Your Company

Handling users' cookie consent

Fetch stored cookie preferences from logged-in users and sync them to your CMP

Users set cookie consent choices in Upod. After they log in on your site, you can read those choices and apply them to your cookie banner or Consent Management Platform (CMP).

This works differently from anonymized profile data. Cookie preferences do not require a separate data-access grant in the user's vault. If the user is logged in, you can always fetch them.

When to use this

  • Your site has a cookie banner or CMP and you want logged-in Upod users to skip re-consenting
  • You run OneTrust (or plan to) and want Upod preferences synced automatically
  • You already use Upod for login and want consent to follow the user across sites

Prerequisites

  1. A working Upod integration with an authenticated session (any getting started path works)
  2. A cookie banner or CMP on your site, unless you only need the raw preference values

The simplest approach is client.getConsent(). It returns each category as a boolean, or null when the user is not logged in or has not saved preferences yet.

const client = upod.initialize({
    authority: 'https://account.upod.eu',
    client_id: 'your-client-id',
    redirect_uri: location.origin + location.pathname,
    post_logout_redirect_uri: location.origin + location.pathname,
});

client.handleCallbackIfNeeded();

client.onLogin(async () => {
    const consent = await client.getConsent();
    if (consent) {
        applyCookiePreferences(consent);
    }
});

client.onConsentChange(consent => {
    if (consent) {
        applyCookiePreferences(consent);
    }
});

onConsentChange fires after login, logout, tab focus, and when the user edits preferences in their vault. You can also listen for the upod:consentchange DOM event.

If you need the raw DPV values from the storage API, call client.fetch() directly. No purpose query parameter is required.

const raw = await client.fetch({
    path: '/storage/cookies',
    method: 'get',
});

See the Cookie preferences reference for the full response schema and TCF mapping table.

Applying preferences manually

Map the boolean values from getConsent() to your CMP categories. Essential cookies are always on in Upod and are not returned by the API:

function applyCookiePreferences(consent) {
    enableEssentialCookies();

    if (consent.cookiesAndSimilar) {
        enableStorageCookies();
    } else {
        disableStorageCookies();
    }

    if (consent.advertising) {
        enableAdCookies();
    } else {
        disableAdCookies();
    }

    if (consent.measurement) {
        enableAnalytics();
    } else {
        disableAnalytics();
    }
}

CMP adapters

If your site already runs a CMP, you can sync Upod preferences automatically instead of mapping fields yourself. Adapters ship as separate bundles so sites that do not use that CMP do not download extra code.

Each adapter calls client.getConsent() under the hood and refetches on login, logout, tab focus, and vault edits.

OneTrust

Load the main Upod bundle and the OneTrust adapter:

<script src="https://cdn.upod.eu/client/bundle.browser.js"></script>
<script src="https://cdn.upod.eu/client/upod-onetrust.browser.js"></script>

Create the adapter after initializing the client:

const client = upod.initialize({
    authority: 'https://account.upod.eu',
    client_id: 'your-client-id',
    redirect_uri: location.origin + location.pathname,
    post_logout_redirect_uri: location.origin + location.pathname,
});

upodOneTrust.createOneTrustAdapter({
    client,
    mode: ['groups'],
    mapping: {
        cookiesAndSimilar: 'C0001',
        measurement: 'C0002',
        socialMedia: 'C0003',
        advertising: 'C0004',
        personalisedContent: 'C0004',
    },
    alwaysOn: ['C0001'],
    combine: 'or',
    onLogout: 'keep',
});

The OneTrust adapter is not included in bundle.browser.js, so non-OneTrust sites do not download it.

In a bundled app:

import { initialize } from '@datakluis/client-lib';
import { createOneTrustAdapter } from '@datakluis/client-lib/adapters/onetrust';

const client = initialize({ /* ... */ });

createOneTrustAdapter({
    client,
    mode: ['groups'],
    mapping: {
        cookiesAndSimilar: 'C0001',
        measurement: 'C0002',
        socialMedia: 'C0003',
        advertising: 'C0004',
        personalisedContent: 'C0004',
    },
    alwaysOn: ['C0001'],
    combine: 'or',
    onLogout: 'keep',
});

Modes

ModeWhat it does
groupsMaps Upod categories to OneTrust group codes and calls OneTrust.UpdateConsent("Category", payload).
dataLayerPushes normalized consent to window.dataLayer for Tealium or Load Rules.

Use both when you need group-level sync in OneTrust and purpose-level handling in Tealium:

upodOneTrust.createOneTrustAdapter({
    client,
    mode: ['groups', 'dataLayer'],
    mapping: { /* ... */ },
    dataLayer: { key: 'upodConsent' },
});

Shared OneTrust groups

advertising and personalisedContent may map to the same OneTrust group (for example C0004) even though they cover different TCF purposes. The OneTrust JS API only supports group-level toggles, so you cannot turn them on independently through the API.

  • combine: 'or' (default): the group is on if either category is granted.
  • combine: 'and': the group is on only if both are granted.
  • dataLayer mode: keep advertising and content distinct in Tealium instead of splitting OneTrust groups.

Demo

See the live OneTrust adapter example for a working demo with a local OneTrust stub.

Notes

  • Authentication required. Cookie preferences are fetched in the browser with an active Upod session. If your backend needs the values, see Server-side and backend use.
  • Handle failures gracefully. If the fetch fails, show your normal cookie banner.
  • Keep mappings in sync. Your mapping object must match the group codes configured in your OneTrust admin panel.

Next steps