Analytics's REST API can also be used directly without using the JavaScript framework. The actual endpoint to use will be configured by Onesecondbefore.
This REST API endpoint can be used to store consent given by a user. There are two different versions depending on whether you know the TCF 2.2 consent string or not and whether you would like to retrieve one if it's unknown.
POST /consent HTTP/1.1
Host: ${ENDPOINT}
Content-Type: application/json; charset=utf-8
{
"aid": "...",
"sid": "...",
"url": "...",
"cduid": "...",
"consent": "...",
"tcstring": "...",
"version": "..."
}
POST /consent?iab=1 HTTP/1.1
Host: ${ENDPOINT}
Content-Type: application/json; charset=utf-8
{
"aid": "...",
"sid": "...",
"url": "...",
"consent": "...",
"cduid": "...",
"version": "..."
}
Request parameters
| name | type | required | description |
|---|---|---|---|
aid | JSON payload | Yes | Account id, similar to the one used in the JavaScript library. |
sid | JSON payload | No | Site id, similar to the one used in the JavaScript library, default "development". |
ns | JSON payload | No | Namespace, similar to the one used in the JavaScript library. |
url | JSON payload | Yes | The URL for which this consent applies. For mobile apps this might be the unique app identifier. |
consent | JSON payload | Yes | The consent string in a human readable format (if no tcstring is specified):
|
cduid | JSON payload | No | The unique identifier of the user, either IDFA / IDFV (for iOS), AAID (for Android). If not specified one will be generated in the response which should be stored and used subsequently, if necessary. |
version | JSON payload | No | The version of the consent that the user consented to. Used to distinguish different versions of the consents that were shown to the user, default 1. |
tcstring | JSON payload | No | If an IAB TCF string is known, this will be used to store consent rather than the consent payload variable. |
iab | Query string | No | If no tcstring is specified in the input and an encoded version based upon the specified consent payload variable is required, add the querystring parameter ?iab=1 |
The response is in JSON format.
Content-Type: application/json; charset=utf-8
{
"cduid": "${CROSS_DOMAIN_USER_ID}",
"consent": "${CONSENT}",
"tcstring": "${TCSTRING}"
}
Response parameters
| name | description |
|---|---|
cduid | The cross-domain user-id (IDFA / IDFV for iOS, AAID for Android) if specified in the request, or a newly generated one if not specified. Value should be stored locally (in the app) for subsequent use. |
consent | The consent as given in the payload request |
tcstring | The tcstring as either given in the payload request, or calculated based upon the consent JSON payload input when ?iab=1 is specified in the request. |
Request:
POST /consent HTTP/1.1
Host: privacy.example.com
Content-Type: application/json; charset=utf-8
{
"aid": "cmp",
"sid": "example-web",
"url": "https://www.example.com",
"consent": "all",
"tcstring": "AAAAAAAAAAAAFjAAAENAAAAAP_AAP_AACiQAAAAAAAA",
"cduid": "983f52a9-3ba1-4acb-86c0-f8f311d69adf",
"version": 1
}Response:
Content-Type: application/json; charset=utf-8
{
"consent": "all",
"cduid": "983f52a9-3ba1-4acb-86c0-f8f311d69adf"
}
Request:
POST /consent HTTP/1.1
Host: privacy.example.com
Content-Type: application/json; charset=utf-8
{
"aid": "cmp",
"sid": "example-web",
"url": "https://www.example.com",
"consent": "none",
"cduid": "983f52a9-3ba1-4acb-86c0-f8f311d69adf",
"version": 1
}Response:
Content-Type: application/json; charset=utf-8
{
"consent": "none",
"cduid": "not-accepted"
}
Include IAB TCString in response for purposes 2, 7 and 9. No cduid in request
Request:
POST /consent?iab=1 HTTP/1.1
Host: privacy.example.com
Content-Type: application/json; charset=utf-8
{
"aid": "cmp",
"sid": "example-app",
"url": "https://example.app",
"consent": "2,7,9"
}Response:
Content-Type: application/json; charset=utf-8
{
"consent": "2,7,9",
"cduid": "1c27f400-d90b-4577-a27d-c7dcdab22431",
"tcstring": "CAAAAAAAAAAAAFjABBNLAACgAEKAAEKAABpYAAAAAAAA"
}