Set cookie consent status

Record or update the customer's cookie consent status.

After customers save their cookie preferences within a GDPR Cookie Consent banner, you can call this API to update their cookie consent status.

Request

API path

POST https://{handle}.myshopline.com/api/privacy/set_tracking_consent

note

handle indicates the store's unique identifier, which corresponds to the prefix of the store's domain name. For example, if a store's domain name is open001.myshopline.com, the store handle is open001.

Request headers

ParameterTypeRequiredDescription
Content-TypeStringYesThe value of this parameter is fixed to application/json.
CookieStringYesThe cookies from the merchant's storefront. The value of this parameter must include the _tracking_consent and _cmp_a cookies. Both cookie values must be valid, URL-encoded JSON strings.

Request body

ParameterTypeRequiredDescription
preferencesBooleanYesWhether to allow the use of functionality cookies.
  • true: Allow the use of functionality cookies.
  • false: Do not allow the use of functionality cookies.
Functionality cookies allow the website to remember the username and user choices, such as country, region, and language, in order to provide a personalized experience.
analyticsBooleanYesWhether to allow the use of performance cookies.
  • true: Allow the use of performance cookies.
  • false: Do not allow the use of performance cookies.
Performance cookies anonymously collect data on how the customer interacts with the website, in order to analyze and optimize website performance.
marketingBooleanYesWhether to allow the use of targeting and advertising cookies.
  • true: Allow the use of targeting and advertising cookies.
  • false: Do not allow the use of targeting and advertising cookies.
Targeting and advertising cookies allow advertisers to track the customer across different websites to display relevant ads and measure ad performance.
max_ageIntegerNoThe validity period of the consent status cookies (_tracking_consent and _cmp_a). Unit: seconds.
Value range: 1-31536000.
Default value: 31536000 (365 days)

Response

Response headers

ParameterTypeDescription
Set-CookieStringThe updated _tracking_consent cookie, used to record the customer's consent status. The value is a URL-encoded JSON string.
Example: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%221%22%2C%22p%22%3A%221%22%2C%22s%22%3A%221%22%2C%22m%22%3A%221%22%7D%7D%2C%22lim%22%3A%5B%22GDPR%22%5D%2C%22v%22%3A%222.1%22%7D; Path=/; Max-Age=3600
Set-CookieStringThe updated _cmp_a cookie, used to record the details of the customer's consent status. The value is a URL-encoded JSON string.
Example: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Atrue%2C%22merchant_geo%22%3A%22DE%22%2C%22sale_of_data_region%22%3Afalse%7D; Path=/; Max-Age=3600; SameSite=Lax

Response body

ParameterTypeDescription
codeStringThe response code indicating the processing result of the request. Valid values are:
  • SUCCESS: The API call completes successfully.
  • INVALID_ARGUMENT: The request includes invalid parameters.
successBooleanWhether the API call completes successfully.
  • true: The API call completes successfully.
  • false: The API call fails.
messageStringReturns a list of cleared cookies or an error description.
  • If the request succeeds, this parameter returns a list of cleared cookies. Example: clear = _ga,_fbp. If no cookie is cleared, this parameter returns clear =.
  • If the request fails, this parameter returns error details.
dataBooleanWhether the consent status cookies are updated and whether the unconsented cookies are deleted.
  • true: The consent status cookies are updated, and the unconsented cookies are deleted.
  • false: The consent status cookies are not updated, and the unconsented cookies are not deleted. Check the message field for error details.

Examples

Success example

This successful request updates the _tracking_consent and _cmp_a cookies and deletes the unconsented cookies.

Request

curl --location --request POST 'https://your-handle.myshopline.com/api/privacy/set_tracking_consent' \
  --header 'Content-Type: application/json' \
  --header 'Cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%221%22%2C%22p%22%3A%221%22%2C%22s%22%3A%221%22%2C%22m%22%3A%221%22%7D%7D%2C%22lim%22%3A%5B%22GDPR%22%5D%2C%22v%22%3A%222.1%22%7D; _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Atrue%2C%22merchant_geo%22%3A%22DE%22%2C%22sale_of_data_region%22%3Afalse%7D' \
  --data-raw '{
    "preferences": true,
    "analytics": false,
    "marketing": false,
    "max_age": 86400
}'

Response headers

Set-Cookie
_tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%220%22%2C%22p%22%3A%221%22%2C%22s%22%3A%22%22%2C%22m%22%3A%220%22%7D%7D%2C%22lim%22%3A%5B%22GDPR%22%5D%2C%22v%22%3A%222.1%22%2C%22reg%22%3A%22GDPR%22%7D; Path=/; Max-Age=86400
Set-Cookie
_cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Afalse%2C%22p%22%3Atrue%2C%22m%22%3Afalse%2C%22t%22%3Afalse%7D%2C%22display_banner%22%3Atrue%2C%22merchant_geo%22%3A%22%22%2C%22sale_of_data_region%22%3Afalse%7D; Path=/; Max-Age=86400; SameSite=Lax

Response body

{
  "code": "SUCCESS",
  "success": true,
  "message": "clear = n_u,lp_url,n_sess",
  "data": true
}

Failure example 1

This request fails to update the cookie consent status because the required request body parameters (preferences, analytics, and marketing) are missing.

Request

curl --location --request POST 'https://your-handle.myshopline.com/api/privacy/set_tracking_consent' \
--header 'Cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%221%22%2C%22p%22%3A%221%22%2C%22s%22%3A%221%22%2C%22m%22%3A%221%22%7D%7D%2C%22lim%22%3A%5B%22GDPR%22%5D%2C%22v%22%3A%222.1%22%7D; _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Atrue%2C%22merchant_geo%22%3A%22DE%22%2C%22sale_of_data_region%22%3Afalse%7D' \
--header 'Content-Type: application/json' \
--data-raw '{}'

Response body

{
  "code": "INVALID_ARGUMENT",
  "success": false,
  "message": "The consent or analytics parameter is empty",
  "data": false
}

Failure example 2

This request fails to update the cookie consent status because the required cookies (_tracking_consent and _cmp_a) are missing in the request headers.

Request

curl --location --request POST 'https://your-handle.myshopline.com/api/privacy/set_tracking_consent' \
  --header 'Content-Type: application/json' \
  --header 'Cookie: ' \
  --data-raw '{
    "preferences": true,
    "analytics": false,
    "marketing": false,
    "max_age": 86400
}'

Response body

{
  "code": "SUCCESS",
  "success": true,
  "message": "error, _tracking_consent is null",
  "data": false
}
Was this article helpful to you?
SHOPLINE
SHOPLINE
SHOPLINE Enterprise
Legal
Privacy
Terms
Developer Agreement
LinkedInEmail
LinkedInEmail
© Copyright 2013-2026 SHOPLINE Limited.