Endpoint
POST /server/clickwrap/{slug}/capture
Authentication
This endpoint requires authentication via API key. Include your API key in the X-API-Key header:
X-API-Key: ca_your_api_key_here
Path Parameters
| Parameter | Type | Required | Description |
|---|
slug | string | Yes | Unique identifier for the clickwrap |
Request Body
| Field | Type | Required | Description |
|---|
user_identifier | string | Yes | Stable identifier for the end user (e.g. email or internal user ID) |
event_type | string | Yes | Type of interaction: accepted, viewed, checked, scrolled_to_bottom |
metadata | object or null | No | Arbitrary key-value pairs to attach to the event record |
ip_address | string or null | No | End user’s IP address at the time of acceptance. Recommended for legal validity — the API caller’s IP is never substituted |
user_agent | string or null | No | End user’s user agent string. Recommended for legal validity — the API caller’s user agent is never substituted |
Request Example
curl -X POST "https://platform.chamelio.ai/server/clickwrap/privacy-policy/capture" \
-H "X-API-Key: ca_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"user_identifier": "user@example.com",
"event_type": "accepted",
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"metadata": {"session_id": "sess_abc123", "product": "checkout"}
}'
import requests
slug = "privacy-policy"
url = f"https://platform.chamelio.ai/server/clickwrap/{slug}/capture"
headers = {
"X-API-Key": "ca_your_api_key_here",
"Content-Type": "application/json"
}
body = {
"user_identifier": "user@example.com",
"event_type": "accepted",
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"metadata": {"session_id": "sess_abc123", "product": "checkout"}
}
response = requests.post(url, headers=headers, json=body)
print(response.json())
const slug = "privacy-policy";
const response = await fetch(
`https://platform.chamelio.ai/server/clickwrap/${slug}/capture`,
{
method: 'POST',
headers: {
'X-API-Key': 'ca_your_api_key_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
user_identifier: 'user@example.com',
event_type: 'accepted',
ip_address: '203.0.113.42',
user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...',
metadata: { session_id: 'sess_abc123', product: 'checkout' }
})
}
);
const data = await response.json();
console.log(data);
Response
Success Response
Status Code: 200 OK
Response Fields
| Field | Type | Description |
|---|
acknowledged | boolean | Always true when the event was recorded successfully |
Error Responses
401 Unauthorized
Returned when authentication fails. See the authentication errors section for details.
{
"detail": "Invalid API key"
}
404 Not Found
Returned when no active clickwrap or active version exists for the given slug.
{
"detail": "Clickwrap 'privacy-policy' not found"
}
500 Internal Server Error
Returned when the request fails due to a server error.
{
"detail": "Internal server error"
}
Notes
Capture always targets the currently active version. You cannot capture an event against an older or draft version via this endpoint.
Because this is a service-to-service endpoint, the API caller’s IP address and user agent are never used as the end user’s origin data. Always pass the actual end user’s ip_address and user_agent in the request body for legally valid acceptance records.
Use event_type: "accepted" to record the user’s explicit consent. Other event types (viewed, checked, scrolled_to_bottom) can be used to capture engagement signals for your own audit trail.
Use Cases
This endpoint is useful for:
- Server-side consent capture - Record acceptance from a backend flow where the clickwrap was rendered in your own UI
- Audit trails - Store
ip_address, user_agent, and metadata (e.g. session ID, product context) for compliance records
- Multi-step flows - Record intermediate events (
viewed, scrolled_to_bottom) before the final accepted event