--- title: Agreement Accept Consent description: An authentication flow can prompt users to consent to (or reject) an agreement. The agreement to which users must consent is configured in the sign-on policy. The flow determines whether consent is required based on the agreement configuration and the user's consent history. If the user does not have any recorded consents that satisfy any of the agreement languages, then the flow requires user consent. component: pingone-api page_id: pingone-api:auth:flows/registration-and-verification/agreement-accept-consent canonical_url: https://developer.pingidentity.com/pingone-api/auth/flows/registration-and-verification/agreement-accept-consent.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Agreement Accept Consent ## ```none POST {{authPath}}/{{envID}}/flows/{{flowID}} ``` An authentication flow can prompt users to consent to (or reject) an agreement. The agreement to which users must consent is configured in the sign-on policy. The flow determines whether consent is required based on the agreement configuration and the user's consent history. If the user does not have any recorded consents that satisfy any of the agreement languages, then the flow requires user consent. ### Prerequisites * Refer to [Flows](../flows-1.html) for important overview information. * Send an authorize request to get a flow ID: [Authorize](../../openid-connect-oauth-2/authorize-intro.html). Refer also to [Login action authentication flow](../../../foundations/authentication-concepts/pingone-authentication-flow-states/login-action.html) and [Authorization and authentication](../../../foundations/authentication-concepts.html). * Start the flow: [Read Flow](../flows-1/read-flow.html). * Refer also to the `AGREEMENT_CONSENT_REQUIRED` flow state in the [Flow status values table](../flows-1.html). | | | | - | --------------------------------------------------------------------------------- | | | If the user refuses to consent to the terms of service agreement, the flow fails. | The `POST /{{envID}}/flows/{{flowID}}` operation uses the `application/vnd.pingidentity.user.consent+json` custom media type in the request header to specify that a consent action is required. > **Collapse: Request Model** > > | Property | Type | Required? | > | -------- | ------- | --------- | > | `accept` | Boolean | Required | ### Headers Content-Type      application/vnd.pingidentity.user.consent+json ### Body raw ( application/vnd.pingidentity.user.consent+json ) ```json { "accept": true } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{authPath}}/{{envID}}/flows/{{flowID}}' \ --header 'Content-Type: application/vnd.pingidentity.user.consent+json' \ --data '{ "accept": true }' ``` ```csharp var options = new RestClientOptions("{{authPath}}/{{envID}}/flows/{{flowID}}") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/vnd.pingidentity.user.consent+json"); var body = @"{" + "\n" + @" ""accept"": true" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{authPath}}/{{envID}}/flows/{{flowID}}" method := "POST" payload := strings.NewReader(`{ "accept": true }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/vnd.pingidentity.user.consent+json") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /{{envID}}/flows/{{flowID}} HTTP/1.1 Host: {{authPath}} Content-Type: application/vnd.pingidentity.user.consent+json { "accept": true } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/vnd.pingidentity.user.consent+json"); RequestBody body = RequestBody.create(mediaType, "{\n \"accept\": true\n}"); Request request = new Request.Builder() .url("{{authPath}}/{{envID}}/flows/{{flowID}}") .method("POST", body) .addHeader("Content-Type", "application/vnd.pingidentity.user.consent+json") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{authPath}}/{{envID}}/flows/{{flowID}}", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/vnd.pingidentity.user.consent+json" }, "data": JSON.stringify({ "accept": true }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{authPath}}/{{envID}}/flows/{{flowID}}', 'headers': { 'Content-Type': 'application/vnd.pingidentity.user.consent+json' }, body: JSON.stringify({ "accept": true }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{authPath}}/{{envID}}/flows/{{flowID}}" payload = json.dumps({ "accept": True }) headers = { 'Content-Type': 'application/vnd.pingidentity.user.consent+json' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{authPath}}/{{envID}}/flows/{{flowID}}'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/vnd.pingidentity.user.consent+json' )); $request->setBody('{\n "accept": true\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{authPath}}/{{envID}}/flows/{{flowID}}") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/vnd.pingidentity.user.consent+json" request.body = JSON.dump({ "accept": true }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"accept\": true\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/flows/{{flowID}}")!,timeoutInterval: Double.infinity) request.addValue("application/vnd.pingidentity.user.consent+json", forHTTPHeaderField: "Content-Type") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 200 OK ```json { "_links": { "self": { "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/00003344-4d27-4d08-8ebf-3153104acf80" } }, "id": "00003344-4d27-4d08-8ebf-3153104acf80", "session": { "id": "44b31cb5-39b2-414a-8b20-9a9d178c591c" }, "resumeUrl": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/resume?flowId=00003344-4d27-4d08-8ebf-3153104acf80", "status": "COMPLETED", "createdAt": "2021-10-07T18:24:57.154Z", "expiresAt": "2021-10-07T18:40:17.259Z", "_embedded": { "user": { "id": "c8c726b0-b38f-4c77-99e3-0e87365c537a", "username": "agreement_user_1633631083", "name": { "given": "Test", "family": "AgreementUser" } }, "application": { "name": "WebAppWithAgreement_1633630997" } } } ```