# grantAssessmentConsent

Source: /openapi/thomas-federated.openapi.json

## Operation

| Method | URL |
|---|---|
| POST | https://api.thomas.co/v1/assessments/{resultId}/consent |

| Field | Value |
|---|---|
| operationId | grantAssessmentConsent |
| method | POST |
| server | https://api.thomas.co/v1 |
| path | /assessments/{resultId}/consent |
| tags | `Behaviour` |
| summary | Grant consent to share an assessment result with a tenant |
| badges | None |

## Request Parameters

| Name | In | Required | Schema | Description |
|---|---|---|---|---|
| resultId | path | true | string |  |

## Request Body

| Content type | Schema refs |
|---|---|
| application/json | #/components/schemas/ConsentBodyDto |

## Responses

| Status | Description | Schema refs |
|---|---|---|
| 200 | Consent already exists (idempotent) | #/components/schemas/ConsentResponseDto |
| 201 | Consent granted, result shared with tenant | #/components/schemas/ConsentResponseDto |
| 400 | Malformed resultId or result not scored | #/components/schemas/ApiErrorResponseDto |
| 401 | Invalid or missing authentication token (AUTH_TOKEN_INVALID) | #/components/schemas/ApiErrorResponseDto |
| 403 | Cannot consent to share another user's result | #/components/schemas/ApiErrorResponseDto |
| 404 | Assessment result not found | #/components/schemas/ApiErrorResponseDto |

## Artifact Examples

### Response 400 example

```json
{
  "statusCode": 400,
  "message": "Validation failed (uuid is expected)",
  "error": "HTTP_BAD_REQUEST"
}
```

### Response 401 example

```json
{
  "statusCode": 401,
  "message": "Invalid or missing authentication token",
  "error": "AUTH_TOKEN_INVALID"
}
```

### Response 403 example

```json
{
  "statusCode": 403,
  "message": "Cannot consent to share another user's result",
  "error": "CONSENT_FORBIDDEN"
}
```

### Response 404 example

```json
{
  "statusCode": 404,
  "message": "Assessment result not found",
  "error": "CONSENT_RESULT_NOT_FOUND"
}
```
