GDPR non-TCF Web API Endpoints (Legacy)

Sourcepoint supports the following API endpoints for a GDPR non-TCF web implementation:


The following function returns end-user specific custom consent data in the vendorConsents JSON object. The object contains information on the purposes and vendors an end-user has consented to, the legitimate interested purposes an end-user has not objected to, as well as the status information on purposes that are mapped to a specific vendor on the vendor list.

window._sp_.getCustomVendorConsents((vendorConsents, success) => console.log(vendorConsents))


Certain use cases may require you to change an end-user's consent profile outside the regular Sourcepoint First Layer Message and Privacy Manger workflows.

Common use cases include vendor-specific consent experiences to handle social media plugins or applying consent because a user has accepted the website's T&Cs or any other publisher or advertiser provided contract.

The following function can be used to edit an end-user's consent profile by changing the opt-in status for consented vendors, categories (purposes) and legitimate interest categories (purposes).

window._sp_.postCustomConsent(callback, vendors, categories, legIntCategories)

The vendors, categories and legIntCategories arrays take the vendor IDs and category IDs you want to change the consent or legitimate interest status for. Vendor and category IDs can be found in the Vendor List that is activated for your property.


Help your web developers access vendor to purpose mappings. Example below:

window._sp_.getVendorPurposeMapping((data, success) => { console.log(data,success); })