GDPR TCF setup and configuration (Legacy)

This article covers the implementation steps for an updated TCF onsite configuration that utilizes an improved CDN setup and cloud infrastructure. In comparison to previous versions this updated configuration provides the following benefits once implemented. 

  • Reduced risk of consent messaging being blocked by ad blockers
  • Improved performance in the delivery of first layer messages
  • Simplified implementation of optional CNAME strategy to improve the persistence of 1st party cookies in adverse browser environments.

If you wish to upgrade from a previous TCF configuration you will have to change your current Sourcepoint CNAME setup. The minimum version of the TCF client-side library is 1.1.3 and above. If you are hosting the client-side library in your own CDN you will have to update the library version in order to benefit from these improvements.

Overview

Implementing the Sourcepoint Consent Management Platform (CMP) for GDPR & TCF follows a simple two step process that enables publishers and website owners to get up and running with minimal time and resource investment. This document is a guide on how to configure the Sourcepoint code snippet that enables the display of TCF compliant user notifications as well as the syndication of consent signals to vendors through the TCF's onsite API. This guide provides details on the technical implementation steps, however your Sourcepoint account dashboard needs to be enabled for TCF before you can begin the implementation process. Please reach out to your account manager to learn more about this upcoming release and how to join the closed beta program.

Two step process to implement the GDPR & TCF code snippet

  1. Implementing the Sourcepoint GDPR & TCF page configuration.
  2. Setting up the message domain.

Below is the Sourcepoint’s GDPR & TCF JavaScript code-snippet which needs to be placed at the top of the HTML document and before any ad-tech related code snippets such as a header bidding script. It is strongly recommended to implement the Sourcepoint code snippet between the <head> tags of the HTML document to ensure the correct execution of vendor tags that depend on the timely availability of the consent signal.

//Example only. Please use stub file generated in Sourcepoint portal as it may have changed.
<script>
function _typeof(t){return(_typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}!function(){for(var t,e,o=[],n=window,r=n;r;){try{if(r.frames.__tcfapiLocator){t=r;break}}catch(t){}if(r===n.top)break;r=n.parent}t||(function t(){var e=n.document,o=!!n.frames.__tcfapiLocator;if(!o)if(e.body){var r=e.createElement("iframe");r.style.cssText="display:none",r.name="__tcfapiLocator",e.body.appendChild(r)}else setTimeout(t,5);return!o}(),n.__tcfapi=function(){for(var t=arguments.length,n=new Array(t),r=0;r<t;r++)n[r]=arguments[r];if(!n.length)return o;"setGdprApplies"===n[0]?n.length>3&&2===parseInt(n[1],10)&&"boolean"==typeof n[3]&&(e=n[3],"function"==typeof n[2]&&n[2]("set",!0)):"ping"===n[0]?"function"==typeof n[2]&&n[2]({gdprApplies:e,cmpLoaded:!1,cmpStatus:"stub"}):o.push(n)},n.addEventListener("message",(function(t){var e="string"==typeof t.data,o={};if(e)try{o=JSON.parse(t.data)}catch(t){}else o=t.data;var n="object"===_typeof(o)?o.__tcfapiCall:null;n&&window.__tcfapi(n.command,n.version,(function(o,r){var a={__tcfapiReturn:{returnValue:o,success:r,callId:n.callId}};t&&t.source&&t.source.postMessage&&t.source.postMessage(e?JSON.stringify(a):a,"*")}),n.parameter)}),!1))}();
</script>
<script>
        window._sp_ = {
            config: {
                accountId: ACCOUNT_ID_HERE,
                baseEndpoint: 'https://cdn.privacy-mgmt.com',
            }
        }
</script>
<script src="https://cdn.privacy-mgmt.com/wrapperMessagingWithoutDetection.js"></script>
  1. The first section of the snippet contains the so called IAB Stub file. The Stub file is defining the __tcfapi function to queue all calls into the CMP's onsite API to be released as soon as the consent information is available. It is important to have this script tag always at the top of the HTML document in the first position to avoid errors and failure of the service. To learn more about the IAB Stub file please refer to the IAB's TCF Technical Specifications.
  2. The second section of the snippet contains your account specific configuration parameters. This section sets up the parameters necessary for your website to communicate with the Sourcepoint messaging platform and establishes a communication channel with the Sourcepoint messaging and consent service libraries. In addition to the standard parameters in the example above, there are additional parameters that allow for JavaScript callbacks to be triggered for different customization purposes. For GDPR & TCF implementations there are currently two required paramameters to deliver a user notification successfully:
baseEndpoint

https://cdn.privacy-mgmt.com is a single server endpoint from where the messaging as well as the GDPR and TCF experience is served. The baseEndpoint can also be changed to a CNAMED 1st party subdomain in order to persist 1st party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page. Changing the baseEndpoint domain is optional but recommended.

  Note: If your organization has edited the baseEndpoint with a CNAME DNS Record you will also need to edit the URL for this wrapper URL. Please follow the following format if necessary:

<script src="https://client.domain.com/wrapperMessagingWithoutDetection.js"></script>

Previous versions of this documentation included the mmsDomain and wrapperAPIOrigin configuration parameters which have been replaced by the new baseEndpoint parameter for optimization reasons. This change is completely backwards compatible. However, it is recommended that older implementations move to the new parameter to benefit from the optimizations.

accountId
This parameter needs to be used to set the account ID you received from your Sourcepoint account manager - The ID associates your data and website with your account in the Sourcepoint dashboard.

In addition to the required parameters you can use following optional configuration parameters to tailor the implementation to your use case:

authId
Allows your organization to pass a consent identifier to Sourcepoint to be used with authenticated consent. Click here to learn more. 
window._sp_ = {
   config: {
      accountId: 1234,
      baseEndpoint: "https://cmp.clienturl.com",
      propertyHref: "https://uat.tomnews.com",
      authId: 123456
   }
}
authCookie
Allows your organization to configure a unique name for Sourcepoint's authId cookie. 
window._sp_ = {
   config: {
      accountId: 1234,
      baseEndpoint: "https://cmp.clienturl.com",
      propertyHref: "https://uat.tomnews.com",
      authCookie: "test_uuid"
   }
}
joinHref
When set to true, will ensure that all directory regular expression functionality works in conjunction with the propertyHref parameter. The joinHref parameter is solely used to test your implementation across different servers while still allowing for URL RegEx matching.
window._sp_ = {
   config: {
      accountId: 1234,
      baseEndpoint: "https://cmp.clienturl.com",
      propertyHref: "https://uat.tomnews.com",
      joinHref  : true
   }
}
Sourcepoint strongly recommends that joinHref is set to true to ensure full CMP functionality.
isSPA

When set to true, will confirm the implementation for a single page application and will show a message only when window._sp_.executeMessaging(); is triggered.

  Note: window._sp_.executeMessaging(); is supposed to be called on each (virtual) pageload

window._sp_ = {
   config: {
      accountId: 1234,
      baseEndpoint: "https://cmp.clienturl.com",
      isSPA  : true
   }
}
      
groupPmId

Allows your organization to use the privacy manager ID for the property group use of a property group's privacy manager ID.

  Note: Call window._sp_.loadPrivacyManagerModal() without passing a parameter and the privacy manager that displays will be that property's version of the groupPmId privacy manager.

propertyHref

Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard.

  Note: Use the propertyHref parameter to spoof messaging campaigns onto a local environment for testing or debugging.

propertyHref: "https://tom.sourcepoint.com",
propertyId
Maps the message to a specific property (website, app, OTT) as set up in Sourcepoint account dashboard.
targetingParams
This parameter enables you to create key-value pairs that can be used for targeting in the scenario builder in the Sourcepoint dashboard. Key-value pairs can be created in the following format:
targetingParams: {
                    key1: valueA,
                    key2: valueB
                }
Click here for more information on key-value pairs.
events
An array of events that allow JavaScript callbacks to be triggered. Please refer to the Optional Callback document to learn more about how to use events as part of your setup configuration.
consentLanguage

If you want to ensure that the purposes or stack names listed in a consent message to remain in the same language regardless of users browser language setting, you can set this using the consent language parameter. The parameter below would be added to the config section of the Sourcepoint tag and would set the language to Dutch.

consentLanguage: "nl"

If this parameter is not present, the stacks and purposes will appear according the user's preferred language. A list of two-letter codes is available at https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.