# Log a cookie consent action

**Publié le** : 2026-05-12
**Catégorie** : Analytics & Tracking

## `POST /cookie-consent/log`

**Log a cookie consent action**

Record the visitor's cookie-consent choice. Stores the consent
decision (per-category booleans plus a top-level "all accepted"
marker), the resolved consent mode, the user-agent, and the
timestamp. The endpoint is spam-protected on the same contract as
form submissions, but typical clients hit it once per session.
Status code: 200, not 201.

### Request Body

Content-Type: `application/json`

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `visitorId` | string | Yes | Required. 1-64 characters |
| `sessionId` | string | No | Analytics session ID |
| `action` | "accept_all" \| "reject_all" \| "customize" \| "withdraw" | Yes | Required. One of: accept_all, reject_all, customize, withdraw |
| `consentGiven` | object | Yes | Required |
| `pageUrl` | string | No | Max 2048 characters |


### Responses

| Status | Description |
| --- | --- |
| `201` | Successful response |
| `422` | Validation error |


> **Notes:** Returns 200, not 201. Spam protection applies. Rate-limit bucket:
> public-submit. On spam rejection: 403. On validation failure: 422.

### Examples

```curl
curl -X POST "https://api.lynkow.com/public/{siteId}/cookie-consent/log" \
  -H "Content-Type: application/json" \
  -d '{ "consent": { "necessary": true, "analytics": false }, "acceptedAll": false, "honeypot": "", "timestamp": "2026-05-12T14:32:18.000Z" }'
```

```javascript
await fetch(`https://api.lynkow.com/public/${siteId}/cookie-consent/log`, {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    consent: { necessary: true, analytics: false },
    acceptedAll: false,
    honeypot: '',
    timestamp: new Date().toISOString(),
  }),
})
```

### Response Example

```json
"{\n  \"data\": { \"message\": \"Consent logged successfully\" }\n}\n"
```

---