Recipe

Record cookie consent from your edge

Record a visitor’s cookie choices to the consent endpoint from your server, not the browser. When someone interacts with your cookie banner, have your edge validate the choice and forward it to POST /public/v1/consent. The record is appended to a PECR audit trail — never overwritten — so you always have evidence of what was agreed and when.

2 min read

edge-sideServer forwards, not browser
append-onlyPECR audit trail
PECR §6Cookie consent, not credit

Step 1 — validate at your edge

Your server is the trust boundary. Validate the visitor’s banner interaction first — the endpoint accepts the forwarded snapshot without a CSRF check precisely because your edge already did that check.

Step 2 — forward the snapshot

curl -sS -X POST https://hub.credicorp.co.uk/public/v1/consent \
  -H 'Content-Type: application/json' \
  -d '{"analytics":true,"marketing":false}'

Step 3 — it is appended, not replaced

Every snapshot is appended to the PECR audit trail. A change of mind is a new record on top, not an edit — so the history is complete and tamper-evident.

This endpoint is for cookie consent only. Credit-application consent (agreeing to a search, to terms) is a separate store and must never be sent here. See the reference.

Frequently asked questions

Should the browser call the consent endpoint directly?

No. Forward it from a trusted server-side client that has already validated the banner interaction. Your edge is the CSRF/origin trust boundary.

Can I overwrite a previous consent record?

No. The store is append-only for PECR integrity. Record a new snapshot on top; the old one stays for the audit trail.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.