İYS Consent Query API (iys-check)
The iys-check endpoint returns the current İYS (İleti Yönetim Sistemi) consent status for a given recipient. Use it to verify a record submitted via iys-register has been processed, to check ONAY (consent) / RET (rejection) before a commercial send, or to produce audit reports. The call has no side effects and consumes no credits.
Prerequisite: enable API access in the panel
Before calling this endpoint, the Allow API access toggle must be on in your iletiMerkezi panel.
Location:
panel.iletimerkezi.com→ Settings → Security → Access PermissionsIf it is off, every request returns
401 — Üyelik bilgileri hatalı("Authentication failed"). See authentication.md.
Brand code prerequisite. Your account must have an active İYS brand code (
brandCode) provisioned by iletiMerkezi. Without an active İYS subscription the request returns403 — Aktif abonelik bulunamadı("No active subscription").
Endpoint
| Field | Value | |---|---| | Method | POST | | URL | https://api.iletimerkezi.com/v1/consent/show/json | | Content-Type | application/json | | Auth | API Key + Hash (request.authentication) |
Request
Schema
request
├─ authentication
│ ├─ key (string, required)
│ └─ hash (string, required)
└─ consent
├─ brandCode (string|integer, required) — your account's active İYS brand code
├─ recipient (string, required) — phone number or email to look up
├─ recipientType (string, required) — "BIREYSEL" (individual) or "TACIR" (business)
└─ type (string, required) — "MESAJ", "EPOSTA", or "ARAMA"The lookup is single-recipient — unlike
iys-register, there is no list. For bulk audits, call once per recipient.
Full example
{
"request": {
"authentication": {
"key": "API_KEY",
"hash": "API_HASH"
},
"consent": {
"brandCode": 1234,
"recipient": "+905XXXXXXXXX",
"recipientType": "BIREYSEL",
"type": "MESAJ"
}
}
}Response
Success (200)
{
"response": {
"status": {
"code": 200,
"message": "İşlem başarılı"
},
"consent": {
"brandCode": 1234,
"recipient": "+905XXXXXXXXX",
"recipientType": "BIREYSEL",
"type": "MESAJ",
"status": "ONAY",
"source": "HS_WEB",
"consentDate": "2026-04-30 09:15:42"
}
}
}İşlem başarılı means "Request successful" in Turkish.
Fields:
response.consent.brandCode(integer): the brand code used in the lookup.response.consent.recipient(string): the recipient (phone or email); phone numbers come back with the+90prefix.response.consent.recipientType(string):BIREYSELorTACIR.response.consent.type(string): channel type —MESAJ,EPOSTA, orARAMA.response.consent.status(string): current registry status —ONAY(consent on file) orRET(rejected / opted out).response.consent.source(string): the channel through which consent was obtained (e.g.HS_WEB); one of thesourceenum values fromiys-register.response.consent.consentDate(string): when consent was obtained, formatYYYY-MM-DD HH:MM:SS, Turkey local time.
For the same
recipient + recipientType + typecombination, iletiMerkezi always returns the most recent record. If a customer first gaveONAYand laterRET, the response isstatus: "RET"; that is binding and commercial messages are not allowed.
Error responses
401 — Üyelik bilgileri hatalı ("Authentication failed")
API Key / Hash invalid, or the panel toggle is off. See authentication.md.
403 — Aktif abonelik bulunamadı ("No active subscription")
Your account has no active İYS subscription. The brand code (brandCode) is missing or the İYS service is inactive.
422 — İstekte gönderilen bazı değerler doğrulanamadı ("Validation failure on request values")
Common causes:
recipientis not a valid phone number or email.recipientTypeortypeis outside its allowed enum.brandCodeis empty or does not belong to your account.- No consent record exists for the recipient under this brand + type combination (recipient never registered).
The "no record" case is also surfaced as 422 (not a separate 4XX). Check whether
consent.statusis present in the response rather than parsing the message string.
Other error codes
For 400, 404: see error-codes.md.
Code samples
cURL
curl -X POST 'https://api.iletimerkezi.com/v1/consent/show/json' \
-H 'Content-Type: application/json' \
-d '{
"request": {
"authentication": {
"key": "'"$ILETIMERKEZI_API_KEY"'",
"hash": "'"$ILETIMERKEZI_API_HASH"'"
},
"consent": {
"brandCode": 1234,
"recipient": "+905XXXXXXXXX",
"recipientType": "BIREYSEL",
"type": "MESAJ"
}
}
}'Common pitfalls
status: "ONAY"means "legally allowed to send", not "always send".iys-checkonly tells you the registry's current state. Your application's own opt-out list, blacklist, frequency caps, and KVKK disclosure flow must run independently.status: "RET"is binding. Sending a commercial message to a recipient withRETis rejected bysend-sms(with codes 468 / 469 / 470) and exposes you to İYS complaints. CacheRETresults client-side and add a blocking guard.- Single-recipient endpoint — beware of bulk lookups. Calling once per record across a large customer list is slow and expensive. Practical pattern: keep the consent ledger on your side via
iys-register, and useiys-checkonly for audits or single-user verification. - Be careful with caching. A customer can issue
RETfrom the panel or a different channel; long-TTL caches create legal risk. Cap caches at 1 hour, or invalidate onRETcallbacks. recipientformat matters. For phone numbers,+905XXXXXXXXX,905XXXXXXXXX, and5XXXXXXXXXare accepted; for email, the full address. Wrong formats return 422; on success the+90prefix is restored.typeoverlaps withsend-sms.send-smsqueries İYS automatically when called withiys: "1"+iysList; if you don't need an explicit pre-check,iys-checkis optional. Use it only for audits, dashboards, or to verify state before failing.
Related
- İYS consent register (iys-register) — create the record
- Send SMS (send-sms) —
iys+iysListcommercial-send fields - Authentication
- Error code table
Last updated: 2026-04-30 · Türkçe