Initialize the SDK
Overview
The SDK retrieves an object that contains all the data needed to present a UI to the end user and collect consent for the categories/purposes used in your application. The data returned is determined by the configurations made in the OneTrust admin console (tenant).
Before proceeding, make sure that the SDK Data has been published in your OneTrust Admin Portal (tenant). If the data has not been published at least once, the SDK will return an error as there's no data to retrieve. For more information, please review our Publishing the SDK documentation.
- Add the script tag to the body of your
index.htmlfile to callonetrust.js.
<body>
<div id="root"></div>
<script src="onetrust.js"></script>
</body>
- Call
OneTrust.startSDK()and pass in the appropriate header values:
const oneTrustHeaders = {
'OT-CDN-Location': '',
'OT-APP-Id': '',
'OT-Language': '',
'OT-SDK-Version': '',
'OT-Device-Type': '',
'OT-Country-Code': '',//optional
'OT-Region-Code': '' //optional
}
OneTrust.startSDK(oneTrustHeaders, function (status, response, error) {
console.log('Download Status: ' + status);
if (status !== 200 || error) {
console.log('Download Error: ' + JSON.stringify(error));
return;
}
console.log('Response: ' + JSON.stringify(response));
return;
});
Parameters
| Parameter | Description | Required | Location |
|---|---|---|---|
| OT-CDN-Location | The CDN location for the JSON that the SDK fetches. (Usually, but not always, cdn.cookielaw.org) | Yes | OneTrust Admin Console/Tenant |
| OT-APP-Id | The Application ID of your app (retrieved from OneTrust Admin console) | Yes | OneTrust Admin Console/Tenant |
| OT-Language | 2-digit or 4-digit (in the case of advanced languages) ISO language code used to return content in a specific language. Note: Any language code format which is not listed in OneTrust environment will be considered as an invalid input. If the language code passed by your application is valid but does not match a language configuration enabled for your template, the SDK will return content in the default language configured (usually, but not always, English). | Yes | OneTrust Admin Console/Tenant |
| OT-SDK-Version | Version of the SDK data to retrieve. Should be (but not always) the version of the SDK used. | Yes | OneTrust Admin Console/Tenant |
| OT-Device-Type | Type of the device (mobile or ctv) | Yes | Developer defined |
| OT-Country-Code | Two-letter ISO 3166-2 country code. This can be used to bypass the automatic IP lookup performed by the SDK. | Optional | Developer defined |
| OT-Region-Code | Two-letter ISO state code (mostly for US states only) | Optional | Developer defined |
| Callback | The callback returns the status of the call, response payload, and error (if any). | Yes | Developer defined |
Passing Custom Geolocation
By default, the SDK determines a country and region code for a user based on an IP lookup to deliver a certain consent experience. If you choose to perform your own geolocation lookup, you can pass in the location codes by using the OT-Country-Code and/or theOT-Region-Code parameters mentioned above.
Cross Device Consent
Cross Device Consent is an optional feature and may require additional licensing depending your current cloud subscription. If this is not in scope for your implementation, disregard this section.
For more information, see Cross Domain and Cross Device Consent.
These parameters are not required for setting up the SDK to fetch and display the Banner and Preference Center UI.
If you are enabling the Cross Device Consent functionality, each of these parameters are required to fetch and sync user profile data from OneTrust servers.
| Parameter | Description | Required for Cross Device? |
|---|---|---|
| OT-Fetch-Type | Sets the fetch type header for cross device functionality. Set to APP_DATA_AND_SYNC_PROFILE | Yes |
| OT-Sync-Profile-Auth | Use this to pass the signed JWT required to perform Cross Device. | Yes |
| OT-Identifier | Sets the identifier value used to create/retrieve a user profile server-side. | Yes |
| OT-Identifier-Type | Identifier type for Unified Profile | Only if using Unified Profile |
The Unified Profile feature is supported on this platform. For more information, see Unified Profile.
const oneTrustHeaders = {
...
// Cross Device Consent parameters
'OT-Fetch-Type': 'APP_DATA_AND_SYNC_PROFILE'
'OT-Sync-Profile-Auth': '[Insert JWT Token Here]',
'OT-Identifier': '[Insert User ID Here]',
'OT-Identifier-Type': '[Insert Identifier Type Here]'//only needed if using Unified Profile
}
startSDK();
Cross device consent profiles are fetched as part of the OneTrust.startSDK() call. The same headers will be used to update or create a consent profile as the user dismisses the OneTrust UI.
The Get Data Subject's Preferences API can be used to retrieve user consent preferences.
FAQs
Does the client need to implement a backend component for generating JWTs for OneTrust? Does OneTrust have any recommendations/advice on that matter?
As a security best practice, we recommend using a backend for generating JWTs as OneTrust does not support this functionality today. The JWT.io site has a lot of great resources if you scroll down the page.
Are different JWTs used for different types of users? (i.e. web vs. mobile vs. CTV)
No, a JWT is user-specific and tied to their unique identifier. Since you are likely using the same identifier to sync a user's consent between mobile to CTV or web to CTV, there is no need to change the JWT auth token in this scenario.
Updated 4 days ago