Didomi - Developers documentation
  • Introduction
  • SDKs
    • Introduction
    • Web SDK
      • Getting started
      • Tags and vendors management
        • Tags management
          • Events & Variables
            • Deprecated
            • Custom events
          • Tag managers
            • Adobe Launch/DTM
            • Eulerian
            • Google Tag Manager
              • Configure the Didomi / GTM integration
              • Didomi's GTM template
            • Tealium
            • Other tag managers
        • Custom Didomi <script> tags
        • Third-party integrations
          • Google Ad Manager / AdSense
            • GDPR via Non-Personalized Ads
              • Share consent and load/refresh ads
              • Share consent without loading or refreshing ads
            • US states laws
          • Google Consent Mode V2
          • Kameleoon
          • Piano Analytics (AT Internet)
          • Prebid
            • GDPR via IAB TCF
            • US states laws
          • Salesforce DMP (Krux)
        • IAB frameworks
        • Programmatic API
      • Configuration
        • Bots (SEO & Performance tools)
        • Configuration by URL
        • Cookies and storage
        • Custom domains for events
        • Notice
          • Behavior
          • Interactions
          • Look and feel
        • Preferences
        • Theme
      • AB tests
      • Custom domain
        • Domain delegation
        • Reverse proxy
      • Share consents between domains
      • Share consents across devices
      • Pass user choices in query string
      • Serve Didomi assets from your domain
      • Reference
        • API
          • Deprecated
        • Events
      • Performance
      • Versions
    • Mobile and TV SDKs
      • Android and Android TV
        • Setup
        • Logging
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • iOS and tvOS
        • Setup
        • Logging
        • App Tracking Transparency (iOS 14.5+)
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • Unity
        • Setup
        • Reference
        • Versions
        • Troubleshooting
      • React Native
        • Setup
        • Reference
          • Deprecated
        • Versions
      • Flutter
        • Setup
        • Reference
        • Versions
      • Consent notice
        • Getting started
        • Customize the notice
        • Customize the preferences popup
        • Customize the theme & UI
        • Load notice by ID
      • Third-party SDKs
      • Share consents across devices
      • Share consent with WebViews
      • Google Consent Mode v2
      • FAQ
    • AMP SDK
      • Blocking Behaviors
        • Load immediately on page load
        • Load only after consent (positive or negative)
        • Load only after positive consent
      • Consent status for vendors
    • Help & Support
  • API
    • Introduction
      • Authentication
      • Errors
      • Pagination
      • Filters
      • Caching
      • Rate limiting
      • Quotas
      • Translations
    • Data Manager
      • Regulations
      • Configuration Tree
      • Purposes
        • Purposes & Vendors Numerical IDs
      • Preferences Library
      • User Rights
    • Widgets
      • Consent notices
        • Notices
        • Configurations
        • Multi-Regulation Configurations
          • Migration of Existing Notices and API Updates
        • Deployments
        • Tutorials
          • Create and publish a consent notice
          • Create and publish a multi-regulation consent notice
      • Privacy widgets
        • Create a widget
        • Retrieve widgets
        • Edit a widget
          • Content & Design
            • Themes & Shapes
            • Components
              • auth
              • dsar_form
              • footer
              • header
              • preference
              • preference_value
              • save
              • section
              • sections
            • Options
          • Purposes & preferences
          • Settings
        • Deploy a Widget
          • Use your own subdomain
          • Use your own domain
          • Implement an embeddable widget on your website
        • Authentication
          • Manage authentication providers
          • Authenticate your end-user
        • Archive a widget
        • Headless widgets
          • Public Methods
          • Custom elements
          • Custom events
          • Event listeners
        • Tutorial
          • Launch a Preference Center from a mobile app
    • Compliance Reports
      • Properties
      • Reports
      • CSV format reference
      • Websites
    • Consents and Preferences
      • Events
        • Generate IAB TCF consent string
      • Links
      • Proofs
      • Tokens
      • Secrets
      • Users
      • Tutorial
        • Collect and operate data
    • Privacy Requests
      • Requests
      • Notes
      • Links
      • Emails
  • Integrations
    • Introduction
      • Quotas
    • Generic integrations
      • Batch export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
        • Exported data
          • Notices consents
        • Logs
      • Webhooks
      • Batch import
      • Analytics export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
    • Third-party apps
      • CMP integrations
        • Didomi-mParticle integration for your CMP
        • Deploy Didomi’s SDK for your Adobe Commerce website
      • Preference Management Platform integrations
        • Actito
        • Adobe Campaign Classic
        • Adobe Experience Cloud
        • Adobe Marketo Engage
        • Adobe Source Connector
        • Braze
        • Dotdigital
        • Hubspot
        • Mailchimp
        • Microsoft Dynamics 365
        • Salesforce Marketing Cloud
        • Salesforce Sales & Service Cloud
        • Selligent
        • Brevo (ex Sendinblue)
    • Tutorials
      • Configure a HTTP webhook
      • Configure a batch export
      • Configure an analytics export
    • Emailing
      • Configurations
        • Actito Email
        • Actito SMS
        • Adobe Campaign Classic
        • Adobe Campaign Standard
      • Emails
        • Templates
        • Manage your templates
Powered by GitBook
On this page
  • Parameters
  • Publisher restrictions
  • Purposes and vendors
  • Unsupported TCF features
  1. API
  2. Consents and Preferences
  3. Events

Generate IAB TCF consent string

PreviousEventsNextLinks

Last updated 5 months ago

To generate an IAB TCF consent string, you must implement the in your CMP UI and features.

If you are collecting consents from users in the European Union, the Didomi Consents API can generate an IAB TCF consent string from the events you create for users.

To generate an IAB TCF consent string for the user, add the property $generate_tcfcs=true to the query-string parameters of the request when creating an event. The consent string will be generated and added to the consents.tcfcs property of the event response and stored in the API.

Example

POST /consents/events?organization_id={organization_id}&$generate_tcfcs=true

BODY
{
  "organization_user_id": "user@domain.com",
  "regulation": "gdpr",
  
  "consents": {
    "purposes": [
      {
        "id": "cookies",
        "enabled": true
      }
    ]
  },

  "iab": {
    "tcf": {
      "cmp_id": 7
    }
  }
}

And the response will be:

{
  ...,
  
  "consents": {
    ...,
    
    "tcfcs": "TCFv2.0+ConsentString..."
  }
}

Parameters

The generated TCF consent string can be configured with parameters passed to the iab.tcf property of the event. Those parameters must reflect how your CMP is configured to comply with the IAB TCF policies and the version of the TCF you are applying.

The following parameters can be passed to the iab.tcf property of the event:

Parameter
Description
Required
Type
Default
Notes

version

TCF version being used

No

number

2

cmp_id

The ID of the CMP that is generating the consent string.

Yes

number

cmp_version

Version of the CMP implementation.

No

number

1

consent_screen

Screen number in the CMP where consent was given.

No

number

1

consent_language

Two-letter ISO 639-1 language code in which the CMP UI was presented.

No

string

EN

vendor_list_version

Version of the IAB Global Vendor List when the user choices were collected.

No

number

81

Minimum GVL version supported is 81.

use_non_standard_texts

Indicates if non-standard texts were used in the consent notice.

No

boolean

false

purpose_one_treatment

Indicates if the purpose one was disclosed (false) or not (true).

No

boolean

false

publisher_cc

Publisher ISO 3166-1 alpha-2 country code.

No

string

AA

publisher_restrictions

Publisher restrictions that applied when the user choices were collected.

No

array

None

Example

Here is an example of an event that will generate a TCF consent string with the user's consent for the purpose cookies and some extra TCF parameters:

POST /consents/events?organization_id={organization_id}&$generate_tcfcs=true

BODY
{
  "user": {
    "organization_user_id": "user@domain.com"
  },
  "regulation": "gdpr",
  
  "consents": {
    "purposes": [
      {
        "id": "cookies",
        "enabled": true
      }
    ]
  },

  "iab": {
    "tcf": {
      "version": 2,
      "cmp_id": 7,
      "cmp_version": 1,
      "consent_screen": 1,
      "consent_language": "EN",
      "vendor_list_version": 81,
      "use_non_standard_texts": false,
      "purpose_one_treatment": false,
      "publisher_cc": "US",
      "publisher_restrictions": [
        {
          "purposeId": "cookies",
          "vendors": {
            "ids": ["google"],
            "type": "list"
          },
          "restrictionType": "disallow"
        }
      ],
    }
  }
}

Publisher restrictions

Publisher restrictions can be specified in the iab.tcf.publisher_restrictions property of the event.

Purpose IDs passed in the iab.tcf.publisher_restrictions[].purposeId property are Didomi API IDs and not IAB TCF IDs.

Vendor IDs passed in the iab.tcf.publisher_restrictions[].vendors.ids property are Didomi API IDs and not IAB TCF IDs.

Examples:

  • Purpose ID cookies should be passed for IAB TCF purpose ID 1.

  • Vendor ID google should be passed for IAB TCF vendor ID 755.

Example

{
  "iab": {
    "tcf": {
      "publisher_restrictions": [
        {
          "id": "restriction_1",
          "purposeId": "purpose_id",
          "vendors": {
            "ids": ["google"],
            "type": "list"
          },
          "restrictionType": "disallow"
        }
      ],
    }
  }
}

Purpose ID

The purpose ID (purposeId property) defines which purpose the publisher restriction applies to.

It must be a Didomi API purpose ID and not an IAB TCF purpose ID. For instance, use the value cookies for the IAB TCF purpose ID 1.

Vendor IDs

The vendor IDs (vendors.ids property) defines which vendors the publisher restriction applies to.

It must be a list of Didomi API vendor IDs and not IAB TCF vendor IDs. For instance, use the value google for the IAB TCF vendor ID 755.

If the restriction applies to all vendors (vendors.type is set to all), providing a list of vendor IDs is not required and will be ignored.

Vendors type

The vendors type (vendors.type property) defines how the list of vendors that the publisher restriction applies to is defined.

Must be one of:

  1. list: The restriction is applied to the vendors listed in the ids property.

  2. all: The restriction applies to all the vendors in the vendor list of the IAB TCF.

Restriction type

The restriction type (restrictionType property) defines how the restriction applies to the vendors.

Must be one of:

  1. allow: Allow the configured vendors to process data for the purpose.

  2. disallow: Prevent the configured vendors from processing data for the purpose.

  3. req-consent: Require vendors to process the data for the purpose only under the consent legal basis.

  4. req-li: Require vendors to process the data for the purpose only under the legitimate interest legal basis.

Purposes and vendors

The vendors and purposes fields in the consent string are automatically generated from the vendor and purpose IDs that the user has made choices for in the event (consents property).

Unsupported TCF features

The following fields will not be supported when generating a TCF string through the API:

  1. DisclosedVendors

The fields of a TCF consent string are documented in the .

IAB Europe Transparency and Consent Framework policies
official IAB TCF documentation