Skip to main content
Click is Winnerr’s clickwrap consent module. It handles high-volume, lower-risk acknowledgments that need a verifiable record but do not need a full wet signature—buyer-representation acknowledgments, CASL marketing consent, disclosure acknowledgments, and FINTRAC/PIPEDA consent receipts. Every acceptance is stored with the IP address, user agent, timestamp, and the exact version of the agreement text that was accepted. The acceptance record is immutable—it is never updated or deleted.

How it works

  1. Publish an agreement. An agent or admin creates an agreement with a stable key, a title, and the agreement body text. The body is SHA-256 hashed to produce a versionHash. If you update the body text, a new version is created automatically—the prior acceptances remain linked to the version they accepted.
  2. Embed the consent widget. The agreement’s id is embedded in a link or a small consent widget (the public /consent/:agreementId page). Recipients open the page, read the agreement, and click to accept.
  3. Acceptance is recorded. The public capture endpoint records an immutable ClickwrapAcceptance row: the agreementId, the versionHash of the exact text accepted, the IP address, the user agent, and the timestamp.
  4. Review the log. From the agent side, the acceptance log for any agreement is available via the API (GET /api/clickwrap/:agreementId/acceptances). Each row shows who accepted, when, and which version they accepted.

Agreement versioning

The version of an agreement is the SHA-256 hash of its body text. Changing a single character produces a new versionHash. Because acceptances store the versionHash alongside the timestamp, you always know exactly which text a recipient agreed to—even if the agreement has since been updated. Old versions of an agreement’s text are not deleted; they remain linked to the acceptances that reference them.

Typical use cases for Ontario real estate

  • Buyer-representation acknowledgment — the client confirms they have received and read the Buyer Representation Agreement before you begin working with them.
  • CASL marketing consent — recipients confirm they consent to receive electronic marketing communications, with a dated, versioned record for compliance.
  • Disclosure acknowledgment — clients confirm they have received a material fact disclosure or FINTRAC identification receipt.
  • Terms of service — clients accept your brokerage’s portal or service terms.

Rate limits

The public capture endpoint (/api/public/clickwrap/:agreementId) is rate-limited to 60 acceptance submissions per IP per minute. The agreement-read endpoint is limited to 120 requests per IP per minute. These limits protect against automated abuse while supporting normal batch-consent flows.

Signer page

The public consent page is at /consent/:agreementId in the Winnerr app. It is:
  • Unauthenticated—no Winnerr account required.
  • Mobile-friendly.
  • Accessible by default (keyboard navigable, ARIA-labeled, AA contrast).
Redirecting recipients to this page is the simplest integration. For embedded consent (inline on your own site), use the public API directly and render your own UI.
  • Click API endpoints — publish agreements, read the acceptance log, and the public capture endpoints.
  • Sign — for documents that need a legal-grade signature rather than a clickwrap acceptance.