Multi-Banner Support

Overview

Some apps are legally required to collect more than one type of consent on the same domain. A common example is a standard cookie consent banner for GDPR/CCPA compliance combined with a separate VPPA (Video Privacy Protection Act) banner shown only on video playback pages.

The SecurePrivacy SDK only manages one consent context at a time. To support multiple independent banners without rebuilding the SDK, the Tizen TV wrapper provides the appPrefix option. This creates an isolated set of localStorage keys for each banner context so that consent from one context never interferes with another.

How appPrefix Works

When appPrefix is set the wrapper intercepts the standard sp_consent, sp_expiry, and sp_dynamic localStorage keys and replaces them with prefixed equivalents before the Core SDK script reads them.

Standard key	With `appPrefix: 'cookie'`	With `appPrefix: 'vppa'`
`sp_consent`	`sp_cookie_consent`	`sp_vppa_consent`
`sp_expiry`	`sp_cookie_expiry`	`sp_vppa_expiry`
`sp_dynamic`	`sp_cookie_dynamic`	`sp_vppa_dynamic`

On each page load the wrapper follows this logic:

Prefixed consent exists → restores it into the canonical keys (sp_consent, sp_expiry) and marks sp_dynamic.saved = true so the SDK reads the previously collected consent and skips the banner.
No prefixed consent → clears the canonical keys and resets sp_dynamic.saved = false so the SDK shows the banner fresh for this context.
After the user consents → the wrapper automatically saves the new consent back to the prefixed keys via the sp_cookie_banner_save / sp_privacy_banner_save events.

This means consent expiry is also handled correctly — each prefix’s sp_*_expiry timestamp is checked independently, and expired consent causes the banner to be shown again for that context only.

Script Loading Order

<head>
  <!-- 1. SPTizenConfig — set appPrefix BEFORE the wrapper loads -->
  <script>
    window.SPTizenConfig = { appPrefix: 'cookie' };
  </script>

  <!-- 2. Tizen TV Wrapper — BEFORE the Core SDK -->
  <script src="https://tv.secureprivacy.ai/sp-tizen-wrapper.min.js"></script>

  <!-- 3. SecurePrivacy Core SDK — loaded after the wrapper has prepared localStorage -->
  <script src="https://app.secureprivacy.ai/script/YOUR_COOKIE_APP_SCRIPT_ID.js"></script>
</head>

If the Core SDK loads first, the wrapper prints a warning and the banner-show decision for that page-load cannot be corrected.

<head>
  <script>
    window.SPTizenConfig = { appPrefix: 'cookie' };
  </script>
  <script src="https://tv.secureprivacy.ai/sp-tizen-wrapper.min.js"></script>
  <script src="https://app.secureprivacy.ai/script/COOKIE_APP_SCRIPT_ID.js"></script>
</head>

<head>
  <script>
    window.SPTizenConfig = { appPrefix: 'vppa' };
  </script>
  <script src="https://tv.secureprivacy.ai/sp-tizen-wrapper.min.js"></script>
  <script src="https://app.secureprivacy.ai/script/VPPA_APP_SCRIPT_ID.js"></script>
</head>

Each page loads its own SecurePrivacy app script with its own prefix. The two consent contexts remain completely isolated; navigating between pages never causes one banner to suppress the other.

The SPTizenAPI instance available after sp:sdk-ready reads automatically from the active prefix’s keys. No extra setup is needed.

window.addEventListener('sp:sdk-ready', function (event) {
  var api = event.detail.api;

  // All of these read from the prefixed keys automatically
  var status  = api.getConsentStatus();     // reads sp_vppa_consent / sp_vppa_expiry
  var expiry  = api.getConsentExpiry();
  var expired = api.isConsentExpired();
  var blocked = api.resolvePluginBlockedStatus('Video Analytics Service');

  if (status === api.ConsentStatus.COLLECTED && blocked === false) {
    startVideoTracking();
  }
});

onConsentChange saves the new consent to the prefixed keys automatically and delivers a full snapshot:

api.onConsentChange(function (snapshot) {
  if (snapshot.status === api.ConsentStatus.COLLECTED) {
    // VPPA (or cookie) consent was just collected — enable the relevant feature
    const isBlocked = api.resolvePluginBlockedStatus('Video Analytics Service');
    if (isBlocked === false) {
      enableVideoPlayback();
    } else {
      disableVideoPlayback();
    }
  } else if (snapshot.status === api.ConsentStatus.RECOLLECTION_REQUIRED) {
    // Prior consent expired — the banner will be shown again automatically
    pauseVideoPlayback();
  }
});

Expiry is tracked independently per prefix:

sp_cookie_expiry — expiry timestamp for the cookie consent context.
sp_vppa_expiry — expiry timestamp for the VPPA consent context.

When the stored expiry timestamp passes Date.now() the wrapper clears the canonical keys on the next page load, the SDK shows the banner again, and api.getConsentStatus() returns RECOLLECTION_REQUIRED until new consent is collected.

if (api.isRecollectionRequired()) {
  // VPPA consent has expired — the banner will re-appear automatically
  showRecollectionMessage();
}

You do not need to manage expiry manually — the wrapper and SPTizenAPI handle it end-to-end.

Limitations

One context per page. Do not include more than one appPrefix or more than one Core SDK script tag on the same page. Mixing contexts on a single page causes the SDK instances to overwrite each other’s canonical keys.
Secondary apps need at least one package. The VPPA (or any secondary) app must have at least one plugin/package configured in the SecurePrivacy CMP dashboard. Unlike the web scanner that automatically discovers packages on your site, mobile and TV apps require manual configuration.
SPTizenConfig must be set before the wrapper. Any change to window.SPTizenConfig after sp-tizen-wrapper.min.js has executed is ignored.

Multi-Banner Support

Overview

How appPrefix Works

Script Loading Order

Usage Example: Cookie + VPPA

Home / general pages — cookie consent

Video playback pages — VPPA consent

Reading Consent per Context

Reacting to Consent Changes

Consent Expiry

Limitations