> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goteal.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Record Authorisation Acceptance



## OpenAPI

````yaml POST /authorisations
openapi: 3.0.1
info:
  title: Payroll API
  description: A full flagged payroll api provided by Teal
  version: 1.0.0
servers:
  - url: https://api.sandbox.goteal.co
    description: Sandbox server for experiments
  - url: https://api.goteal.co
    description: Production server
security:
  - ApiKeyAuth: []
  - MemberBearerAuth: []
paths:
  /authorisations:
    description: >-
      User authorisation records track when users accept authorisation terms,
      including acceptance metadata for audit purposes.
    post:
      summary: Records a user accepting a authorisation term.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthorisationAcceptance'
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreatedAuthorisation'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/UnauthorizedApiKey'
        '404':
          description: User or term not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotFound'
components:
  schemas:
    AuthorisationAcceptance:
      type: object
      required:
        - user_id
        - user_agent
      properties:
        user_id:
          type: string
          format: uuid
          description: The ID of the user accepting the authorisation
          example: 95a0e70b-fe02-4f47-aef9-2efff279df71
        term_id:
          type: string
          format: uuid
          description: >-
            The ID of the authorisation term being accepted. If not provided,
            auto-resolves to the latest active term based on user's recurring
            check configuration.
          example: 550e8400-e29b-41d4-a716-446655440000
        user_agent:
          type: string
          description: User agent string of the browser or application
          example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
        ip_address:
          type: string
          description: >-
            Optional IP address of the user. If not provided, captured from
            request headers. Use when recording authorisation via
            server-to-server calls.
          example: 192.168.1.1
        fingerprint:
          type: string
          description: Optional device or browser fingerprint for additional verification
          example: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
    CreatedAuthorisation:
      allOf:
        - required:
            - id
            - status
            - accepted_at
            - created_at
            - ip_address
            - is_valid
          properties:
            id:
              type: string
              format: uuid
              description: Unique identifier for the authorisation record
              example: 7f3b8c2a-1d4e-4f6a-8b8c-9a0b1c2d3e4f
            status:
              $ref: '#/components/schemas/AuthorisationStatus'
            ip_address:
              type: string
              description: >-
                IP address of the user at time of acceptance (captured from
                request headers or provided in request)
              example: 192.168.1.1
            is_valid:
              type: boolean
              description: >-
                Whether this authorisation is currently valid. True when status
                is active AND the associated term is active.
              example: true
            accepted_at:
              $ref: '#/components/schemas/Date'
              description: Server timestamp when the authorisation was accepted
            revoked_at:
              $ref: '#/components/schemas/Date'
              description: Server timestamp when the authorisation was revoked
              nullable: true
            expires_at:
              $ref: '#/components/schemas/Date'
              description: >-
                Expiry timestamp for the authorisation. Present for one-time
                authorisations, which expire 1 day after acceptance. Null for
                recurring authorisations.
              nullable: true
            created_at:
              $ref: '#/components/schemas/Date'
              description: When the authorisation record was created
        - $ref: '#/components/schemas/AuthorisationAcceptance'
    NotFound:
      type: object
      properties:
        errors:
          type: string
          description: An array of messages describing the not found errors
          example:
            - >-
              The resource with id [8be3bb60-5ab4-4bd2-90e6-3b015691a827] does
              not exist
    AuthorisationStatus:
      type: string
      description: The status of a authorisation record
      enum:
        - active
        - revoked
        - expired
      example: active
    Date:
      type: string
      format: date-time
      example: '2019-05-17T00:00:00.000Z'
    Error:
      required:
        - errors
      type: object
      properties:
        errors:
          type: array
          items:
            type: string
          description: An array of messages describing the errors
          example:
            - The request is missing the required field `name`
    Unauthorized:
      type: object
      properties:
        errors:
          type: string
          description: An array of messages describing the errors
          example:
            - No X-API-KEY header provided or wrong value
  responses:
    BadRequest:
      description: Bad request if one of the required parameters is missing
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnauthorizedApiKey:
      description: Unauthorized if the X-API-KEY is not provided or is wrong
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Unauthorized'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
    MemberBearerAuth:
      type: http
      scheme: bearer
      description: >-
        Bearer token for authentication. The token should be the one returned by
        the "/members/signin"

````