Migrating from the Legacy SDK to the CMP API

This page is only relevant if you are using a legacy SDK and need to adopt the CMP API solution.

If your application is using your own UI and not the OneTrust out of the box UI, follow these steps to migrate consent from the legacy SDK profile if you are now adopting the CMP API solution.

1. Replace the Legacy SDK with the OneTrust CMP API

📘

Consent data stored in local storage from the legacy SDK should be intact.

Initialize the CMP SDK on the same domain/app. This ensures that local storage data from the previous SDK remains accessible. The stored data should then be migrated to create the required CMP consent headers to persist consent.

2. Migration Process

The app will need to create an OT-Consent-String based on the previously stored consent data along with a few additional parameters to persist consent.

👍

For more information about the OT-Consent-String, see Persisting Consent.

2.1. Create the Consent Object

Create a Consent object and populate it with data from the ONETRUST_WEB_STORE from local storage.

const ONETRUST_WEB_STORE = window.localStorage.getItem('ONETRUST_WEB_STORE');

Const consentObject = {
    shouldShowBanner: localStorage.getItem("shouldshowBanner"),
    lastLaunchDate: getTimestamp(ONETRUST_PROFILE_RESPONSE.info.lastLaunch.date),
    appId: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.applicationId,
    cdn: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.location,
    isAnonymous: userData.ANONYMOUS,
    dsId: userData.DSID,
    lastConsentDate: userData.CREATED_TIME_STAMP,
    identifierType: IF userData.ANONYMOUS THEN.ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultAnonymousIdentifier ELSE ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultIdentifier,
    expiryDate: "",
    groupConsents: {}, // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference  
    groupLIConsents: {} // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference
}

Example Consent Object:

{  
  "shouldShowBanner": 0,  
  "lastLaunchDate": 1695200000000,  
  "appId": "sample-app-id",  
  "cdn": "cdn-location",  
  "isAnonymous": 0,  
  "dsId": "sample-dsid",  
  "lastConsentDate": 1695205000000,  
  "identifierType": "DefaultIdentifier",  
  "expiryDate": "",  
  "groupConsents": {  
    "group1": 1,  
    "group2": 0  
  },  
  "groupLIConsents": {  
    "group3": 1,  
    "group4": 1  
  }  
}

2.2. Encode the Consent Object

Convert the consent object into a base64 string.

Pseudo-code

const encoder = new TextEncoder();  
const uint8Array = encoder.encode(JSON.stringify(consentObject));  
const base64Encoded = btoa(String.fromCharCode(...Array.from(uint8Array)));

3. Pass the Encoded String into the CMP API Header

When initializing the CMP SDK, include the encoded string in oneTrustHeaders of startSDK().

👍

For more information, see Initialize the SDK.

const oneTrustHeaders = {
    'OT-CDN-Location': '',
    'OT-APP-Id': '',
    'OT-Language': '',
    ...
    'OT-Consent-String': base64Encoded
}

3.1 (Optional, only if using IAB TCF or GPP) Retrieve IAB Consent Strings

If you are using IAB TCF or IAB GPP, pass in these additional headers:

  • TC String - IABTCF_TCString
  • Additional Consent String - IABTCF_AddtlConsent
  • OT-Gpp-String - gppString

TC String and Additional Consent String are stored in the CONSENT object of ONETRUST_WEB_STORE. The GPP String is stored under IABGPP_HDR_GppString.

consentData = JSON.parse(userData.CONSENT)  
tcString   = consentData.tcf[0].token  
addConsent = consentData.tcf[0].encodedList.IABTCF_AddtlConsent

gppString = window.localStorage.getItem('IABGPP_HDR_GppString')
const oneTrustHeaders = {
    'OT-CDN-Location': '',
    'OT-APP-Id': '',
    'OT-Language': '',
    ...
    'OT-Consent-String': base64Encoded,
    'OT-Tcf-Eu2v2-Consent-String': tcString,
    'OT-Addtl-Consent-String': addConsent,
    'OT-Gpp-String': gppString
}