Didomi - Developers documentation
  • Introduction
  • SDKs
    • Introduction
    • Web SDK
      • Getting started
      • Tags and vendors management
        • Tags management
          • Events & Variables
            • Deprecated
            • Custom events
          • Tag managers
            • Adobe Launch/DTM
            • Eulerian
            • Google Tag Manager
              • Configure the Didomi / GTM integration
              • Didomi's GTM template
            • Tealium
            • Other tag managers
        • Custom Didomi <script> tags
        • Third-party integrations
          • Google Ad Manager / AdSense
            • GDPR via Non-Personalized Ads
              • Share consent and load/refresh ads
              • Share consent without loading or refreshing ads
            • US states laws
          • Google Consent Mode V2
          • Kameleoon
          • Piano Analytics (AT Internet)
          • Prebid
            • GDPR via IAB TCF
            • US states laws
          • Salesforce DMP (Krux)
        • IAB frameworks
        • Programmatic API
      • Configuration
        • Bots (SEO & Performance tools)
        • Configuration by URL
        • Cookies and storage
        • Custom domains for events
        • Notice
          • Behavior
          • Interactions
          • Look and feel
        • Preferences
        • Theme
      • AB tests
      • Custom domain
        • Domain delegation
        • Reverse proxy
      • Share consents between domains
      • Share consents across devices
      • Pass user choices in query string
      • Serve Didomi assets from your domain
      • Reference
        • API
          • Deprecated
        • Events
      • Performance
      • Versions
    • Mobile and TV SDKs
      • Android and Android TV
        • Setup
        • Logging
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • iOS and tvOS
        • Setup
        • Logging
        • App Tracking Transparency (iOS 14.5+)
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • Unity
        • Setup
        • Reference
        • Versions
        • Troubleshooting
      • React Native
        • Setup
        • Reference
          • Deprecated
        • Versions
      • Flutter
        • Setup
        • Reference
        • Versions
      • Consent notice
        • Getting started
        • Customize the notice
        • Customize the preferences popup
        • Customize the theme & UI
        • Load notice by ID
      • Third-party SDKs
      • Share consents across devices
      • Share consent with WebViews
      • Google Consent Mode v2
      • FAQ
    • AMP SDK
      • Blocking Behaviors
        • Load immediately on page load
        • Load only after consent (positive or negative)
        • Load only after positive consent
      • Consent status for vendors
    • Help & Support
  • API
    • Introduction
      • Authentication
      • Errors
      • Pagination
      • Filters
      • Caching
      • Rate limiting
      • Quotas
      • Translations
    • Data Manager
      • Regulations
      • Configuration Tree
      • Purposes
        • Purposes & Vendors Numerical IDs
      • Preferences Library
      • User Rights
    • Widgets
      • Consent notices
        • Notices
        • Configurations
        • Multi-Regulation Configurations
          • Migration of Existing Notices and API Updates
        • Deployments
        • Tutorials
          • Create and publish a consent notice
          • Create and publish a multi-regulation consent notice
      • Privacy widgets
        • Create a widget
        • Retrieve widgets
        • Edit a widget
          • Content & Design
            • Themes & Shapes
            • Components
              • auth
              • dsar_form
              • footer
              • header
              • preference
              • preference_value
              • save
              • section
              • sections
            • Options
          • Purposes & preferences
          • Settings
        • Deploy a Widget
          • Use your own subdomain
          • Use your own domain
          • Implement an embeddable widget on your website
        • Authentication
          • Manage authentication providers
          • Authenticate your end-user
        • Archive a widget
        • Headless widgets
          • Public Methods
          • Custom elements
          • Custom events
          • Event listeners
        • Tutorial
          • Launch a Preference Center from a mobile app
    • Compliance Reports
      • Properties
      • Reports
      • CSV format reference
      • Websites
    • Consents and Preferences
      • Events
        • Generate IAB TCF consent string
      • Links
      • Proofs
      • Tokens
      • Secrets
      • Users
      • Tutorial
        • Collect and operate data
    • Privacy Requests
      • Requests
      • Notes
      • Links
      • Emails
  • Integrations
    • Introduction
      • Quotas
    • Generic integrations
      • Batch export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
        • Exported data
          • Notices consents
        • Logs
      • Webhooks
      • Batch import
      • Analytics export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
    • Third-party apps
      • CMP integrations
        • Didomi-mParticle integration for your CMP
        • Deploy Didomi’s SDK for your Adobe Commerce website
      • Preference Management Platform integrations
        • Actito
        • Adobe Campaign Classic
        • Adobe Experience Cloud
        • Adobe Marketo Engage
        • Adobe Source Connector
        • Braze
        • Dotdigital
        • Hubspot
        • Mailchimp
        • Microsoft Dynamics 365
        • Salesforce Marketing Cloud
        • Salesforce Sales & Service Cloud
        • Selligent
        • Brevo (ex Sendinblue)
    • Tutorials
      • Configure a HTTP webhook
      • Configure a batch export
      • Configure an analytics export
    • Emailing
      • Configurations
        • Actito Email
        • Actito SMS
        • Adobe Campaign Classic
        • Adobe Campaign Standard
      • Emails
        • Templates
        • Manage your templates
Powered by GitBook
On this page
  • Create a Report
  • Retrieve Reports
  • Retrieve a Report
  • reports.json
  • report_aggregated_trackers.json
  • report_aggregated_vendors.json
  • report_privacy.json
  • {{scenario_id}}/proof_of_scan.gif
  • {{scenario_id}}/proof_of_scan.har
  1. API
  2. Compliance Reports

Reports

PreviousPropertiesNextCSV format reference

Last updated 14 days ago

Once your property is created, you will be able to generate as much reports as you want for that property.

Create a Report

To create a report, you will need the property ID. Create a report by calling the endpoint.

Retrieve Reports

Once the report is created, a scan will be triggered. A scan can take some time to finish. You can retrieve a list of reports' summary by calling the endpoint.

As mentioned in the API documentation, reports can be filtered in many ways. For example, if you want to retrieve all reports created in January 2025 with status success.

GET /reports/compliances/reports?organization_id={{organization_id}}&created_at[$gte]=2025-01-01&created_at[$lte]=2025-01-31&status=success

Retrieve a Report

If you want to get the full report, you will need to call the endpoint along with the $with parameter.

/reports/compliances/reports/{{report_id}}?organization_id={{organization_id}}&$with[]=outputs

This endpoint will return the summary of the report with an outputs object including all necessary information. The object contains information as follow:

reports.json

This JSON contains the summary of the report.

Key
Description
Value

id

ID of the report

String

property_id

ID of the property

String

organization_id

ID of the organization

String

trackers_count

Number of trackers found during the scan

Integer

vendors_count

Number of vendors found during the scan

Integer

score

Compliance Score.

Integer (0 - 100)

errors

List of errors per scenario

Array (See below)

status

Status of the report

String (success, partial, failed, queued, pending)

created_at

Date of creation

Date

Errors for each scenario

Key
Description
Value

collect_id

ID of the collect

String

scenario_id

ID of the scenario

String

error _type

Type of error

String

error_description

Description

String

Please find the different information type with their description:

  • Website not reachable (website_not_reachable)

This error occurs when the crawler cannot access the website. Potential reasons include:

  • A server error on the client’s website (e.g., 404, 500), making the website unavailable.

  • An unexpected issue on our crawler’s end.

In some cases, retrying the scan may resolve the issue, such as when the website was temporarily unavailable.

  • Anti-bot system (anti_bot_system)

The website is equipped with an anti-bot system which prevents us from accessing it.

  • No existing or clear CMP on the page (no_existing_or_clear_cmp)

We could not detect a clear CMP on the page, either visually or in the code. This indicates the client may not have implemented a CMP, preventing us from interacting with an accept/refuse button.

  • No button found to accept/refuse (no_button_found)

Although we detected a modal or banner resembling a CMP, there were no proper accept or refuse buttons to interact with. This is often due to websites displaying a banner to inform users about cookie usage but not providing explicit options to accept or refuse.

  • Not able to click on the button in the page (not_able_to_click)

While we identified a CMP and its buttons, we could not programmatically click them. This may result from issues on our end in locating or interacting with the buttons. We are continuously improving our logic to reduce the occurrence of this issue.

  • General Error (general_error)

This error is caused by an issue in our API. Such errors are rare, as our system typically handles them through retries. When they occur, rerunning the report often resolves the problem.

Example

{
    "id": "ID",
    "property_id": "PROPERTY_ID",
    "organization_id": "ORGANIZATION_ID",
    "trackers_count": 27,
    "vendors_count": 9,
    "score": 80,
    "errors": [],
    "status": "success",
    "created_at": "2025-01-14T06:42:48.322Z"
}

report_aggregated_trackers.json

This JSON contains the list of aggregated trackers found during the scan with added information.

Key
Description
Value

property_id

Property ID

String

report_id

Report ID

String

organization_id

Organization ID

String

id

Internal ID of the tracker

String

type

Type of tracker

String (web_storage, pixel, cookie, indexed_db)

source

Source of tracker

String (js_browser, http_request, other)

name

Name of tracker

String

host

Host of tracker

String

is_http_only

Is the tracker HTTP Only

Boolean

is_secure_only

Is the tracker Secure Only

Boolean

is_persistent

Is the tracker persistent

Boolean

is_third_party

Is the tracker third party

Boolean

initiator

Object containing the initiator of the tracker information

Object

cmp

Object regarding CMP context under which the tracker was found

Object (See below)

page_url

URL of the page

String

page_url_host

Host of the page

String

page_url_sld

SDL of the page

String

name_pattern

We might group some trackers by name if they follow a similar pattern.

String

initial_name

Initial name of the tracker. Different from the name if a pattern has been used to group trackers.

String

sld

SLD of the tracker

String

vendor.id

ID of the vendor associated to the tracker

String

vendor.name

Name of the vendor associated to the tracker

String

max_lifetime_seconds

Lifetime of the tracker in seconds

Number (-1 meaning not lifetime)

created_at

Date of creation

Date

CMP

The cmp object contains extra information.

Key
Description
Value

scenario_step.id[]

Steps in which the tracker was dropped. Didomi runs multiple scenarios (No User Choice, Consent to all, Refuse to all).

Ex: During a consent_to_all scenario, trackers are dropped before the crawler clicked on the accept button. We consider in that case the scenario step to be no_user_choice. Once the crawler successfully clicked on the accept button, the scenario step becomes consent_to_all.

Array (no_user_choice, consent_to_all, refuse_to_all)

scenario.id[]

Scenarios in which the tracker was dropped. In opposition with the scenario step, this is the global scenario under which the crawler runs.

Array (no_user_choice, consent_to_all, refuse_to_all)

If you want to know under which scenario step the tracker was dropped, please follow this logic:

  • If the array contains no_user_choice, the tracker was dropped on No CMP choice scenario, regardless if it contains other values.

  • If the array contains refuse_to_all, the tracker was dropped on Refuse to all, regardless if it contains other values.

  • If the array contains consent_to_all, the tracker was dropped on Consent to all.

  • If the array is empty, the tracker was dropped on No CMP choice scenario.

Example

{
    "property_id": "PROPERTY_ID",
    "report_id": "REPORT_ID",
    "organization_id": "ORGANIZATION_ID",
    "id": "5a6e04c5-5ff3-4d84-904d-344b6046a47c",
    "type": "web_storage",
    "source": "js_browser",
    "name": "catch",
    "host": "challenges.cloudflare.com",
    "is_http_only": false,
    "is_secure_only": false,
    "is_persistent": false,
    "is_third_party": true,
    "initiator": {
        "type": "script",
        "url": "https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901ba2807fe66f19&lang=auto",
        "url_host": "challenges.cloudflare.com",
        "url_sld": "cloudflare.com",
        "vendor": {
            "id": "cloudflare",
            "name": "CloudFlare"
        }
    },
    "cmp": {
        "scenario_step": {
            "id": [
                "no_user_choice"
            ]
        },
        "scenario": {
            "id": [
                "no_user_choice"
            ]
        }
    },
    "page_url": "https://www.didomi.com",
    "page_url_host": "www.didomi.com",
    "page_url_sld": "didomi.com",
    "name_pattern": null,
    "initial_name": "catch",
    "sld": "cloudflare.com",
    "vendor": {
        "id": "cloudflare",
        "name": "CloudFlare"
    },
    "max_lifetime_seconds": -1,
    "created_at": "2025-01-14T06:42:48.282Z"
}

report_aggregated_vendors.json

This JSON contains the list of aggregated vendors found during the scan with added information.

Key
Description
Value

property_id

Property ID

String

report_id

Report ID

String

organization_id

Organization ID

String

id

ID of the vendor or host of the request if we were not able to link the request to a vendor

String

request_count

Number of requests associated to the vendor during the scan

String

partner

Object containing the vendors details or a vendor was match to the request. Null otherwise

Object (See below) | null

cmp

Object regarding CMP context under which the vendor was seen

Object (See below)

created_at

Date of creation

Date

Partner

Key
Description
Value

id

ID of the vendor

String

name

Name of the vendor

String

matched_hosts

List of hosts linked to that vendor

Array

functional_namespace

Functional namespace

String

country

Country of the vendor

String

namespaces

List of namespaces where the vendor can be found (IAB, etc...)

Object

tcf

Object containing purposes linked to that vendor

Object

CMP

The cmp object contains extra information.

Key
Description
Value

scenario_step.id[]

Steps in which the vendor was seen. Didomi runs multiple scenarios (No User Choice, Consent to all, Refuse to all).

Ex: During a consent_to_all scenario, vendors are seen before the crawler clicked on the accept button. We consider in that case the scenario step to be no_user_choice. Once the crawler successfully clicked on the accept button, the scenario step becomes consent_to_all.

Array (no_user_choice, consent_to_all, refuse_to_all)

scenario.id[]

Scenarios in which the vendor was seen. In opposition with the scenario step, this is the global scenario under which the crawler runs.

Array (no_user_choice, consent_to_all, refuse_to_all)

Example

{
    "property_id": "PROPERTY_ID",
    "report_id": "REPORT_ID",
    "organization_id": "ORGANIZATION_ID",
    "id": "cloudflare",
    "request_count": 74,
    "cmp": {
        "scenario_step": {
            "id": [
                "no_user_choice"
            ]
        },
        "scenario": {
            "id": [
                "no_user_choice"
            ]
        }
    },
    "partner": {
        "id": "cloudflare",
        "name": "CloudFlare",
        "matched_hosts": [
            {
                "host": "challenges.cloudflare.com",
                "raw_pattern": "cloudflare.com"
            }
        ],
        "functional_namespace": "google",
        "country": "us",
        "namespaces": {
            "google": 1097
        },
        "tcf": {
            "default_purposes_id": [
                "cookies",
                "create_ads_profile",
                "select_personalized_ads"
            ],
            "spi_purposes_id": [],
            "legitimate_interest_purposes_id": [
                "improve_products",
                "market_research",
                "measure_ad_performance",
                "select_basic_ads"
            ]
        }
    },
    "created_at": "2025-01-14T06:42:48.301Z"
}

report_privacy.json

This JSON contains privacy information regarding the website scanned.

Key
Description
Value

organization_id

Organization ID

String

report_id

Report ID

String

property_id

Property ID

String

privacy

Object containing all privacy values

Object (See below)

created_at

Date of creation

Date

Privacy

Key
Description
Value

has_user_consent_information

Consent Information present in the page

Boolean

has_user_consent_choice

CMP present in the page

Boolean

has_short_cookies_lifetime

Cookies lifetime is less than 13 months

Boolean

has_privacy_policy

Privacy Policy link present in at least one page

Boolean

has_privacy_policy_all_pages

Privacy Policy link present in all pages scanned

Boolean

has_privacy_policy_opt_out

Privacy Policy Opt-out present in at least one page

Boolean

Example

{
    "organization_id": "ORGANIZATION_ID",
    "report_id": "REPORT_ID",
    "property_id": "PROPERTY_ID",
    "privacy": {
        "has_user_consent_information": true,
        "has_user_consent_choice": true,
        "has_short_cookies_lifetime": true,
        "has_privacy_policy": true,
        "has_privacy_policy_all_pages": true,
        "has_privacy_policy_opt_out": false
    },
    "created_at": "2025-01-14T06:42:48.321Z",
}

{{scenario_id}}/proof_of_scan.gif

When scanning the website, we record the interactions in a GIF file for each scenario.

{{scenario_id}}/proof_of_scan.har

When scanning the website, we record the HAR containing all sort of information like trackers, requests, etc...

Only relevant files are described above.

Each links have a lifetime of 5 minutes. If the links have expired, please run the request again.

POST /reports/compliances/reports
GET /reports/compliances/reports
GET /reports/compliances/reports/{{report_id}}