Skip to main content
GET
/
records
List Own Access Records
curl --request GET \
  --url https://api.central.consent/v1/records \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.central.consent/v1/records"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.central.consent/v1/records', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.central.consent/v1/records",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer <token>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.central.consent/v1/records"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("Authorization", "Bearer <token>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.central.consent/v1/records")
  .header("Authorization", "Bearer <token>")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://api.central.consent/v1/records")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "records": [
    {
      "ak": "ak_691df0c788ca043403b7fa90",
      "data-types": [],
      "lead-controller-name": "Bright Energy Ltd",
      "controller-count": 1,
      "record-metadata": {
        "schema-version": "1.0",
        "controller-arrangement": {
          "controllers": [
            {
              "name": "Bright Energy Ltd",
              "contact-url": "https://bright-energy.com/contact",
              "address": {
                "addressLine1": "221B Baker Street",
                "townCity": "London",
                "postcode": "NW1 6XE",
                "addressLine2": "Marylebone",
                "county": "Greater London"
              },
              "privacy-rights-url": "https://bright-energy.com/your-rights",
              "lia-reference": "LIA-2024-003",
              "statutory-reference": "Energy Act 2023, s.147",
              "storage-conditions": {
                "location": "GB",
                "retention-period": "P2Y"
              }
            }
          ],
          "art26-reference": "JCA-2024-BrightGrid-001"
        },
        "record-identifier": "ak_691df0c788ca043403b7fa90",
        "created-at": "2024-01-15T09:30:00Z",
        "identity-record-ref": "ir_a3c5e7f9b1d3a3c5e7f9b1d3"
      },
      "legal-basis": "uk-consent",
      "purpose": "Energy efficiency analysis and tariff recommendations",
      "expiry": "2023-11-07T05:31:56Z",
      "discovered-access": {
        "mpxn": "1234567890123",
        "organisation-name": "Acme Energy Services Ltd",
        "organisation-reference": "org_abc123def456",
        "first-seen": "2024-06-01",
        "data-types-observed": [],
        "source-reference": "DCC-TX-LOG-2026-03-001",
        "last-seen": "2026-02-28",
        "superseded-by": "ak_691df0c788ca043403b7fa90"
      }
    }
  ],
  "total": 123
}
{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "errors": [
    {
      "error-code": "VAL001",
      "message": "Field 'mpxn' does not match the required pattern."
    }
  ]
}
{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "errors": [
    {
      "error-code": "VAL001",
      "message": "Field 'mpxn' does not match the required pattern."
    }
  ]
}

Authorizations

Authorization
string
header
required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Query Parameters

Filter by legal basis. The legal basis under which the Controller accesses customer data.

Consent basesnotice and access-event.consent must be populated.

ValuePlain nameArticle
uk-consentUK ConsentUK GDPR Art. 6(1)(a)
uk-explicit-consentUK Explicit ConsentUK GDPR Art. 9(2)(a)

Non-consent basesnotice and access-event.consent must be null.

ValuePlain nameArticleSupporting field (on lead controller)
uk-legitimate-interestsUK Legitimate InterestsUK GDPR Art. 6(1)(f)lia-reference
uk-public-taskUK Public TaskUK GDPR Art. 6(1)(e)statutory-reference
uk-legal-obligationUK Legal ObligationUK GDPR Art. 6(1)(c)statutory-reference
uk-contractUK ContractUK GDPR Art. 6(1)(b)
Available options:
uk-consent,
uk-explicit-consent,
uk-legitimate-interests,
uk-public-task,
uk-legal-obligation,
uk-contract
Example:

"uk-consent"

limit
integer
default:200

Maximum number of records to return.

Required range: x <= 500

Response

List of own access records.

response
object
required
records
object[]
required
total
integer
required
Last modified on March 25, 2026