Data Users

List Access Records for a Meter Point

Returns all Access Records and Discovered Records for a given meter point.

Role: data_user — scoped to MPxNs the caller has a registered Access Record for (any state). Returns 403 if the caller has no record for the requested MPxN. This prevents Data Users from querying arbitrary meter points.

Role: portal — can query any MPxN, but must supply a confirmed reidentification-token as a query parameter. The token proves the customer is present and has consented to the lookup. Obtain the token via POST /identity-records/reidentify. The token is consumed on use.

To allow customers to view all access records across all Data Users, Data Users should redirect customers to the Central Customer Portal rather than calling this endpoint themselves.

GET

meter-points

{mpxn}

access-records

List Access Records for a Meter Point

curl --request GET \
  --url https://api.central.consent/v1/meter-points/{mpxn}/access-records \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "mpxn": "1234567890123",
  "access-records": [
    {
      "ak": "ak_691df0c788ca043403b7fa90",
      "data-types": [],
      "lead-controller-name": "Bright Energy Ltd",
      "controller-count": 1,
      "record-metadata": {
        "schema-version": "1.0",
        "controller-arrangement": {
          "controllers": [
            {
              "name": "Bright Energy Ltd",
              "contact-url": "https://bright-energy.com/contact",
              "address": {
                "addressLine1": "221B Baker Street",
                "townCity": "London",
                "postcode": "NW1 6XE",
                "addressLine2": "Marylebone",
                "county": "Greater London"
              },
              "privacy-rights-url": "https://bright-energy.com/your-rights",
              "lia-reference": "LIA-2024-003",
              "statutory-reference": "Energy Act 2023, s.147",
              "storage-conditions": {
                "location": "GB",
                "retention-period": "P2Y"
              }
            }
          ],
          "art26-reference": "JCA-2024-BrightGrid-001"
        },
        "record-identifier": "ak_691df0c788ca043403b7fa90",
        "created-at": "2024-01-15T09:30:00Z",
        "identity-record-ref": "ir_a3c5e7f9b1d3a3c5e7f9b1d3"
      },
      "legal-basis": "uk-consent",
      "purpose": "Energy efficiency analysis and tariff recommendations",
      "expiry": "2023-11-07T05:31:56Z",
      "discovered-access": {
        "mpxn": "1234567890123",
        "organisation-name": "Acme Energy Services Ltd",
        "organisation-reference": "org_abc123def456",
        "first-seen": "2024-06-01",
        "data-types-observed": [],
        "source-reference": "DCC-TX-LOG-2026-03-001",
        "last-seen": "2026-02-28",
        "superseded-by": "ak_691df0c788ca043403b7fa90"
      }
    }
  ]
}

Authorizations

Authorization

string

header

required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Path Parameters

mpxn

string

required

Meter Point Administration Number (MPAN) or Meter Point Reference Number (MPRN).

Pattern: ^(?:[0-9A-HJ-NPR-Z]{2}[0-9]{8,10}|[0-9]{10})$

Example:

"1234567890123"

Query Parameters

state

enum<string>

Filter by record lifecycle state. Omit to return all states. Lifecycle state of the access record.

ACTIVE — access is registered and in force.
EXPIRED — the record's expiry has passed.
REVOKED — the Controller has removed their registration, or the customer has withdrawn consent. Retained for audit with access-event.revoked-at set.
DISCOVERED — a sparse record created by the DCC from historic meter transaction logs. The organisation has not yet registered as a Data User. Visible to customers for transparency but cannot authorise data release. Transitions to superseded when the organisation registers a full record.

Available options:

ACTIVE,

EXPIRED,

REVOKED,

DISCOVERED

legal-basis

enum<string>

Filter by legal basis. Omit to return all bases. The legal basis under which the Controller accesses customer data.

Consent bases — notice and access-event.consent must be populated.

Value	Plain name	Article
`uk-consent`	UK Consent	UK GDPR Art. 6(1)(a)
`uk-explicit-consent`	UK Explicit Consent	UK GDPR Art. 9(2)(a)

Non-consent bases — notice and access-event.consent must be null.

Value	Plain name	Article	Supporting field (on lead controller)
`uk-legitimate-interests`	UK Legitimate Interests	UK GDPR Art. 6(1)(f)	`lia-reference`
`uk-public-task`	UK Public Task	UK GDPR Art. 6(1)(e)	`statutory-reference`
`uk-legal-obligation`	UK Legal Obligation	UK GDPR Art. 6(1)(c)	`statutory-reference`
`uk-contract`	UK Contract	UK GDPR Art. 6(1)(b)	—

Available options:

uk-consent,

uk-explicit-consent,

uk-legitimate-interests,

uk-public-task,

uk-legal-obligation,

uk-contract

Example:

"uk-consent"

reidentification-token

string

Required for portal role accounts. A confirmed token-ref obtained via POST /identity-records/reidentify. Proves the customer is present. Consumed on use — a new token is required for each portal session.

Response

Access record list returned successfully.

response

object

required

Show child attributes

mpxn

string

required

Meter Point Administration Number (MPAN) or Meter Point Reference Number (MPRN).

Pattern: ^(?:[0-9A-HJ-NPR-Z]{2}[0-9]{8,10}|[0-9]{10})$

Example:

"1234567890123"

access-records

object[]

required

Show child attributes

Last modified on March 25, 2026

List Own Access RecordsReturns all Access Records registered by the authenticated Data User, scoped to their DUID. Supports filtering by state and legal basis. This is the correct endpoint for a Data User listing their own registrations. Use `GET /meter-points/{mpxn}/access-records` to see all Data Users' records for a specific meter point (e.g. for a customer-facing portal view).

List Access Records for a Meter Point

curl --request GET \
  --url https://api.central.consent/v1/meter-points/{mpxn}/access-records \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "mpxn": "1234567890123",
  "access-records": [
    {
      "ak": "ak_691df0c788ca043403b7fa90",
      "data-types": [],
      "lead-controller-name": "Bright Energy Ltd",
      "controller-count": 1,
      "record-metadata": {
        "schema-version": "1.0",
        "controller-arrangement": {
          "controllers": [
            {
              "name": "Bright Energy Ltd",
              "contact-url": "https://bright-energy.com/contact",
              "address": {
                "addressLine1": "221B Baker Street",
                "townCity": "London",
                "postcode": "NW1 6XE",
                "addressLine2": "Marylebone",
                "county": "Greater London"
              },
              "privacy-rights-url": "https://bright-energy.com/your-rights",
              "lia-reference": "LIA-2024-003",
              "statutory-reference": "Energy Act 2023, s.147",
              "storage-conditions": {
                "location": "GB",
                "retention-period": "P2Y"
              }
            }
          ],
          "art26-reference": "JCA-2024-BrightGrid-001"
        },
        "record-identifier": "ak_691df0c788ca043403b7fa90",
        "created-at": "2024-01-15T09:30:00Z",
        "identity-record-ref": "ir_a3c5e7f9b1d3a3c5e7f9b1d3"
      },
      "legal-basis": "uk-consent",
      "purpose": "Energy efficiency analysis and tariff recommendations",
      "expiry": "2023-11-07T05:31:56Z",
      "discovered-access": {
        "mpxn": "1234567890123",
        "organisation-name": "Acme Energy Services Ltd",
        "organisation-reference": "org_abc123def456",
        "first-seen": "2024-06-01",
        "data-types-observed": [],
        "source-reference": "DCC-TX-LOG-2026-03-001",
        "last-seen": "2026-02-28",
        "superseded-by": "ak_691df0c788ca043403b7fa90"
      }
    }
  ]
}

Documentation Index

Authorizations

Path Parameters

Query Parameters

Response