# Consent Management source: https://developer.mastercard.com/consent-management/documentation/index.md ## Overview {#overview} **Consent Management APIs** enable consumer purchase data to be shared responsibly by allowing third-party applications to capture the cardholder's consent upon enrolling into Transaction Notifications. #### Quick Glance {#quick-glance} Consent Management allows fintechs who are not able to bulk enrol cardholders through issuers to enrol cardholders into a service by allowing them to give consent themselves for value added services. Consent Management APIs allow cardholders to securely authenticate themselves and enrol in Transaction Notifications. Consent Management APIs leverage existing and familiar authentication technology to allow consumers to enrol their card, authenticate, and manage consents associated with the sharing of transaction data. These APIs also give financial institutions the ability to retrieve and update consent on behalf of the cardholder. ## How It Works {#how-it-works} ### 1. Get Cardholder's Consent {#1-get-cardholders-consent} In order to start receiving Transaction Notifications for your customers, it's important that you obtain consumer permission to receive transaction data. If you are an issuer or a co-brand partner, you may have already obtained this permission as part of your cardholder account agreement. If you are a third-party application and need to obtain direct consumer consent, please go through the [Consent \& Consumer Authentication](https://developer.mastercard.com/consent-management/documentation/) process. The process to obtain consumer consent uses familiar user experiences to securely authenticate cardholders. Transaction Notifications API as a standalone product relies on bulk enrolling cardholders into the service rather than obtaining direct consumer consent. Therefore, if you are a third party who will need direct consumer consent, please integrate with the Consent Management API prior to integrating with the Transaction Notifications API. #### Consent flow using Mastercard UX {#consent-flow-using-mastercard-ux} ![Consent Flow](https://static.developer.mastercard.com/content/consent-management/images/how-it-works-consent.png "Consent Flow") #### Consent flow using Mastercard API {#consent-flow-using-mastercard-api} ![Consent Flow API](https://static.developer.mastercard.com/content/consent-management/images/how-it-works-consent-api.png "Consent Flow API") Tip: In the create consent part of this flow, you receive a **card reference**. This unique identifier will be used for matching transaction notifications to your customers. ## Getting Started {#getting-started} ### Before You Start {#before-you-start} Get set up with a project and learn about authentication. Use our tutorials and sample code to accelerate development. [Quick Start Guide →](https://developer.mastercard.com/consent-management/documentation/tutorials/project-setup/index.md) ### Good To Know {#good-to-know} #### PCI Compliance {#pci-compliance} If you are not PCI compliant, you can use the Mastercard provided Consent Management UI to obtain the consent of cardholders. The consent flow provides an authentication experience that users are familiar with. Mastercard ensures that the cardholder's data is secure and complies with PCI. Once the cardholder has enrolled their card, you will start receiving transaction notifications. We expect that cardholders will need to reauthenticate periodically and that they will be able to easily revoke consent from the service. ## What's Next {#whats-next} #### Use Cases {#use-cases} Check out the use cases section to capture consent either through third-parties or on behalf of banks. [Learn more →](https://developer.mastercard.com/consent-management/documentation/use-cases/index.md) #### Developer Tooling {#developer-tooling} Check out the postman collection section to setup APIs in the Postman tool and reference app to demonstrate some of them on the fly to get up and running in no time. [Learn more →](https://developer.mastercard.com/consent-management/documentation/reference-app/index.md) #### API Reference {#api-reference} Check out our API design. [Learn more →](https://developer.mastercard.com/consent-management/documentation/api-reference/index.md) #### Authentication \& Consent Management UI {#authentication--consent-management-ui} Understand our consent flow, and use Mastercard UX without being PCI compliant. [Learn more →](https://developer.mastercard.com/consent-management/documentation/use-cases/single-card-enrolment/card-auth-consent-ui/index.md) #### Get Ready for Production {#get-ready-for-production} Discover the process to get to production. [Learn more →](https://developer.mastercard.com/consent-management/documentation/quick-start-guide/index.md) #### Talk to us {#talk-to-us} More questions? Let us help you. [Learn more →](https://developer.mastercard.com/consent-management/documentation/support/index.md)