Delete end-user consent data history

Sourcepoint offers your organization an API to delete consent records from its data storage to satisfy the end-user's right to be forgotten. This API can be called by server-side code or through a third-party service like Postman.

An end-user's consent information can be deleted using the consentUUID or authId value.


API endpoint

The API endpoints to delete an end-user's consent information using consentUUID or authId are as follows:

Delete end-user consent status with consentUUID

The API endpoint to delete an end-user's consent information using consentUUID is:

https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/{__SITE_ID__}?consentUUID={__CONSENT_UUID__}

This API endpoint has two placeholders that need to be replaced with the correct values:

  • A property's site ID {__SITE_ID__}
  • The cookie consentUUID {__CONSENT_UUID__}

  Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.

Screen_Shot_2022-08-22_at_11_18_49_AM.jpg

The consentUUID value can be retrieved from the first-party cookie consentUUID.

Delete end-user consent status with authId

This API endpoint has two placeholders that need to be replaced with the correct values:

  • A property's site id {__SITE_ID__}
  • The authenticated id {__AUTH_ID__}
https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/{__SITE_ID__}?authId={__AUTH_ID__}

  Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.

Screen_Shot_2022-08-22_at_11_18_49_AM.jpg

The authenticated id value can be retrieved from the first-party cookie authId.


Example implementation

Your organization can call the API endpoint using a serve- side script or a third-party service like Postman.

Server-side script (PHP example) Using Postman

Your organization could use a server side script using code similar to the following PHP example to delete an end-user's consent status. You will need to provide the correct values for site id and consentUUID in the script.

<?php
    
$site_id = YYYY;
$consent_uuid = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX";
$api_endpoint = "https://sourcepoint.mgr.consensu.org/tcfv2/consent/v3/".$site_id."?consentUUID=".$consent_uuid;
$handle = curl_init($api_endpoint);
$fileHandle = fopen("delete_permission.json", "w");

/* If you encounter an 'SSL certificate problem: unable to get local issuer certificate' then enable the following two lines */
/* This is NOT recommended as a solution and should only be used as a quick and temporary fix */
//curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);
//curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, 0); 

curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "DELETE");
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_FILE, $fileHandle);

curl_exec($handle);

curl_close($handle);
fclose($fileHandle);

?>

API response

The API will return the following response if the request to delete the end-user's consent status history has been successful.

The JSON response
{
    "n": 1,
    "ok": 1,
    "deletedCount": 1
}

Furthermore, by calling the API command to request the end-user's consent status history the returned response should be empty. This is an additional check that the end-user's wish has been complied with.

Was this article helpful?
0 out of 0 found this helpful