Opt-out all for end-user consent profile with Sourcepoint API (U.S. Privacy - CCPA)

April 17, 2023 13:45

Sourcepoint offers your organization an API that allows your organization to opt-out of all vendors and purposes for an end-user's consent profile within the U.S. Privacy - CCPA legislative framework. This API can be called by server-side code or through a third-party service like Postman.

An end-user's consent profile can be opted-out of all vendors and purposes for the U.S. Privacy - CCPA legislative framework using the ccpaUUID or authId value.

API endpoint
Example implementation
API response

API endpoint

The API endpoint to delete an end-user's consent information using ccpaUUID or authId are as follows:

Opt-out all with ccpaUUID

The API endpoint to opt-out of all vendors and purpose for an end-user's consent profile using ccpaUUID is:

POST https://cdn.privacy-mgmt.com/ccpa/ccpa/consent/{_SITE_ID_}/reject-all?ccpaUUID={_ccpaUUID_}

This API endpoint has two placeholders that need to be replaced with the correct values:

A property's site ID {_SITE_ID_}
The cookie ccpaUUID {_ccpaUUID_}

Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.

The ccpaUUID value can be retrieved from the first-party cookie ccpaUUID.

Opt-out all with authId

The API endpoint to opt-out of all vendors and purpose for an end-user's consent profile using authId is:

POST https://cdn.privacy-mgmt.com/ccpa/ccpa/consent/{_SITE_ID}/reject-all?authId={_AUTH_ID_}

This API endpoint has two placeholders that need to be replaced with the correct values:

A property's site ID {_SITE_ID_}
The authenticated id {_AUTH_ID_}

Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.

The authenticated id value can be retrieved from the first-party cookie authId.

Example implementation

Your organization can call the API endpoint using a server-side script or a third-party service like Postman.

Your organization can use a third-party service like Postman to opt an end-user's consent profile out of all vendors and purposes.

Use the POST method and provide the correct API endpoint address and values for site id, and consentUUID, or authId.

API response

The API will return the following response if the request to opt-out of all vendors and purposes for the end-user's consent profile has been successful.

Notably, the rejectedAll property should have a true value and the status property should have a "rejectedAll" value in the userConsent object.

Key	Type	Value
`userConsent`	Object	See below for the properties in the `userConsent` object.
`newUser`	Boolean	Is the end-user a new user to the property?
`ccpaApplies`	Boolean	Does CCPA apply in this situation?
`signedLspa`	Boolean	Are any vendors a part of LSPA?
`dateCreated`	String	The time the reject all request was performed resulting in the updated end-user consent profile.
`expirationDate`	String	When the end-user's consent profile expires.
`cookies`	Array	Cookies created/updated
`actions`	Array	Reject actions configured for vendors and/or purposes that triggered.

`userConsent` object

Key	Type	Value
`consentedAll`	Boolean	Has the end-user's consent profile consented to all vendors and purposes on the vendor list?
`rejectedAll`	Boolean	Has the end-user's consent profile opted-out of all vendors and purposes on the vendor list?
`rejectedVendors`	Array	The specific vendors to which an end-user has opted-out. Only returns a response when an end-user has partial consent (i.e. end-user has opted-out of some but not all vendors).
`rejectedCategories`	Array	The specific purposes to which an end-user has opted-out. Only returns a response when an end-user has partial consent (i.e. end-user has opted-out of some but not all purposes).
`status`	String	The consent status for the end-user's consent profile
`ccpaUUID`	String	Represents the user's unique id for which a consent profile is stored against

{
    "userConsent": {
        "consentedAll": false,
        "rejectedAll": true,
        "rejectedVendors": [],
        "rejectedCategories": [],
        "status": "rejectedAll",
        "ccpaUUID": "12345678-abcd-1234-abc-abcdefghij"
    },
    "ccpaApplies": true,
    "signedLspa": false,
    "dateCreated": "2023-04-14T17:21:56.797Z",
    "expirationDate": "2024-04-13T17:21:56.797Z",
    "cookies": [
        {
            "key": "ccpaReject",
            "value": true,
            "setPath": true,
            "maxAge": 31536000
        },
        {
            "key": "ccpaConsentAll",
            "value": false,
            "setPath": true,
            "maxAge": 31536000
        },
        {
            "key": "consentStatus",
            "value": "rejectedAll",
            "setPath": true,
            "maxAge": 31536000
        },
        {
            "key": "ccpaUUID",
            "value": "12345678-abcd-1234-abc-abcdefghij",
            "setPath": true,
            "maxAge": 31536000
        }
    ],
    "actions": []
}

As an additional check that the end-user's consent profile is opted-out of all vendors and purposes, calling the API command to request the end-user's uspString should return Y for the third character (Has the end-user opted-out of the sale of his or her personal information?).

{
dateCreated: "2023-04-14T14:58:26.750Z"
gpcEnabled: undefined
newUser: false
uspString: "1YYN"
version: 1
}

Was this article helpful?

0 out of 0 found this helpful

Opt-out all for end-user consent profile with Sourcepoint API (U.S. Privacy - CCPA)

API endpoint

Example implementation

API response

userConsent object

Articles in this section

`userConsent` object