Adding Sourcepoint CCPA to Version 1 GDPR Code

Implementation of the on-page code of Sourcepoint's CCPA solution for an account already using version 1 of Sourcepoint's GDPR CMP

Overview

Setting up Sourcepoint’s CCPA solution is a simple process that publisher teams can follow to get up and running quickly. This document is a quick start guide on how to implement a Do Not Sell (my data) experience on your website using Sourcepoint’s Javascript code-snippet where you already have version 1 of Sourcepoint's GDPR solution is place. The JS code-snippet needs to be placed on your site, preferably in the head tag before any advertising technology scripts implemented on your site. The goal of the implementation is to render a Do Not Sell (my data) notification required under CCPA and syndicate the user's privacy settings to any relevant third party technology running on your site. The Sourcepoint script implementation has been optimized for high performance and fast delivery.

<script type="text/javascript">(function () { var e = false; var c = window; var t = document; function r() { if (!c.frames["__uspapiLocator"]) { if (t.body) { var a = t.body; var e = t.createElement("iframe"); e.style.cssText = "display:none"; e.name = "__uspapiLocator"; a.appendChild(e) } else { setTimeout(r, 5) } } } r(); function p() { var a = arguments; __uspapi.a = __uspapi.a || []; if (!a.length) { return __uspapi.a } else if (a[0] === "ping") { a[2]({ gdprAppliesGlobally: e, cmpLoaded: false }, true) } else { __uspapi.a.push([].slice.apply(a)) } } function l(t) { var r = typeof t.data === "string"; try { var a = r ? JSON.parse(t.data) : t.data; if (a.__cmpCall) { var n = a.__cmpCall; c.__uspapi(n.command, n.parameter, function (a, e) { var c = { __cmpReturn: { returnValue: a, success: e, callId: n.callId } }; t.source.postMessage(r ? JSON.stringify(c) : c, "*") }) } } catch (a) { } } if (typeof __uspapi !== "function") { c.__uspapi = p; __uspapi.msgHandler = l; c.addEventListener("message", l, false) } })();</script>
<!--start Sourcepoint code-->
<script type = "text/javascript">
window._sp_ = window._sp_ || {};
window._sp_.config = window._sp_.config || {};
//Replace with your Sourcepoint Account ID
window._sp_.config.account_id = {Account ID};
//Replace with your dedicated messaging endpoint
window._sp_.config.mms_domain = 'message.sp-prod.net';
window._sp_.mms = window._sp_.mms || {};
window._sp_.mms.cmd = window._sp_.mms.cmd || [];
//CMP Flags for GDPR
window._sp_.config.cmp = _sp_.config.cmp || {};
window._sp_.config.cmp.enabled = true;
//Have message show immediately
window._sp_.config.detection = window._sp_.config.detection || {};
window._sp_.config.detection.timeout = 1;
window._sp_.mms.cmd.push( function () {
window._sp_.mms.startMsg();
});
</script>
<script type="text/javascript" src="//scripts.yourcdn.com/js/messaging.js"></script>
<script type="text/javascript">(function () { var e = false; var c = window; var t = document; function r() { if (!c.frames["__uspapiLocator"]) { if (t.body) { var a = t.body; var e = t.createElement("iframe"); e.style.cssText = "display:none"; e.name = "__uspapiLocator"; a.appendChild(e) } else { setTimeout(r, 5) } } } r(); function p() { var a = arguments; __uspapi.a = __uspapi.a || []; if (!a.length) { return __uspapi.a } else if (a[0] === "ping") { a[2]({ gdprAppliesGlobally: e, cmpLoaded: false }, true) } else { __uspapi.a.push([].slice.apply(a)) } } function l(t) { var r = typeof t.data === "string"; try { var a = r ? JSON.parse(t.data) : t.data; if (a.__cmpCall) { var n = a.__cmpCall; c.__uspapi(n.command, n.parameter, function (a, e) { var c = { __cmpReturn: { returnValue: a, success: e, callId: n.callId } }; t.source.postMessage(r ? JSON.stringify(c) : c, "*") }) } } catch (a) { } } if (typeof __uspapi !== "function") { c.__uspapi = p; __uspapi.msgHandler = l; c.addEventListener("message", l, false) } })();</script>
<script>
window._sp_ccpa = {
config: {
mmsDomain: "https://message.sp-prod.net",
ccpaOrigin: "https://ccpa-service.sp-prod.net",
accountId: "{AccountID}",
getDnsMsgMms: true,
alwaysDisplayDns: false,
}
}
</script>
<script src="https://ccpa.sp-prod.net/ccpa.js"></script>
<!--end Sourcepoint code-->

1. The first section of the snippet contains the stub file. The stub file sets up the IAB US Privacy String object “__uspapi” and makes it available on queue to be called and released when needed. It is important to have this script tag always at the top in the first position to avoid errors and failure of the service.

2. The second section of the snippet contains your account specific configuration parameters. This section sets up the parameters necessary for your website to communicate with the Sourcepoint messaging platform and establishes a communication channel with the Sourcepoint messaging service library. In addition to the standard parameters in the example above, there are additional parameters that allow for Javascript callbacks to be triggered for different customization purposes. For CCPA implementations. there are currently five required params to deliver a message successfully (these are in addition to the ones currently used for GDPR):

a. mmsDomain - 'https://mms.sp-prod.net' can be changed to a CNAMED 1st party subdomain in order to deliver 1st party cookies on Safari web browser (due to Safari’s ITP). Changing the mmsDomain is optional! More information about setting up an mmsDomain below.

b. ccpaOrigin - "https://ccpa.sp-prod.net" is the endpoint from where the CCPA service is served. Keep as is.

c. accountId – This parameter needs to be used to set the account ID you received from your Sourcepoint account manager - The ID associates your data and website with the your account in the Sourcepoint dashboard.

d. getDnsMsgMms - As an alternative to establishing the communication with the message management service through the mmsDomain, you can set this value to false to establish the channel through the ccpaOrigin URL. This approach enables uses cases in where a CCPA Do Not Sell (my data) notification is shown on the website without creating a campaign in the Sourcepoint dashboard.

e. alwaysDisplayDns - Setting this parameter to true enables use cases where a Sourcepoint Do Not Sell (my data) notification is hardcoded.

Setting up The Messaging Domain

Setting up a messaging domain (mmsDomain) is optional. The goal of creating a mmsDomain is for the CCPA Javascript library to communicate with the Sourcepoint messaging server through a 1st party subdomain. The benefit of this approach is to allow Sourcepoint cookies to be “first party” and thus, circumventing Safari’s Intelligent Tracking Prevention (ITP). This creates a discrete messaging channel between the publisher’s messaging subdomain and the Sourcepoint messaging server. Once you create the subdomain, you should create a DNS CNAME record to direct traffic to the Sourcepoint messaging endpoint message<account id>.sp-prod.net where the account ID refers to your account ID in the Sourcepoint user interface. If you are unsure of what your account ID is, please contact your Sourcepoint account manager.

Once you have created the CNAME record, please inform your Sourcepoint Account manager so that they can create an SSL certificate for the subdomain. This will ensure that both secure and non-secure traffic is handled properly.