Consent Management API
Note
The Consent Management API is available globally to all Twilio Programmable Messaging customers. It supports cross-channel consent synchronization across RCS, SMS, and MMS channels.
Customers using Twilio's Compliance Toolkit obtain default access to the API.
To request access, reach out to Twilio Support or contact your sales representative for more information on enablement and pricing.
Twilio's Consent Management API lets you bulk manage user consent preferences globally across your messaging channels. Use it to store, sync, or update opt-in, opt-out, and re-opt-in statuses for your users across RCS, SMS, and MMS channels, along with details about how and when consent was collected.
With this API, you can manage the following user consent states across RCS, SMS, and MMS channels:
| Consent status | Description |
|---|---|
opt in | The user has provided valid consent to receive messages. |
opt out | The user has revoked consent or replied with STOP-like keywords. This blocks future messages. |
opt in | Handled as re-opt-in. The user has opted in again after a prior opt-out. Overrides STOP keyword to resume messaging. |
Note: STOP keyword override applies to all messages sent, except US Toll-free numbers. Toll-free opt out handling is managed at the network level in the US.
Twilio limits the Consent Management API to 100 requests per minute. Once you reach this limit, the API returns an HTTP 429 "Too Many Requests" response. If you need support for higher rate limits, contact Twilio Support.
Consent Management API has a timeout value of three seconds.
These properties are returned in the JSON response.
A list of objects where each object represents the result of processing a correlation_id. Each object contains the following fields: correlation_id, a unique 32-character UUID that maps the response to the original request; error_code, an integer where 0 indicates success and any non-zero value represents an error; and error_messages, an array of strings describing specific validation errors encountered. If the request is successful, the error_messages array will be empty.
POST https://accounts.twilio.com/v1/Consents/Bulk
Creates up to 25 consents for an authenticated account. If a consent already exists, it will be updated (via upsert) to match the requested object.
Every Consent object should be associated with a unique correlation_id, allowing you to track each individual request within the bulk operation.
If any issues arise during the processing of a consent object, an error will be returned and mapped specifically to that consent's correlation_id. This allows you to pinpoint and address issues for individual contacts.
For detailed information on possible failures and how to resolve them, refer to error code 30646, which provides guidance on common errors such as incorrect phone number format, missing required fields, and other validation issues.
application/x-www-form-urlencodedThis is a list of objects that describes a contact's opt-in status. Each object contains the following fields: contact_id, which must be a string representing phone number in E.164 format; correlation_id, a unique 32-character UUID used to uniquely map the request item with the response item; sender_id, which can be either a valid messaging service SID or a from phone number; status, a string representing the consent status. Can be one of [opt-in, opt-out]; source, a string indicating the medium through which the consent was collected. Can be one of [website, offline, opt-in-message, opt-out-message, others]; date_of_consent, an optional datetime string field in ISO-8601 format that captures the exact date and time when the user gave or revoked consent. If not provided, it will be empty.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function createBulkConsents() {11const bulkConsent = await client.accounts.v1.bulkConsents.create({12items: [13{14contact_id: "+19999999991",15correlation_id: "ad388b5a46b33b874b0d41f7226db2ef",16sender_id: "MG00000000000000000000000000000000",17date_of_consent: "2025-02-28T10:05:27Z",18status: "opt-in",19source: "website",20},21{22contact_id: "+447700900077",23correlation_id: "02520cfa6c432f0e3ec3a38c122d428d",24sender_id: "+12345678901",25date_of_consent: "2025-02-25T14:30:00Z",26status: "opt-out",27source: "opt-out-message",28},29{30contact_id: "+173800900067",31correlation_id: "8u344b9a46b33b874b0d41f7776hb72f",32sender_id: "rcs:test_-_twilio_4n2azqfk_agent",33date_of_consent: "2025-02-25T14:30:00Z",34status: "opt-out",35source: "offline",36},37],38});3940console.log(bulkConsent.items);41}4243createBulkConsents();
Response
1{2"items": [3{4"contact_id": "+19999999991",5"correlation_id": "ad388b5a46b33b874b0d41f7226db2ef",6"sender_id": "MG00000000000000000000000000000000",7"date_of_consent": "2025-02-28T10:05:27Z",8"status": "opt-in",9"source": "website"10},11{12"contact_id": "+447700900077",13"correlation_id": "02520cfa6c432f0e3ec3a38c122d428d",14"sender_id": "+12345678901",15"date_of_consent": "2025-02-25T14:30:00Z",16"status": "opt-out",17"source": "opt-out-message"18},19{20"contact_id": "+173800900067",21"correlation_id": "8u344b9a46b33b874b0d41f7776hb72f",22"sender_id": "rcs:test_-_twilio_4n2azqfk_agent",23"date_of_consent": "2025-02-25T14:30:00Z",24"status": "opt-out",25"source": "offline"26}27]28}
Each item in the response matches the submitted correlation_id. This enables tracing of validation errors for specific contacts.
When a user replies with a standard opt-out keyword (such as STOP) to a message sent through a Twilio Messaging Service, Twilio automatically creates two distinct opt-out records to ensure compliance:
- An opt-out at the Messaging Service level.
- An opt-out at the individual Sender level (the specific Twilio phone number that delivered the message).
While these records exist, any subsequent message attempt to this user fails and returns Error 21610.
If the user later provides valid consent to receive messages again (re-opt-in), you must clear both of these underlying opt-out records. To successfully process a re-opt-in and resume messaging, submit two separate opt-in entries using the Consent Management API.
To restore the user's consent status, execute a request containing the following two updates for the destination number:
- Create an opt-in record using your Messaging Service SID (for example, MGXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) as the
sender_id. This clears the Messaging Service level block. - Create a second opt-in record using the specific
Fromphone number (for example, +1234567XXXX) as thesender_id. This clears the Sender level block.
Once both opt-in entries are successfully processed by the API, Twilio's opt-out blocks are lifted, and your application can immediately resume successful message delivery to the user.
- Use a Messaging Service SID (MGXX...) as your
sender_idto ensure consent and opt-outs are seamlessly synchronized across RCS, SMS, and MMS channels. - Always use a unique
correlation_idper contact update. - Store and update the
date_of_consentto establish proper consent timelines. - Use
status=opt-inwithsourceto update re-opt-in consent records. - Ensure the
contact_idis always passed in proper E.164 format.