Consent Handling

Check current status

Always compare against api.ConsentStatus constants — never use raw strings.

var status = api.getConsentStatus();

if (status === api.ConsentStatus.PENDING) {
  // No consent collected yet — banner will show automatically
} else if (status === api.ConsentStatus.COLLECTED) {
  // Consent is active
} else if (status === api.ConsentStatus.RECOLLECTION_REQUIRED) {
  // Re-consent is required
}

Status constant	Meaning
`api.ConsentStatus.PENDING`	Consent not collected yet
`api.ConsentStatus.COLLECTED`	Consent collected and still valid
`api.ConsentStatus.RECOLLECTION_REQUIRED`	Consent expired and must be recollected

Check recollection status

var recollectionRequired = api.isRecollectionRequired();
var reason = api.getRecollectionReason();

if (recollectionRequired && reason === api.RecollectionReason.EXPIRED) {
  // Consent lapsed due to expiry
}

getRecollectionReason() returns:

api.RecollectionReason.EXPIRED when recollection is required due to consent expiry
null when recollection is not currently required

var expired = api.isConsentExpired();
var expiry  = api.getConsentExpiry();  // Date | null

if (expired) {
  // Consent has passed its expiry date — or no consent has been collected yet.
  // The banner will re-appear automatically on the next SDK initialisation.
}

if (expiry) {
  console.log('Consent expires on:', expiry.toLocaleDateString());
}

Enum Usage Guidance

SDK constants are the authoritative representation for consent status and recollection reasons. The SDK guarantees the constants contract (what values are possible), but does not guarantee that the underlying raw string values are stable over time.

Always use api.ConsentStatus and api.RecollectionReason constants in app logic — never branch on raw strings.

// Correct — uses SDK constants
if (status === api.ConsentStatus.COLLECTED) { ... }
if (reason === api.RecollectionReason.EXPIRED) { ... }

// Avoid — raw strings are not guaranteed stable
if (status === 'COLLECTED') { ... }

If you need your own string identifiers, map from the SDK constants:

var myStatus =
  status === api.ConsentStatus.PENDING              ? 'MY_PENDING'
  : status === api.ConsentStatus.COLLECTED          ? 'MY_COLLECTED'
  : status === api.ConsentStatus.RECOLLECTION_REQUIRED ? 'MY_RECOLLECTION'
  : null;

This guidance applies to all constant fields returned from SDK APIs.

Consented Categories

Get categories snapshot

var categories = api.getConsentedCategories();

if (categories) {
  categories.forEach(function (category) {
    // category.ConsentGiven
    // category.PluginPreferences
  });
}

Example category shape:

{
  "ConsentGiven": true,
  "PluginPreferences": [
    {
      "ComplianceType": "Google Analytics",
      "ComplianceTypeID": "10234",
      "IsBlockEnabled": false
    }
  ]
}

Resolve per-plugin blocked status

Secure Privacy automatically handles script blocking for tracked plugins based on user consent — no manual intervention is required for standard use cases.

If your app needs to explicitly check the consent decision for a specific plugin (for example, to conditionally enable or disable a feature tied to that plugin), use resolvePluginBlockedStatus(identifier). It matches case-insensitively by plugin display name (ComplianceType) or plugin ID (ComplianceTypeID), using the current consent structure as the source of truth.

var blocked = api.resolvePluginBlockedStatus("Google Analytics");

if (blocked === false) {
  // Plugin is allowed — activate the feature
  enableAnalytics();
} else if (blocked === true) {
  // Plugin is blocked — deactivate the feature
  disableAnalytics();
} else {
  // Plugin not declared in the CMP configuration — treat as indeterminate
}

Return value	Meaning
`false`	Plugin is allowed
`true`	Plugin is blocked
`null`	Plugin not found in current CMP config

Customization Options

The consent banner includes a Customize button that lets users adjust their consent preferences per category. When tapped, it opens the Preference Centre, where users can:

View a list of compliance categories and their associated plugins/services.
Enable or disable consent for individual categories.

You can also open the Preference Centre programmatically at any point — for example, from a “Privacy Settings” button in your app’s UI:

window.addEventListener('sp:sdk-ready', function (event) {
  var api = event.detail.api;

  document.getElementById('privacy-settings-btn')
    .addEventListener('click', function () {
      api.openPreferenceCenter();
    });
});

To close it programmatically (e.g. when the user presses BACK on the remote):

api.hidePreferenceCenter();

Use api.isOverlayVisible() to pause your own host-page D-pad navigation while the Preference Centre is open:

document.addEventListener('keydown', function (e) {
  if (api.isOverlayVisible()) return; // SDK handles focus — do not interfere
  // ... your own navigation logic
});

Essential Services

You can mark certain services as essential. These services will not be optional for the user to deny, ensuring compliance with the app’s required functionalities.

The Preferences screen also includes tabs showcasing content related to the app’s privacy and cookie policies. This ensures users have access to essential information regarding their data handling.

Data Requests

Users can submit a request for their data by filling out a form in the Request Data section. This feature helps manage user data requests in compliance with privacy regulations.