GDPR Standard web implementation (Legacy)

The IAB's Transparency and Consent Framework (TCF) was created in order to help digital advertising ecosystem comply with obligations under the GDPR and ePrivacy Directive. While Sourcepoint supports an implementation for organization's who wish to comply with the TCF, we also enable your organization to implement and manage end-user consent without having to sign on to the IAB TCF framework.  

In this article, we will cover how to implement a GDPR Standard web implementation so that your organization can create a consent experience that complies with your interpretation of GDPR that is not bound by the IAB TCF policy requirements.

GDPR Standard web implementation overview

The GDPR Standard web implementation is comprised of two scripts that are added to a property:

  Note: Unlike Sourcepoint's GDPR TCF web implementation, the Standard web implementation does not use the IAB stub file.

Client configuration code snippet

The first code snippet that should be added to your implementation contains your organization's specific account configuration parameters. This code snippet includes the necessary and optional parameters for your property to communicate with the Sourcepoint messaging platform and consent service libraries.

window._sp_ = {
config: {
accountId: 22,
baseEndpoint: '',

Currently, there are two required parameters to successfully deliver an end-user notification:

Required parameter Description
accountId The accountId value associates the property with your organization's Sourcepoint account. Your organization's accountId can be retrieved by contacting your Sourcepoint Account Manager or via the My Account page in your Sourcepoint account.
baseEndpoint is a single server endpoint that serves the GDPR messaging experience. The baseEndpoint can also be changed to a CNAME first-party subdomain in order to persist first-party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page.


  Note: While editing the baseEndpoint domain is optional, Sourcepoint highly recommends that it is edited by your organization. More information can be found at configuring a subdomain with a CNAME DNS Record.

URL to Sourcepoint JavaScript

The second code snippet is a URL that points to the Sourcepoint JavaScript SDK for a GDPR Standard web implementation. The URL for a GDPR Standard web implementation is as follows:

  Note: If your organization has edited the baseEndpoint with a CNAME DNS record you will also need to edit the URL for this code snippet to reflect the edit. Please follow the following format if necessary:

<script src="" async></script>

Optional implementation parameters

In the table below are all the parameters that can be included in your client configuration code snippet:

Optional parameter Description

Allows your organization to pass a consent identifier to Sourcepoint to be used with authenticated consent. Click here to learn more. 


Used to ensure that the purposes or stack names listed in a consent message remain in the same language regardless of an end-user's browser language setting. A list of two-letter codes is available here.

If this parameter is not present, stacks and purposes will appear according to the end-user's preferred browser language setting.

consentLanguage: "nl"

events Click here for all optional event callbacks that are supported by Sourcepoint for GDPR Standard web implementations.

Allows your organization to use the Privacy Manager ID for a property group's Privacy Manager ID.

Note: Call window._sp_.loadPrivacyManagerModal() without passing a parameter and the Privacy Manager that displays will be that property's version of the groupPmId Privacy Manager.


When set to true, will confirm the implementation for a single page application and will show a message only when window._sp_.executeMessaging(); is triggered.

Note: window._sp_.executeMessaging(); is supposed to be called on each (virtual) pageload. Click here for more information.


When set to true, will ensure that all directory regular expression functionality works in conjunction with the propertyHref parameter.

Note: The joinHref parameter is solely used to test your implementation across different servers while still allowing for URL RegEx matching.

propertyId Maps the message to a specific property (website, app, OTT) as set up in the Sourcepoint account dashboard.

Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard.

Note: Use the propertyHref parameter to spoof messaging campaigns onto a local environment.


Targeting params allow a developer to set arbitrary key/value pairs. These key/value pairs are sent to Sourcepoint servers where they can be used to take a decision within the scenario builder.

targetingParams: { 
key1: valueA,
key2: valueB


GDPR Standard web implementation example

window._sp_ = {
config: {
baseEndpoint: '',
events: {
onMessageReady: function () {
onMessageChoiceSelect: function (choice_id, choice_type_id) {
console.log('onMessageChoiceSelect choice_id: ', choice_id);
console.log('onMessageChoiceSelect choice_id: ', choice_type_id);
onPrivacyManagerAction: function (pmData) {
console.log('onPrivacyManagerAction', pmData)
onMessageChoiceError: function (err) {
console.log('onMessageChoiceError', err)
onConsentReady: function (consentUUID, euconsent) {
console.log('consentUUID', consentUUID)
console.log('euconsent', euconsent)
onPMCancel: function () {
onMessageReceiveData: function (data) {
console.log('onMessageReceiveData', data)
onSPPMObjectReady: function () {
targetingParams: {
test: 1
<script src="" async></script>
Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.