Migrating from the Legacy SDK to the CMP API
This page is only relevant if you are using a legacy SDK and need to adopt the CMP API solution.
If your application is using your own UI and not the OneTrust out of the box UI, follow these steps to migrate consent from the legacy SDK profile if you are now adopting the CMP API solution.
1. Replace the Legacy SDK with the OneTrust CMP API
Consent data stored in local storage from the legacy SDK should be intact.
Initialize the CMP SDK on the same domain/app. This ensures that local storage data from the previous SDK remains accessible. The stored data should then be migrated to create the required CMP consent headers to persist consent.
2. Migration Process
The app will need to create an OT-Consent-String
based on the previously stored consent data along with a few additional parameters to persist consent.
For more information about the
OT-Consent-String
, see Persisting Consent.
2.1. Create the Consent Object
Create a Consent object and populate it with data from the ONETRUST_WEB_STORE
from local storage.
const ONETRUST_WEB_STORE = window.localStorage.getItem('ONETRUST_WEB_STORE');
Const consentObject = {
shouldShowBanner: localStorage.getItem("shouldshowBanner"),
lastLaunchDate: getTimestamp(ONETRUST_PROFILE_RESPONSE.info.lastLaunch.date),
appId: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.applicationId,
cdn: ONETRUST_PROFILE_RESPONSE.info.encodedRequestJSON.application.location,
isAnonymous: userData.ANONYMOUS,
dsId: userData.DSID,
lastConsentDate: userData.CREATED_TIME_STAMP,
identifierType: IF userData.ANONYMOUS THEN.ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultAnonymousIdentifier ELSE ONETRUST_PROFILE_RESPONSE.culture.CommonData.ConsentIntegration.DefaultIdentifier,
expiryDate: "",
groupConsents: {}, // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference
groupLIConsents: {} // retrieve from the ONETRUST_WEB_STORE.CONSENT.preference
}
Example Consent Object:
{
"shouldShowBanner": 0,
"lastLaunchDate": 1695200000000,
"appId": "sample-app-id",
"cdn": "cdn-location",
"isAnonymous": 0,
"dsId": "sample-dsid",
"lastConsentDate": 1695205000000,
"identifierType": "DefaultIdentifier",
"expiryDate": "",
"groupConsents": {
"group1": 1,
"group2": 0
},
"groupLIConsents": {
"group3": 1,
"group4": 1
}
}
2.2. Encode the Consent Object
Convert the consent object into a base64 string.
Pseudo-code
const encoder = new TextEncoder();
const uint8Array = encoder.encode(JSON.stringify(consentObject));
const base64Encoded = btoa(String.fromCharCode(...Array.from(uint8Array)));
3. Pass the Encoded String into the CMP API Header
When initializing the CMP SDK, include the encoded string in oneTrustHeaders
of startSDK()
.
For more information, see Initialize the SDK.
const oneTrustHeaders = {
'OT-CDN-Location': '',
'OT-APP-Id': '',
'OT-Language': '',
...
'OT-Consent-String': base64Encoded
}
3.1 (Optional, only if using IAB TCF or GPP) Retrieve IAB Consent Strings
If you are using IAB TCF or IAB GPP, pass in these additional headers:
- TC String -
IABTCF_TCString
- Additional Consent String -
IABTCF_AddtlConsent
- OT-Gpp-String -
gppString
TC String and Additional Consent String are stored in the CONSENT
object of ONETRUST_WEB_STORE
. The GPP String is stored under IABGPP_HDR_GppString
.
consentData = JSON.parse(userData.CONSENT)
tcString = consentData.tcf[0].token
addConsent = consentData.tcf[0].encodedList.IABTCF_AddtlConsent
gppString = window.localStorage.getItem('IABGPP_HDR_GppString')
const oneTrustHeaders = {
'OT-CDN-Location': '',
'OT-APP-Id': '',
'OT-Language': '',
...
'OT-Consent-String': base64Encoded,
'OT-Tcf-Eu2v2-Consent-String': tcString,
'OT-Addtl-Consent-String': addConsent,
'OT-Gpp-String': gppString
}
Updated 28 minutes ago