> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clickterm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify clickwrap Signature

> Validate a Signature returned by the SDK after a user accepts or declines.
Creates a **Clickwrap Event** and generates a **Certificate of Acceptance**.

This is the only billed endpoint — each successful verification counts
toward your usage.

**Authenticated** — requires `X-APP-ID` and `X-APP-KEY` headers.




## OpenAPI

````yaml /openapi/clickterm-public-api.yaml post /clickwrap/verify
openapi: 3.0.3
info:
  title: ClickTerm Public Client API
  version: '1.0'
  description: |
    The ClickTerm Public Client API lets you integrate legally-binding
    consent management into your application. Use it alongside the
    ClickTerm Web SDK or Android SDK.

    **Authentication:** Most endpoints require `X-APP-ID` and `X-APP-KEY`
    headers. The exceptions are `GET /clickwrap` and `POST /clickwrap`,
    which use the public `appId` in query/body parameters and do not
    require the App Key.
  contact:
    name: ClickTerm Support
    url: https://clickterm.com
    email: support@clickterm.com
servers:
  - url: https://api.clickterm.com/public-client/v1
    description: Production
security: []
tags:
  - name: Clickwrap
    description: >-
      Core clickwrap operations — fetch templates, record acceptance, verify
      Signatures
  - name: Events
    description: Clickwrap event details, certificates, and consent status
  - name: Templates
    description: Template discovery and metadata
paths:
  /clickwrap/verify:
    post:
      tags:
        - Clickwrap
      summary: Verify clickwrap Signature
      description: >
        Validate a Signature returned by the SDK after a user accepts or
        declines.

        Creates a **Clickwrap Event** and generates a **Certificate of
        Acceptance**.


        This is the only billed endpoint — each successful verification counts

        toward your usage.


        **Authenticated** — requires `X-APP-ID` and `X-APP-KEY` headers.
      operationId: verifySignature
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - clicktermSignature
              properties:
                clicktermSignature:
                  type: string
                  description: The Signature returned by the SDK after user action
            example:
              clicktermSignature: eyJhbGciOiJSUzI1NiIs...
      responses:
        '200':
          description: Signature verified, event details returned
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VerifyResponse'
              example:
                clickwrapEventStatus: ACCEPTED
                clickwrapEventId: 123e4567-e89b-12d3-a456-426614174000
                clickwrapTemplateId: 987e6543-e21b-45d3-b321-426614174999
                clickwrapTemplateVersion: 1
                clickwrapTemplateVersionMinor: 0
                endUserId: user-123
                templatePlaceholders: '{"email":"user@example.com"}'
                technicalMetadata: '{"userAgent":"Mozilla/5.0...","ip":"203.0.113.42"}'
                actionAt: '2026-03-23T14:30:00Z'
                effectiveAt: '2026-03-23T14:00:00Z'
        '400':
          description: Invalid Signature or missing parameters
        '401':
          description: Invalid App Key or App Id
        '409':
          description: Event is already verified
      security:
        - appIdHeader: []
          appKeyHeader: []
      x-codeSamples:
        - lang: curl
          label: cURL
          source: >
            curl -X POST
            https://api.clickterm.com/public-client/v1/clickwrap/verify \
              -H "X-APP-ID: YOUR_APP_ID" \
              -H "X-APP-KEY: YOUR_APP_KEY" \
              -H "Content-Type: application/json" \
              -d '{"clicktermSignature": "SIGNATURE_FROM_SDK"}'
        - lang: javascript
          label: Node.js
          source: |
            const response = await fetch(
              "https://api.clickterm.com/public-client/v1/clickwrap/verify",
              {
                method: "POST",
                headers: {
                  "X-APP-ID": process.env.CLICKTERM_APP_ID,
                  "X-APP-KEY": process.env.CLICKTERM_APP_KEY,
                  "Content-Type": "application/json",
                },
                body: JSON.stringify({
                  clicktermSignature: signatureFromSdk,
                }),
              }
            );
            const event = await response.json();
        - lang: python
          label: Python
          source: |
            import requests

            response = requests.post(
                "https://api.clickterm.com/public-client/v1/clickwrap/verify",
                headers={
                    "X-APP-ID": CLICKTERM_APP_ID,
                    "X-APP-KEY": CLICKTERM_APP_KEY,
                    "Content-Type": "application/json",
                },
                json={"clicktermSignature": signature_from_sdk},
            )
            event = response.json()
        - lang: java
          label: Java
          source: |
            HttpResponse<String> response = Unirest.post(
                "https://api.clickterm.com/public-client/v1/clickwrap/verify")
              .header("X-APP-ID", "YOUR_APP_ID")
              .header("X-APP-KEY", "YOUR_APP_KEY")
              .header("Content-Type", "application/json")
              .body("{\"clicktermSignature\":\"SIGNATURE_FROM_SDK\"}")
              .asString();
components:
  schemas:
    VerifyResponse:
      type: object
      description: Response from the verify endpoint after successful Signature validation
      properties:
        clickwrapEventStatus:
          type: string
          enum:
            - ACCEPTED
            - DECLINED
          description: The verified status of the clickwrap event
        clickwrapEventId:
          type: string
          format: uuid
          description: Unique identifier for the created Clickwrap Event
        clickwrapTemplateId:
          type: string
          format: uuid
          description: The clickwrap template shown to the end user
        clickwrapTemplateVersion:
          type: integer
          description: Major version number of the template
        clickwrapTemplateVersionMinor:
          type: integer
          description: Minor version number of the template
        endUserId:
          type: string
          description: The end user identifier provided in the SDK call
        templatePlaceholders:
          type: string
          nullable: true
          description: >-
            JSON-encoded placeholder values submitted during the session, or
            null if none were provided
        technicalMetadata:
          type: string
          description: JSON-encoded client metadata (IP address, user agent, device info)
        actionAt:
          type: string
          format: date-time
          description: When the end user performed the action (UTC, ISO-8601)
        effectiveAt:
          type: string
          format: date-time
          description: When the clickwrap template version became effective (UTC, ISO-8601)
  securitySchemes:
    appIdHeader:
      type: apiKey
      in: header
      name: X-APP-ID
      description: |
        Your application's App ID, sent as the `X-APP-ID` header.
        Must be accompanied by `X-APP-KEY` for authenticated endpoints.
    appKeyHeader:
      type: apiKey
      in: header
      name: X-APP-KEY
      description: Your application's secret App Key (server-side only)

````