# Callback API - Send Consent Response #### Callback API - Send Consent Response (/api/v1/consent/transaction/callback) This endpoint will be exposed by the service provider to receive authorization status from UAE PASS once the user accepts or rejects the document sharing contest request. | API URL | {SP\_HOST\_URL}/api/v1/consent/transaction/callback | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Method | POST | | Source | UAE PASS | | Target | Service Provider (Data Owner) | | SSL Enabled? | YES | | Communication Mechanism | HTTPS | | Message Type | JSON | | Security | API KEY – needs to be shared with UAEPASS by service provider | | Headers |

X-API-Key: refer to section API Authentication – UAEPASS to SP

X-Timestamp: \[time this request was generated, used in HMAC token generation]

X-UAEPASS-Signature: \[HMAC token] non-repudiation, needs to be implemented by service provider, refer to section API nonrepudiation – HMAC

| #### Request Parameters | Name | Type | Mandatory/ Optional | Description | | -------------------- | ------ | ------------------- | --------------------------------------- | | spTransactionID | String | M | Transaction id | | Status | String | M | Expected Values: \[ACCEPTED – REJECTED] | | uaePassTransactionID | String | O | | #### Sample Request ``` { "spTransactionID": "m9mf2a64pk21v9nolu", "status": "ACCEPTED", "uaePassTransactionID": "cc8bd6a3-38aa-425b-98db-d3d792d8ce7f" } ``` #### cURL Command ``` curl --location --request POST '/callback-url' \ --header 'X-UAEPASS-Signature;' \ --header 'X-Timestamp;' \ --header 'Authorization;' \ --header 'User-Agent: Apidog/1.0.0 (https://apidog.com)' \ --header 'Content-Type: application/json' \ --data-raw '{ "spTransactionID": "string", "uaePassTransactionID": "string", "status": "string" }' ``` ### Response #### Sample Success Response Format * Just successful http status (200). * Don’t return http status code 200 with error messages and return proper http status error code like 401, 409 etc.