Initialize the SDK
Overview
The OneTrust SDK retrieves all the data needed to display the CMP UI and collect consent for the purposes, vendors and SDKs used by the application. The data returned is determined by the configurations made in the OneTrust tenant/admin console.
Before the SDK can be successfully initialized, ensure that the appropriate SDK data version has been published in the OneTrust tenant/admin console. If it has not been published, there will be no data to retrieve.
For more information on instructions, see Publish Changes.
Start the SDK
startSDK() initializes the SDK and fetches all the data necessary to render the UI and collect consent. It's part of the OTinitialize component.
The app will need to declare the necessary sdkParams first before calling startSDK. See the code snippet and parameters table below for more detail.
' declare OTsdk as a global method to access its functions across all scenes
' this can be declared locally as well
m.global.Addfield("OTsdk", "node", false)
' this makes SDK methods available
m.global.OTsdk = CreateObject("roSGNode", "OTinitialize")
function getOTsdkParams() as object
sdkParams = {}
sdkParams.applicationId = "appId"
sdkParams.version = "sdkVersion"
sdkParams.location = "cdnLocation"
sdkParams.language = "languageCode"
sdkParams.countryCode = "countryCode" ' optional
sdkParams.regionCode = "regionCode" ' optional
return sdkParams
end function
sdkParams = getOTsdkParams()
m.global.OTsdk.eventlistener.observeField("dataDownloadSucess", "eventlistener")
m.global.OTsdk.callFunc("startSDK", sdkParams)
sdkParams parameters:
| Parameter | Description | Required |
|---|---|---|
applicationId | The Application ID (retrieved from OneTrust admin console) You can retrieve this from your OneTrust tenant > Mobile App Consent > SDKs > Your App > Instructions. A test and production app ID is available for staging and production. | Yes |
version | Version of the app API data to retrieve. Usually the same as the SDK version in use | Yes |
location | CDN location where data needs to be fetched. (Usually, but not always, cdn.cookielaw.org. You can retrieve this from your OneTrust tenant > Mobile App Consent > SDKs > Your App > Instructions. | Yes |
language | 2-digit or 4-digit (in the case of advanced languages) ISO language code used to return content in a specific langauge. Note: Any language code format not listed in the OneTrust environment will be considered as an invalid input. Note: If the languageCode passed by your application is valid, but does not match a language configuration added in your template, the SDK will return content in the default language configured (usually, but not always, English). | Yes |
countryCode | Two-letter ISO 3166-2 country code. This can be used to bypass the automatic geo-ip lookup performed by the SDK. | No |
regionCode | Two-letter state code used alongside countryCode. | No |
Best Practices and Things to Know
- We recommended calling startSDKon every app launch to ensure data is fetched regularly
- The call will fail if there are internet connectivity issues or an invalid location/applicationId/language is passed
Cross Device Consent
Cross Device Consent is an optional feature. These parameters are not required for initializing the SDK.
If you are implementing the Cross Device Consent functionality, each of the sdkParams parameters below are required to be passed to the startSDK() method to sync user profile data with OneTrust servers.
' cross device consent specific parameters
sdkParams.shouldCreateProfile = true
sdkParams.identifier = ""
sdkParams.syncProfile = true
sdkParams.syncProfileAuth = ""
' example usage reference
function getOTsdkParams() as object
sdkParams = {}
sdkParams.applicationId = "appId"
sdkParams.version = "sdkVersion"
sdkParams.location = "cdnLocation"
sdkParams.language = "languageCode"
sdkParams.countryCode = "countryCode" ' optional
sdkParams.regionCode = "regionCode" ' optional
sdkParams.shouldCreateProfile = true
sdkParams.identifier = ""
sdkParams.syncProfile = true
sdkParams.syncProfileAuth = ""
return sdkParams
end function
sdkParams = getOTsdkParams()
m.global.OTsdk.callFunc("startSDK", sdkParams)
| Parameter | Description | Required for Cross Device |
|---|---|---|
shouldCreateProfile | When set to true, the SDK will create data subject profiles for use with Cross Device Consent. If Cross Device Consent is not in scope, disregard this. | Yes |
identifier | Sets the identifier value used to fetch or create a user profile server-side. | Yes |
syncProfile | Set to true to enable cross device profile syncing. | Yes |
syncProfileAuth | Sets the JWT to authenticate your request to fetch user profiles. | Yes |
Note: Unified Profile is not supported yet as of 202505.2.0
For more information and best practices on Cross Device Consent, see Cross Domain and Cross Device Consent.
For implementation guidance on moving from an anonymous to known state, see: Override Server Consent.
Instant Resume
If your app supports Instant Resume, ensure it's enabled in your manifest file ('sdk_instant_resume=1') so the user's session with the CMP can be saved.
For more information, see Roku's documentation Instant Resume.
FAQ
1. Does the client need to implement a backend component for generating JWTs for OneTrust? Does OneTrust have any recommendations?
As a security best practice, we recommend using a backend for generating JWTs as OneTrust does not support this functionality today. The JWT.io site has a lot of great resources if you scroll down the page.
2. Are different JWTs used for different types of users? (i.e. Web vs. Mobile vs. CTV)
No, a JWT is user-specific and tied to their unique identifier. Since you are likely using the same identifier to sync a user's consent between mobile to CTV or Web to CTV, there is no need to change the JWT auth token in this scenario.
- Is the UI data (i.e. Banner, Preference Center, Vendor List) cached locally after it's been downloaded?
No, UI data is not cached after it's been fetched to help limit storage constraints of the app.
Updated about 6 hours ago