Sourcepoint offers your organization an API to delete consent records from its data storage to satisfy the end-user's right to be forgotten. This API can be called by server-side code or through a third-party service like Postman.
An end-user's consent information can be deleted using the consentUUID or authId value.
API endpoint
The API endpoints to delete an end-user's consent information using consentUUID or authId are as follows:
consentUUIDThe API endpoint to delete an end-user's consent information using consentUUID is:
https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/{__SITE_ID__}?consentUUID={__CONSENT_UUID__}
This API endpoint has two placeholders that need to be replaced with the correct values:
- A property's site ID
{__SITE_ID__} - The cookie consentUUID
{__CONSENT_UUID__}
Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.
The consentUUID value can be retrieved from the first-party cookie consentUUID.
authIdThis API endpoint has two placeholders that need to be replaced with the correct values:
- A property's site id
{__SITE_ID__} - The authenticated id
{__AUTH_ID__}
https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/{__SITE_ID__}?authId={__AUTH_ID__}Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.
The authenticated id value can be retrieved from the first-party cookie authId.
Example implementation
Your organization can call the API endpoint using a serve- side script or a third-party service like Postman.
Your organization could use a server side script using code similar to the following PHP example to delete an end-user's consent status. You will need to provide the correct values for site id and consentUUID in the script.
<?php
$site_id = YYYY;
$consent_uuid = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX";
$api_endpoint = "https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/".$site_id."?consentUUID=".$consent_uuid;
$handle = curl_init($api_endpoint);
$fileHandle = fopen("delete_permission.json", "w");
/* If you encounter an 'SSL certificate problem: unable to get local issuer certificate' then enable the following two lines */
/* This is NOT recommended as a solution and should only be used as a quick and temporary fix */
//curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);
//curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "DELETE");
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_FILE, $fileHandle);
curl_exec($handle);
curl_close($handle);
fclose($fileHandle);
?>Your organization can use a third party service like Postman to delete an end-user's consent status.
Use the DELETE method and provide the correct API endpoint address and values for site ID and consentUUID to delete an end-user's consent status.
API response
The API will return the following response if the request to delete the end-user's consent status history has been successful.
| JSON response |
|
Furthermore, by calling the API command to request the end-user's consent status history the returned response should be empty. This is an additional check that the end-user's wish has been complied with.