Embed the OneTrust Preference Center JavaScript snippet on your page, or use the Preference Center Schema API to build a custom UI; both flows produce a receiptId on submission.
When the onConsentChanged callback fires (or when your custom form POSTs), capture the receiptId from the response payload.
Retrieve the full receipt via GET https://{hostname}/api/consentmanager/v3/receipt/{receiptId} using a server-side call with YOUR_ONETRUST_TOKEN in the Authorization header.
Parse the response to extract the purposes array (each entry has purposeId, status, and timestamp) and persist these to your consent store or data warehouse.
For audits, re-fetch receipts by data-subject identifier using GET https://{hostname}/api/consentmanager/v3/receipt?identifier={email} and compare historic versions.
Expose a self-service endpoint in your app that proxies this call so users can download their own consent record on demand.
Known gotchas
Receipt download URLs are short-lived; do not store the URL, store the receiptId and re-fetch when needed.
The receipts API returns consent state at the time of the interaction only — it does not reflect subsequent revocations unless a new receipt was generated for that revocation event.
GDPR Art. 7(1) requires you to demonstrate that consent was given; the receipt JSON is admissible evidence only if you also store the version of the notice that was displayed, which is a separate policy-snapshot call.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp