Double opt-in consents

The Double opt-in (DOI) feature provides additional security and peace of mind for compliance for yourself and your users. It’s simple like single opt-in, but requires an additional step for the user to confirm his or her email or mobile (via SMS). With ReachFive, you can even define the preferred communication channel for these DOI consent types directly in the ReachFive Console. For more that, see Consents.

What are the benefits? 🤔

Though not legally required by GDPR, many countries do require it (such as Germany). However, the double opt-in consent ensures that opting in only occurs when the user has confirmed via the email or SMS they are sent in the DOI flow. This ensures that their email and/or mobile number is validated and is added insurance they certainly wanted to opt in to the consent, whether that’s a newsletter subscription or something else.

Integration notes

In some integration cases, it’s likely some users have already gone through the DOI process and therefore, after integrating with ReachFive, you’ll need to be able to update the consent status yourself.

You can update the granted status to true or false for a user with one of the following approaches:

The Management API’s update user profile endpoint.
The Identity API’s update user profile endpoint.
The Import Module by importing user profiles.

To do so, pass the updated granted status in the payload (for API) or as part of the JSON or CSV file (for Imports):

{
  "consent_key": "all-the-things",
  "consent_title": "all the things",
  "consent_type": "double-opt-in",
...
  "granted": true, (1)
  "waiting_double_accept": true, (2)
...
  "user_id": "550e8400-e29b-41d4-a716-446655440000"
}

1	Here, we have updated the `granted` field to `true`.
2	The `waiting_double_accept` creates some conditions which are outlined here.

The table below seeks to help outline the possible scenarios for when you bring in users with some already existing DOI consent statuses.

The Consent Status column shows whether the scenario was accepted, rejected, or is awaiting user acceptance or rejection for the DOI consent.
- Granted status (consent accepted)
- Waiting status (awaiting user action)
- Denied status (consent rejected)
- Bad request
The Payload column represents the fields that you (the ReachFive customer) send as either part of the Management API, Import module, or Identity API.
The Notes column details important information about the scenario represented in the row.

Management API + Imports
Identity API

Consent status Payload Notes

granted: true

In this case, because you’re setting granted to true, it does not matter the status of waiting_double_accept. When passed, it sets the DOI consents status to accepted.

granted: false
waiting_double_accept: true

In this case, because you’re setting granted to false, we look at the status of waiting_double_accept.

Actions:

The user’s acceptance or rejection of the DOI consent will determine the final status in this case.

It’s important to note here that the Import module does not trigger any notification to the user, but instead, this is something you must do yourself.

granted: false
waiting_double_accept: false

In this case, because granted is false and waiting_double_accept is also false, the consent is officially rejected.

granted: null (or absent)
waiting_double_accept: <any status>

In this case, because granted is null or absent, you will receive a 400 Bad request response regardless of the waiting_double_accept status. The granted field must be set to an acceptable true or false value.

Consent status Payload Notes

Consent status	Payload	Notes
	`granted: true`	In this case, because `granted` is `true`, it does not matter the status of `waiting_double_accept`. When passed, it sets the DOI consents status to waiting.
	`granted: false` `waiting_double_accept: true`	If the initial status of the consent is waiting, rejected, or unset, the final status will be waiting. If the initial status is granted, then the final status remains granted, and you’ll receive a `400 Bad request` error saying `"An already accepted double-optin consent cannot be set to the 'waiting' status"`.
	`granted: false` `waiting_double_accept: false`	In this case, because `granted` is `false` and `waiting_double_accept` is also `false`, the consent is officially rejected.
	`granted: null` (or absent) `waiting_double_accept: <any status>`	In this case, because `granted` is null or absent, you will receive a `400 Bad request` response regardless of the `waiting_double_accept` status.

granted: true

In this case, because granted is true, it does not matter the status of waiting_double_accept. When passed, it sets the DOI consents status to waiting.

granted: false
waiting_double_accept: true

If the initial status of the consent is waiting, rejected, or unset, the final status will be waiting.

If the initial status is granted, then the final status remains granted, and you’ll receive a 400 Bad request error saying "An already accepted double-optin consent cannot be set to the 'waiting' status".

granted: false
waiting_double_accept: false

In this case, because granted is false and waiting_double_accept is also false, the consent is officially rejected.

granted: null (or absent)
waiting_double_accept: <any status>

In this case, because granted is null or absent, you will receive a 400 Bad request response regardless of the waiting_double_accept status.

DOI flow

The additional step to the double opt-in is the explicit confirmation from the user, thereby verifying his or her email or phone number and further ensuring opting was the correct action.

doi consent flow

You can configure DOI consent templates directly from your ReachFive Console for both email and SMS.

DOI consent templates

DOI API operations

Currently, we provide 4 different API operations via the Management API for the Double opt-in feature. They are all POST operations.

Double opt-in consents

Integration notes

Field value matrix for consent status

DOI flow

DOI consent templates

DOI API operations