API Overview
Overview of the Consentify REST API, authentication, and error handling.
Consentify exposes two public API tiers.
Base URL
https://consentify.dev
API Tiers
| Tier | Path | Auth | CORS | Purpose |
|---|---|---|---|---|
| Widget API | /api/consent/* | None | Any origin | Called by the embedded widget on customer websites |
| Developer API | /api/v1/* | API key | None | Site management, consent data, analytics |
Authentication
The Developer API (/api/v1/*) requires an API key sent via the x-api-key header:
curl -H "x-api-key: ck_your_api_key" https://consentify.dev/api/v1/sitesAPI keys are generated in the dashboard and use the ck_ prefix. Each key is tied to a user account and grants access to that user's sites only.
Error Format
All errors return a consistent JSON structure:
{
"error": "Human-readable message",
"code": "ERROR_CODE"
}| Code | Status | Description |
|---|---|---|
BAD_REQUEST | 400 | Invalid parameters |
UNAUTHORIZED | 401 | Missing or invalid API key |
FORBIDDEN | 403 | Insufficient permissions |
NOT_FOUND | 404 | Resource not found |
INTERNAL_ERROR | 500 | Server error |
CORS
- Widget endpoints (
/api/consent/*): Any origin allowed —GET,POST,OPTIONS - Developer API (
/api/v1/*): No CORS headers (API key auth, not browser-facing)
TypeScript Types
type ConsentAction = "accept_all" | "reject_all" | "customize";
interface Category {
key: string;
name: string;
description: string;
required: boolean;
default: boolean;
}
interface ConsentEvent {
siteId: string;
action: ConsentAction;
categories?: Record<string, boolean>;
visitorHash: string;
policyVersion?: string;
}