Migrating from the Legacy SDK to the CMP API
This page is only relevant if you are using a legacy SDK and need to adopt the CMP API solution.
If your app is using the legacy HTML5 SDK and you need to move to the Server-Side CMP API, follow the steps below to migrate consent from the SDK to the server-side solution.
See here for implementation guidance on the CMP API.
1. Replace the Legacy SDK with the OneTrust CMP API
Consent data stored in local storage from the legacy SDK should be intact.
2. Migration Process
The app will need to create an OT-Consent-String based on the previously stored consent data along with a few additional parameters to persist consent.
For more information about the
OT-Consent-String, see Persisting Consent.
2.1. Create the Consent Object
Create a Consent object and populate it with data from the ONETRUST_WEB_STORE from local storage.
const ONETRUST_WEB_STORE = window.localStorage.getItem('ONETRUST_WEB_STORE');
Const consentObject = {
shouldShowBanner: localStorage.getItem("shouldshowBanner"),
lastLaunchDate: getTimestamp(ONETRUST_PROFILE_RESPONSE.info.lastLaunch.date),
appId: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.applicationId,
cdn: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.location,
isAnonymous: userData.ANONYMOUS,
dsId: userData.DSID,
lastConsentDate: userData.CREATED_TIME_STAMP,
identifierType: IF userData.ANONYMOUS THEN.ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultAnonymousIdentifier ELSE ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultIdentifier,
expiryDate: "",
groupConsents: {}, // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference
groupLIConsents: {} // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference
}
Example Consent Object:
{
"shouldShowBanner": 0,
"lastLaunchDate": 1695200000000,
"appId": "sample-app-id",
"cdn": "cdn-location",
"isAnonymous": 0,
"dsId": "sample-dsid",
"lastConsentDate": 1695205000000,
"identifierType": "DefaultIdentifier",
"expiryDate": "",
"groupConsents": {
"group1": 1,
"group2": 0
},
"groupLIConsents": {
"group3": 1,
"group4": 1
}
}
2.2. Encode the Consent Object
Convert the consent object into a base64 string.
Pseudo-code
const encoder = new TextEncoder();
const uint8Array = encoder.encode(JSON.stringify(consentObject));
const base64Encoded = btoa(String.fromCharCode(...Array.from(uint8Array)));
3. Pass the Encoded String into the CMP API Header
Based on implementation guidance here, pass the encoded string in the API call as a header.
3.1 (Optional, only if using IAB TCF or GPP) Retrieve IAB Consent Strings
If you are using IAB TCF or IAB GPP, pass in these additional headers:
- TC String -
IABTCF_TCString - Additional Consent String -
IABTCF_AddtlConsent - OT-Gpp-String -
gppString
TC String and Additional Consent String are stored in the CONSENT object of ONETRUST_WEB_STORE. The GPP String is stored under IABGPP_HDR_GppString.
consentData = JSON.parse(userData.CONSENT)
tcString = consentData.tcf[0].token
addConsent = consentData.tcf[0].encodedList.IABTCF_AddtlConsent
gppString = window.localStorage.getItem('IABGPP_HDR_GppString')
Sample request:
curl --location 'https://mobile-data.onetrust.io/cfw/cmp/v1/banner' \
--header 'OT-CDN-Location: cdnLocation' \
--header 'OT-App-Id: appID' \
--header 'OT-Device-Type: mobile' \
--header 'OT-SDK-Version: sdkVersion' \
--header 'OT-Language: en' \
--header 'OT-Tcf-Eu2v2-Consent-String: tcString' \
--header 'OT-Gpp-String: gppString' \
--header 'OT-Addtl-Consent-String: addtlString'
Updated 10 days ago