Skip to main content
POST
/
{locale}
/
sms
/
consent
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "client_ip": "192.168.1.100",
    "client_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "consent_page_url": "https://example.com/newsletter"
  }'
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": false
  }'
// When user submits newsletter form
async function registerSmsConsent(phoneNumber, clientIp, userAgent) {
  const response = await fetch('https://api.loyalty.lt/lt/sms/consent', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': 'your_api_key',
      'X-API-Secret': 'your_api_secret'
    },
    body: JSON.stringify({
      phone_number: phoneNumber,
      consent_given: true,
      consent_source: 'website_form',
      client_ip: clientIp,  // Pass from server-side
      client_user_agent: userAgent,
      consent_page_url: window.location.href
    })
  });

  const data = await response.json();
  
  if (data.success) {
    console.log('Consent registered successfully');
  }
  
  return data;
}
<?php
// Process newsletter signup form
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $phoneNumber = $_POST['phone'];
    $consentGiven = isset($_POST['sms_consent']) && $_POST['sms_consent'] === 'on';
    
    if ($consentGiven) {
        $response = file_get_contents('https://api.loyalty.lt/lt/sms/consent', false, stream_context_create([
            'http' => [
                'method' => 'POST',
                'header' => [
                    'Content-Type: application/json',
                    'X-API-Key: ' . LOYALTY_API_KEY,
                    'X-API-Secret: ' . LOYALTY_API_SECRET
                ],
                'content' => json_encode([
                    'phone_number' => $phoneNumber,
                    'consent_given' => true,
                    'consent_source' => 'website_form',
                    'client_ip' => $_SERVER['REMOTE_ADDR'],
                    'client_user_agent' => $_SERVER['HTTP_USER_AGENT'],
                    'consent_page_url' => $_SERVER['HTTP_REFERER'] ?? 'https://example.com/subscribe'
                ])
            ]
        ]));
        
        $result = json_decode($response, true);
        
        if ($result['success']) {
            echo "Thank you for subscribing!";
        }
    }
}
import requests

# Register consent
response = requests.post(
    'https://api.loyalty.lt/lt/sms/consent',
    headers={
        'Content-Type': 'application/json',
        'X-API-Key': 'your_api_key',
        'X-API-Secret': 'your_api_secret'
    },
    json={
        'phone_number': '+37061234567',
        'consent_given': True,
        'consent_source': 'website_form',
        'client_ip': '192.168.1.100',
        'client_user_agent': 'Mozilla/5.0...',
        'consent_page_url': 'https://example.com/newsletter'
    }
)

data = response.json()
print(f"Consent registered: {data['data']['consent_date']}")
{
  "success": true,
  "message": "Marketing consent registered successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "consent_date": "2025-01-15T10:30:00Z"
  },
  "code": 200
}
{
  "success": true,
  "message": "Marketing consent revoked successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": false,
    "revoked_at": "2025-01-15T10:35:00Z"
  },
  "code": 200
}
{
  "success": false,
  "message": "Validation failed",
  "code": "VALIDATION_ERROR",
  "errors": {
    "phone_number": ["The phone number format is invalid."],
    "consent_given": ["The consent given field is required."]
  }
}

Register Marketing Consent

Register or revoke marketing consent for a phone number. Use this endpoint to maintain GDPR-compliant records of consent obtained through your website, app, or other channels.
Marketing consent can also be registered when sending SMS by including marketing_consent: true in the send request.

Path Parameters

locale
string
required
Language code (e.g., lt, en)

Authentication

X-API-Key
string
required
API key from Partners Portal
X-API-Secret
string
required
API secret from Partners Portal

Request Body

Required Fields

phone_number
string
required
Phone number to register consent for. E.164 format recommended.Example: "+37061234567"
  • true - Register consent (opt-in)
  • false - Revoke consent (opt-out)
Source/channel where consent was obtained.Examples: "website_form", "pos", "app", "phone_call"
client_ip
string
The actual IP address of the end user who gave consent. Important for GDPR compliance.Example: "192.168.1.100"
Do NOT send your server’s IP address. Send the actual end user’s IP.
client_user_agent
string
Browser/device user agent string of the person who gave consent.Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64)..."
URL of the page/form where consent was obtained.Example: "https://example.com/newsletter-subscribe"

Response

success
boolean
Whether the consent was registered successfully
message
string
Status message
data
object
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "client_ip": "192.168.1.100",
    "client_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "consent_page_url": "https://example.com/newsletter"
  }'
curl -X POST "https://api.loyalty.lt/lt/sms/consent" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "phone_number": "+37061234567",
    "consent_given": false
  }'
// When user submits newsletter form
async function registerSmsConsent(phoneNumber, clientIp, userAgent) {
  const response = await fetch('https://api.loyalty.lt/lt/sms/consent', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': 'your_api_key',
      'X-API-Secret': 'your_api_secret'
    },
    body: JSON.stringify({
      phone_number: phoneNumber,
      consent_given: true,
      consent_source: 'website_form',
      client_ip: clientIp,  // Pass from server-side
      client_user_agent: userAgent,
      consent_page_url: window.location.href
    })
  });

  const data = await response.json();
  
  if (data.success) {
    console.log('Consent registered successfully');
  }
  
  return data;
}
<?php
// Process newsletter signup form
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $phoneNumber = $_POST['phone'];
    $consentGiven = isset($_POST['sms_consent']) && $_POST['sms_consent'] === 'on';
    
    if ($consentGiven) {
        $response = file_get_contents('https://api.loyalty.lt/lt/sms/consent', false, stream_context_create([
            'http' => [
                'method' => 'POST',
                'header' => [
                    'Content-Type: application/json',
                    'X-API-Key: ' . LOYALTY_API_KEY,
                    'X-API-Secret: ' . LOYALTY_API_SECRET
                ],
                'content' => json_encode([
                    'phone_number' => $phoneNumber,
                    'consent_given' => true,
                    'consent_source' => 'website_form',
                    'client_ip' => $_SERVER['REMOTE_ADDR'],
                    'client_user_agent' => $_SERVER['HTTP_USER_AGENT'],
                    'consent_page_url' => $_SERVER['HTTP_REFERER'] ?? 'https://example.com/subscribe'
                ])
            ]
        ]));
        
        $result = json_decode($response, true);
        
        if ($result['success']) {
            echo "Thank you for subscribing!";
        }
    }
}
import requests

# Register consent
response = requests.post(
    'https://api.loyalty.lt/lt/sms/consent',
    headers={
        'Content-Type': 'application/json',
        'X-API-Key': 'your_api_key',
        'X-API-Secret': 'your_api_secret'
    },
    json={
        'phone_number': '+37061234567',
        'consent_given': True,
        'consent_source': 'website_form',
        'client_ip': '192.168.1.100',
        'client_user_agent': 'Mozilla/5.0...',
        'consent_page_url': 'https://example.com/newsletter'
    }
)

data = response.json()
print(f"Consent registered: {data['data']['consent_date']}")
{
  "success": true,
  "message": "Marketing consent registered successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": true,
    "consent_source": "website_form",
    "consent_date": "2025-01-15T10:30:00Z"
  },
  "code": 200
}
{
  "success": true,
  "message": "Marketing consent revoked successfully",
  "data": {
    "phone_number": "+37061234567",
    "consent_given": false,
    "revoked_at": "2025-01-15T10:35:00Z"
  },
  "code": 200
}
{
  "success": false,
  "message": "Validation failed",
  "code": "VALIDATION_ERROR",
  "errors": {
    "phone_number": ["The phone number format is invalid."],
    "consent_given": ["The consent given field is required."]
  }
}

GDPR Best Practices

1

Collect Client Information

Always capture the end user’s IP address and user agent when obtaining consent. Do not use your server’s IP.
2

Record Consent Source

Use descriptive consent_source values like website_form, checkout_page, mobile_app, pos_terminal.
3

Include Page URL

Record consent_page_url to prove where consent was obtained.
4

Handle Opt-Outs

Immediately process opt-out requests by calling this endpoint with consent_given: false.
GDPR Compliance NoteYou are responsible for ensuring your consent collection process meets GDPR requirements:
  • Clear and unambiguous consent request
  • Separate consent for different purposes
  • Easy way to withdraw consent
  • Keep records of when and how consent was obtained

Send SMS

Send SMS with consent registration in one call

SMS Overview

Complete SMS API documentation