Sourcepoint offers your organization additional commands that can be used for GDPR Standard web implementation. This provides a level of consistency and feature overlap between IAB TCF and GDPR Standard integrations.
The postCustomConsent command can be used to edit a user's consent profile by granting consent for specified vendors, categories (purposes) and legitimate interest categories (purposes).
Use Case
Apply vendor-specific consent experiences to handle social media plugins. Or apply consent because an end-user accepts the website's T&Cs or a contract provided by a publisher or advertiser.
postCustomConsent command
The command returns a JSON object that contains information on the purposes attributed to each vendor and their legal basis. Below is the format of the postCustomConsent command.
Your organization can call the command through the browser console, using a server-side script or a third party service like Postman.
| Name | Parameter | Description |
| site id | site_id |
The site id for your property. See note below. Required. |
| consent UUID | consentUUID |
The consent UUID value of the end-user. This value can be retrieved from the consentUUID cookie. Required. |
| vendors ids | vendors |
List of vendor IDs your organization wish to update to 'consent'. Comma delimited. Optional. |
| purpose ids | categories | List of purpose IDs your organization wish to update to 'consent'. Comma delimited. Optional. |
| legitimate interest purpose ids | legIntCategories |
List of legitimate interest purpose IDs your organization wish to update to 'consent'. Comma delimited. Optional. |
window._sp_.gdpr.postCustomConsent(callback function,[vendors ids],[purpose ids],[legitimate interest purposes ids])
//call the postCustomConsent command to provide consent for two vendors for five purposes, both vendors and purposes are specified by their ids
window._sp_.gdpr.postCustomConsent((vendorConsents, success) => console.log(vendorConsents, success), ["5f3bc0d7b8e05c606f3dfc27", "5e7ced57b8e05c47e418b73c"], ["60925aa29ccb1d3420efabf7", "60925aa29ccb1d3420efac05", "60925aa29ccb1d3420efac12", "60925aa29ccb1d3420efac20", "60925aa29ccb1d3420efac2e"], [] );
Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.
Your organization can use a third party service like Postman to retrieve the vendor url mapping. You will need to provide the correct API endpoint address and values for siteID, consentUUID, list of vendor ids and ids for any purposes or legitimate interest.
https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/custom/{SITE_ID}?consentUUID={CONSENT_UUID}
Note: The site ID value is the same as the Property ID and can be found on the Properties page inline with the property name.
<?php
$site_id = "XXXXX";
$consentUUID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXX";
$api_endpoint = "https://cdn.privacy-mgmt.com/consent/tcfv2/consent/v3/custom/".$site_id."?consentUUID=".$consentUUID;
$handle = curl_init($api_endpoint);
$fileHandle = fopen("post_custom_consent.json", "w");
/* If you encounter an 'SSL certificate problem: unable to get local issuer certificate' then enable the following two lines */
/* This is NOT recommended as a solution and should only be used as a quick and temporary fix */
//curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);
//curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($handle, CURLOPT_BUFFERSIZE, 84000);
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "POST");
$post_body = array ( "vendors" => array( "{VENDOR_ID_1}", "{VENDOR_ID_2}", "{VENDOR_ID_3}", "{VENDOR_ID_4}", ... ),
"categories" => array( "{PURPOSE_ID_1}", "{PURPOSE_ID_2}", "{PURPOSE_ID_3}", ... ),
"legIntCategories" => array( "{LEGIT_INTEREST_ID_1}", "{LEGIT_INTEREST_ID_2}", "{LEGIT_INTEREST_ID_3}", ... )
);
$json_string = json_encode($post_body);
curl_setopt($handle, CURLOPT_POSTFIELDS, $json_string);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_HTTPHEADER, array (
'Content-Type: application/json',
'Content-Length: ' . strlen($json_string))
);
curl_setopt($handle, CURLOPT_FILE, $fileHandle);
curl_exec($handle);
curl_close($handle);
fclose($fileHandle);
?>postCustomConsent response
The response is a JSON object that contains the updated consent data and is divided into six objects:
categories
The categories object lists the purpose ids marked as 'consent' after the API call. The output format is as follows:
categories: ["purpose id 1", "purpose id 2", ...]//list of purpose ids
categories:
0: "5ff4ca88f485275018dd8b9e"
1: "5ff4ca88f485275018dd8b99"
2: "5ff4ca88f485275018dd8ba3"
//number of purpose ids
length: 3legInt Categories
The legitimate interest categories object lists the legitimate interest purpose ids marked as 'consent' after the API call. The output format is as follows:
legIntCategories: ["purpose id 1", "purpose id 2", ...]//list of legitimate interest purpose ids
legIntCategories:
0: "5ff4ca88f485275018dd8b99"
1: "5ff4ca88f485275018dd8ba3"
2: "5f3a3e66ee0a81887437291c"
3: "5fd78083fc186126cb9fabad"
//number of legitimate interest purpose ids
length: 4consentedVendorResponse
The consentedVendors object lists the vendors marked as 'consent' after the API call. The output format is as follows:
| Parameter | Description |
_id |
Vendor ID |
name |
The vendor name |
vendorType |
Does the vendor belong to the IAB or to another affiliation |
//list of vendor ids, their names and vendor type "CUSTOM" or "IAB"
consentedVendors:
0: {_id: "5f44223409125a7ed754367e", name: "Ceros", vendorType: "CUSTOM"}
1: {_id: "5fd78083fc186126cb9fabad", name: "media control GmbH", vendorType: "CUSTOM"}
2: {_id: "5f3a3e66ee0a81887437291c", name: "Trivago", vendorType: "CUSTOM"}
3: {_id: "5f3a3e66ee0a81887437291c", name: "Trivago", vendorType: "CUSTOM"}
4: {_id: "5fd78083fc186126cb9fabad", name: "media control GmbH", vendorType: "CUSTOM"}
//number of vendors consented to
length: 5 grants
The grants object lists the updated purpose ids for each vendor after the API call. The grants are listed as follows:
| Parameter | Description |
vendor_id |
Vendor ID |
purpose_id |
Purpose ID |
status |
Status is true if consent applies to the end-user. |
vendorGrant |
• Status is true if consent is given for all purposes for a vendor • Status is false if consent for one or more purposes are not given to the vendor. |
grants: vendor_id: purposeGrants: { "purpose_id 1": status, "purpose_id 2": status, ...}, vendorGrant: statusThe vendorGrant status is set to true if consent has been granted to all purposes assigned to a vendor. If consent is denied for one or more purposes then the vendorGrant status is set to false.
//list of vendor grants. for each vendor, list of purpose ids and if consent has been granted to each purpose
grants:
5f3a3e66ee0a81887437291c:
purposeGrants:
5ff4ca88f485275018dd8b9e: true
5ff4ca88f485275018dd8b99: true
5ff4ca88f485275018dd8ba3: true
//vendorGrant is true if end-user has consented to all purposes for a vendor
vendorGrant: truevendors
The vendors object lists the vendor ids given consent after the API call. The output format is as follows:
vendors: ["vendor id 1", "vendor id 2", ...]//list of vendors approved by the end-user
vendors:
0: "5f44223409125a7ed754367e"
1: "5fd78083fc186126cb9fabad"
2: "5f3a3e66ee0a81887437291c"
//number of approved vendors
length: 3legInt Vendors
The legitimate interest vendors object lists the legitimate interest vendor ids given consent after the API call. The output format is as follows:
legIntVendors: ["vendor id 1", "vendor id 2", ...]//list of legitimate interest vendors approved by the end-user
legIntVendors:
0: "5f3a3e66ee0a81887437291c"
1: "5fd78083fc186126cb9fabad"
//number of approved legitimate interest vendors
length: 2