Data Providers

Verify Access Record

Returns the full access record for a given access key. Called by Data Providers before releasing meter data.

Authentication: Unauthenticated by design. The access key acts as the credential; treat it as a secret.

Note on PII: This endpoint returns no PII. The person-property relationship (MPxN, address, move-in date, identity verification) is held in the linked Identity Record, which is accessible only to authenticated Data Users via GET /identity-records/{ir}. The identity-record-ref in record-metadata provides the link.

Verification checklist (all record types):

access-event.state must be ACTIVE.
access-event.expiry must be in the future, or null.
At least one controller in record-metadata.controller-arrangement.controllers must match the organisation you have a verified commercial relationship with on your platform. For joint arrangements, verify against the lead entry.
The data types being requested must be within processing.data-types.
Log response.transaction-id for your audit trail.

Additional checks by legal basis:

Consent records: confirm access-event.consent.consent-type is appropriate for the data category being released.
Legitimate interests: confirm lia-reference is present on the lead controller entry in record-metadata.controller-arrangement.
Public task / legal obligation: confirm statutory-reference is present on the lead controller entry in record-metadata.controller-arrangement.

GET

access-records

{ak}

Verify Access Record

curl --request GET \
  --url https://api.central.consent/v1/access-records/{ak}

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "access-record": {
    "record-metadata": {
      "schema-version": "1.0",
      "controller-arrangement": {
        "controllers": [
          {
            "name": "Bright Energy Ltd",
            "contact-url": "https://bright-energy.com/contact",
            "address": {
              "addressLine1": "221B Baker Street",
              "townCity": "London",
              "postcode": "NW1 6XE",
              "addressLine2": "Marylebone",
              "county": "Greater London"
            },
            "privacy-rights-url": "https://bright-energy.com/your-rights",
            "lia-reference": "LIA-2024-003",
            "statutory-reference": "Energy Act 2023, s.147",
            "storage-conditions": {
              "location": "GB",
              "retention-period": "P2Y"
            }
          }
        ],
        "art26-reference": "JCA-2024-BrightGrid-001"
      },
      "record-identifier": "ak_691df0c788ca043403b7fa90",
      "created-at": "2024-01-15T09:30:00Z",
      "identity-record-ref": "ir_a3c5e7f9b1d3a3c5e7f9b1d3"
    },
    "notice": {
      "shared-notice": {
        "terms-url": "https://bright-energy.com/privacy-v3.html",
        "notice-version": "v3.2",
        "notice-language": "en"
      },
      "notices": [
        {
          "controller-name": "Grid Analytics Ltd",
          "terms-url": "https://gridanalytics.com/privacy-v2.html",
          "notice-version": "v2.0",
          "notice-language": "en"
        }
      ]
    },
    "processing": {
      "legal-basis": "uk-consent",
      "purpose": "Energy efficiency analysis and tariff recommendations",
      "data-types": [],
      "jurisdiction": "GB",
      "data-source": "National Grid ESO / MPAS",
      "recipients": [
        {
          "name": "Analytics Co Ltd",
          "role": "Sub-processor",
          "privacy-url": "https://analyticsco.com/privacy"
        }
      ]
    },
    "access-event": {
      "registered-at": "2023-11-07T05:31:56Z",
      "expiry": "2027-11-10T17:07:01.580Z",
      "controller-reference": "REF-00123",
      "consent": {
        "method": "Explicit web checkbox"
      },
      "revoked-at": "2025-06-01T14:22:00Z"
    },
    "reidentification-token": "<string>"
  }
}

Path Parameters

string

required

The access key issued at registration. Unique opaque identifier for an access record, issued by the register on creation. Treat as a secret — possession enables access verification.

Pattern: ^ak_[0-9a-f]{24}$

Example:

"ak_691df0c788ca043403b7fa90"

Response

Access record found and returned.

The full access record returned for verification. notice and access-event.consent will be null for non-consent records.

response

object

required

Show child attributes

access-record

object

required

A data access record covering all lawful bases. The same schema is used regardless of processing.legal-basis. The notice field and access-event.consent sub-object are null for non-consent records and populated for consent records.

Show child attributes

Last modified on March 25, 2026

Look Up a Data User by DUIDReturns profile and status information for a registered Data User organisation identified by DUID. **Intended caller: Data Providers.** When a Data Provider calls `GET /access-records/{ak}` to verify an access record, the response includes a `duid` identifying the organisation that registered the record. Without this endpoint, the Data Provider has no independent means to confirm that the `duid` belongs to an active, known organisation — they can only rely on their own bilateral onboarding records. This endpoint closes that gap by providing a central directory lookup. Data Providers **should** call this endpoint as part of first-time onboarding of a new DUID encountered in a verification response, and **may** call it periodically to detect status changes (e.g. suspension). **Authentication:** Bearer token required. Data Providers must obtain a token via `GET /auth/token` using their own `account_id:secret_key` credentials, which are provisioned separately from Data User credentials. **Note on DUID mapping:** The register intentionally does not map DUIDs to Data Provider platform account IDs — that linkage is the Data Provider's responsibility, as stated in the `GET /access-records/{ak}` verification checklist. This endpoint supplies the canonical human-readable identity (name, status, contact) for the DUID so the Data Provider can confirm the mapping is correct on their side.

Verify Access Record

curl --request GET \
  --url https://api.central.consent/v1/access-records/{ak}

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "access-record": {
    "record-metadata": {
      "schema-version": "1.0",
      "controller-arrangement": {
        "controllers": [
          {
            "name": "Bright Energy Ltd",
            "contact-url": "https://bright-energy.com/contact",
            "address": {
              "addressLine1": "221B Baker Street",
              "townCity": "London",
              "postcode": "NW1 6XE",
              "addressLine2": "Marylebone",
              "county": "Greater London"
            },
            "privacy-rights-url": "https://bright-energy.com/your-rights",
            "lia-reference": "LIA-2024-003",
            "statutory-reference": "Energy Act 2023, s.147",
            "storage-conditions": {
              "location": "GB",
              "retention-period": "P2Y"
            }
          }
        ],
        "art26-reference": "JCA-2024-BrightGrid-001"
      },
      "record-identifier": "ak_691df0c788ca043403b7fa90",
      "created-at": "2024-01-15T09:30:00Z",
      "identity-record-ref": "ir_a3c5e7f9b1d3a3c5e7f9b1d3"
    },
    "notice": {
      "shared-notice": {
        "terms-url": "https://bright-energy.com/privacy-v3.html",
        "notice-version": "v3.2",
        "notice-language": "en"
      },
      "notices": [
        {
          "controller-name": "Grid Analytics Ltd",
          "terms-url": "https://gridanalytics.com/privacy-v2.html",
          "notice-version": "v2.0",
          "notice-language": "en"
        }
      ]
    },
    "processing": {
      "legal-basis": "uk-consent",
      "purpose": "Energy efficiency analysis and tariff recommendations",
      "data-types": [],
      "jurisdiction": "GB",
      "data-source": "National Grid ESO / MPAS",
      "recipients": [
        {
          "name": "Analytics Co Ltd",
          "role": "Sub-processor",
          "privacy-url": "https://analyticsco.com/privacy"
        }
      ]
    },
    "access-event": {
      "registered-at": "2023-11-07T05:31:56Z",
      "expiry": "2027-11-10T17:07:01.580Z",
      "controller-reference": "REF-00123",
      "consent": {
        "method": "Explicit web checkbox"
      },
      "revoked-at": "2025-06-01T14:22:00Z"
    },
    "reidentification-token": "<string>"
  }
}

Documentation Index

Path Parameters

Response