Skip to main content
Prerequisites: A completed SDK integration that returns a Signature, and your App ID + App Key for server-side calls.
After your end user accepts or declines a clickwrap, the SDK creates an event in ClickTerm and returns a Signature. The event remains unverified until your backend sends this Signature to ClickTerm’s verification endpoint. Verification confirms the Signature hasn’t been forged or tampered with and marks the event as verified. For accepted events, a Certificate of Acceptance is generated. Why it matters: Verification ensures the Signature hasn’t been forged or tampered with, providing proof of consent, security, and legal validity for clickwrap agreements.
Never expose your App Key in client-side code. The App Key is used only for backend verification calls. The client SDK uses only the App ID. Store the App Key safely — it won’t display again after creation, but can be regenerated. Regenerating the key requires updating your backend configuration.

Endpoint

POST https://api.clickterm.com/public-client/v1/clickwrap/verify

Request

HttpResponse<String> response = Unirest.post(
    "https://api.clickterm.com/public-client/v1/clickwrap/verify")
  .header("X-APP-ID", "YOUR_APP_ID")
  .header("X-APP-KEY", "YOUR_APP_KEY")
  .header("Content-Type", "application/json")
  .body("{\"clicktermSignature\":\"SIGNATURE_FROM_SDK\"}")
  .asString();

Request body

ParameterRequiredDescription
clicktermSignatureYesThe Signature returned by the SDK after the user’s action

Response

{
  "clickwrapEventStatus": "ACCEPTED",
  "clickwrapEventId": "123e4567-e89b-12d3-a456-426614174000",
  "clickwrapTemplateId": "987e6543-e21b-45d3-b321-426614174999",
  "clickwrapTemplateVersion": 1,
  "clickwrapTemplateVersionMinor": 0,
  "endUserId": "user-123",
  "templatePlaceholders": "{\"email\":\"[email protected]\"}",
  "technicalMetadata": "{\"userAgent\":\"Mozilla/5.0...\",\"ip\":\"203.0.113.42\"}",
  "actionAt": "2026-03-23T14:30:00Z",
  "effectiveAt": "2026-03-23T14:00:00Z"
}

Response fields

FieldTypeDescription
clickwrapEventStatusStringACCEPTED or DECLINED
clickwrapEventIdUUIDUnique identifier for this event
clickwrapTemplateIdUUIDThe template shown to the end user
clickwrapTemplateVersionIntegerMajor version number
clickwrapTemplateVersionMinorIntegerMinor version number
endUserIdStringThe end user identifier you provided
templatePlaceholdersStringJSON-encoded placeholder values (or null)
technicalMetadataStringIP address, user agent, and other client metadata
actionAtTimestampWhen the user’s action occurred (UTC, ISO-8601)
effectiveAtTimestampWhen this template version became effective (UTC, ISO-8601)

Framework examples

@RestController
@RequestMapping("/api")
public class ConsentController {

    @Value("${clickterm.app-id}")
    private String appId;

    @Value("${clickterm.app-key}")
    private String appKey;

    @PostMapping("/verify-consent")
    public ResponseEntity<?> verifyConsent(@RequestBody Map<String, String> body) {
        HttpResponse<String> response = Unirest.post(
            "https://api.clickterm.com/public-client/v1/clickwrap/verify")
          .header("X-APP-ID", appId)
          .header("X-APP-KEY", appKey)
          .header("Content-Type", "application/json")
          .body(Map.of("clicktermSignature", body.get("clicktermSignature")))
          .asString();

        // Parse and handle the response
        return ResponseEntity.ok(response.getBody());
    }
}
Requests to /clickwrap/verify are counted toward billing. Implement rate limiting or a Captcha check before this step to prevent abuse from end users.
Until verification is performed, the Clickwrap Event will be visible on the ClickTerm Dashboard but will remain in an Unverified state.
If a user declines the agreement, the event is still verified but no Certificate of Acceptance is generated. It is up to your application to decide how to handle this (e.g., blocking the user journey, restricting features, or allowing continued access).

Next steps

Download certificates

Retrieve the Certificate of Acceptance PDF.

Check consent status

Query whether an end user has accepted the latest version.

API reference

Full request/response details for the verify endpoint.