Verify Access Record
Returns the full access record for a given access key. Called by Data Providers before releasing meter data.
Authentication: Unauthenticated by design. The access key acts as the credential; treat it as a secret.
Note on PII: This endpoint returns no PII. The person-property relationship
(MPxN, address, move-in date, identity verification) is held in the linked
Identity Record, which is accessible only to authenticated Data Users via
GET /identity-records/{ir}. The identity-record-ref in record-metadata
provides the link.
Verification checklist (all record types):
access-event.statemust beACTIVE.access-event.expirymust be in the future, or null.- At least one controller in
record-metadata.controller-arrangement.controllersmust match the organisation you have a verified commercial relationship with on your platform. Forjointarrangements, verify against theleadentry. - The data types being requested must be within
processing.data-types. - Log
response.transaction-idfor your audit trail.
Additional checks by legal basis:
- Consent records: confirm
access-event.consent.consent-typeis appropriate for the data category being released. - Legitimate interests: confirm
lia-referenceis present on the lead controller entry inrecord-metadata.controller-arrangement. - Public task / legal obligation: confirm
statutory-referenceis present on the lead controller entry inrecord-metadata.controller-arrangement.
Path Parameters
The access key issued at registration. Unique opaque identifier for an access record, issued by the register on creation. Treat as a secret — possession enables access verification.
^ak_[0-9a-f]{24}$"ak_691df0c788ca043403b7fa90"
Response
Access record found and returned.
The full access record returned for verification. notice and access-event.consent will be null for non-consent records.

