
string
The actual IP address of the end user who gave consent. Important for GDPR compliance.Example: "192.168.1.100"
Do NOT send your server’s IP address. Send the actual end user’s IP.
client_user_agent
string
Browser/device user agent string of the person who gave consent.Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64)..."
consent_page_url
string
URL of the page/form where consent was obtained.Example: "https://example.com/newsletter-subscribe"

Response

success
boolean
Whether the consent was registered successfully
message
string
Status message
data
object
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "client_ip": "192.168.1.100",
    "client_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "consent_page_url": "https://example.com/newsletter"
  }'

{
  "success": true,
  "message": "Marketing consent registered successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "consent_date": "2025-01-15T10:30:00Z"
  },
  "code": 200
}

GDPR Best Practices

1

Collect Client Information

Always capture the end user’s IP address and user agent when obtaining consent. Do not use your server’s IP.
2

Record Consent Source

Use descriptive consent_source values like website_form, checkout_page, mobile_app, pos_terminal.
3

Include Page URL

Record consent_page_url to prove where consent was obtained.
4

Handle Opt-Outs

Immediately process opt-out requests by calling this endpoint with consent_given: false.
GDPR Compliance NoteYou are responsible for ensuring your consent collection process meets GDPR requirements:
  • Clear and unambiguous consent request
  • Separate consent for different purposes
  • Easy way to withdraw consent
  • Keep records of when and how consent was obtained

Send SMS

Send SMS with consent registration in one call

SMS Overview

Complete SMS API documentation