Core Feature

Consent Management

A consent session is a single, user-approved request. The user scans a QR and approves with biometrics; your app is notified by webhook. The same primitive powers login, transactions, document signing, and identity verification.

Consent intents

IntentUse case
LOGINPasswordless sign-in for a returning, enrolled user
TRANSACTIONApprove a payment or high-value action with biometrics
SIGNATUREBiometrically sign a document
OAUTHShare verified identity claims (see Verify with MID)

Create a consent session

POST
/v1/consents/auth

Create a consent session and return a QR payload

Request Body

ParameterTypeRequiredDescription
clientIdstringYesYour application's client ID
recipientstringYesThe enrolled user's phone number
intentstringYesLOGIN, TRANSACTION, SIGNATURE, or OAUTH
callbackUrlstringYesSigned webhook URL for the approval result
transactionobjectYes{ type, description, amount, currency, payee }
Create consent session
curl -X POST 'https://api.mobid.io/v1/consents/auth' \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "your_client_id",
    "recipient": "+2348012345678",
    "intent": "LOGIN",
    "callbackUrl": "https://yourapp.com/api/mid/webhook",
    "transaction": {
      "type": "LOGIN",
      "description": "Sign in to YourApp",
      "amount": 0,
      "currency": "NGN",
      "payee": "your_client_id"
    }
  }'
Response
{
  "code": 201,
  "error": false,
  "message": "Consent created successfully",
  "data": {
    "sessionId": "b0f2…",
    "qr": "<base64 png>",
    "status": "pending"
  }
}

Rendering the QR

Render data.qr, or fetch a PNG directly from GET /v1/consents/qr/{type}/{sessionId}. The MID app encodes the session as mid://auth/{sessionId}.

Session lifecycle

A session moves pending → APPROVED (or expires after 5 minutes). On approval MID posts a signed webhook to your callbackUrl. For OAUTH intent, the webhook also carries the verified claims.

GET
/v1/consents/auth/:sessionId

Fetch consent details by session ID

Next steps

For identity verification, use the Verify with MID guide (OAUTH intent). For handling the result, see Webhooks.