Customer Privacy API
The Customer Privacy API is a browser-based, JavaScript API that you can use to verify data processing permissions or build a cookie consent banner.
This API is used to apply consent decisions to Shopify-managed surfaces, like pixels, audiences, and checkout.
Refer to the full list of cookies that Shopify uses.
Anchor to What you'll learnWhat you'll learn
Check what processing is allowed
To build a cookie banner
- Load the Customer Privacy API
- Collect and set consent
- Custom storefront installation
- Control the cookie banner
Anchor to Loading the Customer Privacy APILoading the Customer Privacy API
To use the Customer Privacy API, you must load it using loadFeatures
as follows:
The second argument to loadFeatures
is a callback that indicates that the API has loaded. When invoked without an error, the API is globally available at window.Shopify.customerPrivacy
.
Anchor to Check data processing permissionsCheck data processing permissions
Collecting data without consent might not comply with applicable laws. Consult legal counsel to discuss the requirements that apply to your business.
To check what processing is allowed, use the Allowed
methods. These methods combine the following factors to determine what processing is allowed:
-
The current merchant settings: Is consent required in this region?
-
User location: Is the customer in a region where consent is required?
-
User consent given: Did the customer give consent for a specific purpose?
You can check for permission by calling the API or with an event listener.
The default permissions state depends on how merchants have configured their privacy settings. For regions that are configured to require consent, non-essential purposes are not allowed by default until consent is given. For other regions, the default behavior is to allow all processing purposes.
Anchor to Call the APICall the API
The Customer Privacy API offers the following methods to check if data can be processed:
These methods return true
/ false
if permission is given for the following:
preferencesProcessingAllowed
: customer preferences such as language, currency, size, and more.analyticsProcessingAllowed
: customer analytics about how the storefront was used and interactions made on the storefront.marketingAllowed
: Marketing, attribution and targeted advertising from the merchant.saleOfDataAllowed
: Sharing data with third parties, usually for behaviorial advertising.
Anchor to Use an event listenerUse an event listener
The Customer Privacy API publishes the document event visitorConsentCollected
when consent changes.
Output
Updates are published only when consent changes, not when the listener is added.
Anchor to Check customer locationCheck customer location
You can see the detected geolocation by using the getRegion
method. It returns a ISO 3166-2-formatted string with a two character country code, followed by an optional one to three character region code. Returns an empty string if the location can't be determined.
Examples:
- "USCA": California, USA
- "CAON": Ontario, Canada
- "IEL": Leinster, Ireland
- "GBENG": England, United Kingdom
Anchor to Retrieve a Consent IDRetrieve a Consent ID
A customer can retrieve their consent id using the consendID
command. This is useful to check their consent history in the merchants consent audit log.
Anchor to Collect and register consentCollect and register consent
- Never read/modify any Shopify cookies directly or your processing will fail when new versions are released. Instead, always use this API to manage customer privacy settings.
- Recording customer consent should only be done on a visitor interaction (such as a visitor accepting or declining via a cookie banner), and never done automatically on behalf of the visitor.
To record customer consent, use the setTrackingConsent
method:
The following consent purposes are supported:
-
Preferences
: Cookies that remember customer preferences, such as country or language, to personalize visits to the website. -
Analytics
: Cookies to understand how customers interact with the site. -
Marketing
: Cookies to provide ads and marketing communications based on customer interests.See the Shopify Cookie Policy for the full list of cookies used by Shopify.
You can set one or more consent signals at once:
Output
Output
Anchor to Collect and register data sale / sharing opt-outCollect and register data sale / sharing opt-out
Data sale / sharing opt-out should be managed in an opt-out flow started by customers, instead of an opt-in flow that activates immediately upon page load.
To record a customer's opt-out from data sale / sharing, use the setTrackingConsent
method with the sale_of_data
option:
Data sale opt-outs should be initiated by the customer, not presented immediately with a banner. For this reason, true
allows data sale / sharing and false
blocks data sale / sharing when requested by a customer.
Data sale / sharing opt-out is enforced independently from consent, and caution is advised when combining them.
To opt a Customer out of server-side data sale / sharing use the dataSaleOptOut GraphQL API.
The GPC signal is automatically collected and honored in regions configured for data sale opt-out and cannot be adjusted through setTrackingConsent
.
Output
Anchor to MetafieldsMetafields
You can save custom data to this API using the optional metafields
argument, which is also available through checkout UI extensions.
Metafields
takes an Array
containing an object with two keys:
key
: A string containing the key used to identify this value. This value must be 25 characters or less.value
: A string containing the value.Null
may be passed to delete the key. This value must be 100 characters or less. Themetafields
object must be less than 250 characters in total.
Anchor to Custom storefrontsCustom storefronts
For custom storefronts, pass the following additional parameters to the setTrackingConsent
method:
-
headlessStorefront
:true
, -
checkoutRootDomain
: Your checkout domain -
storefrontRootDomain
: Your storefront domain -
storefrontAccessToken
: Your Storefront API access tokenLearn more about installing the Customer Privacy API into a custom storefront.
Anchor to Check consent givenCheck consent given
Check users' consent decisions by calling the currentVisitorConsent
method. This returns the preferences selected by the users and doesn't include critical information like location and merchant configuration.
Use the Allowed
methods to check what processing is allowed. They combine several factors missing from the currentVisitorConsent
method.
Output
'yes'
- the current visitor has actively granted consent.'no'
- the current visitor has actively denied consent.''
(empty string) - the current visitor has not yet granted or denied consent.
To check if a cookie consent banner should be displayed to the current customer, use shouldShowBanner
. This method indicates if the current customers is in a region that's configured to show a cookie banner.
The method doesn't indicate if consent has already been given.
Output
This is true
if consent isn't already set and the visitor is in a region showing consent.
Anchor to Check if data sale opt out is availableCheck if data sale opt out is available
To check if the current customer is eligible for data sale opt-out, use the saleOfDataRegion
method. This method indicates whether the current customers is in a region configured for data sale opt outs.
Output
This is true
if the visitor is from a region that requires data sale opt-outs.
When the Shopify cookie banner is enabled, it displays in the configured regions and automatically passes consent to this API.
If you're using an app to provide cookie banners, then contact the app's developer to understand where the consent banner is rendered.
Learn more about configuring a cookie banner.
Anchor to Regions showing data sale opt outRegions showing data sale opt out
When the data sale opt out page is enabled, the opt out form is available to visitors from the configured regions, which is usually US states. In these regions, the Global Privacy Control (GPC) is honored automatically, sale_of_data
will be set to false
, refer above for details.
Anchor to Installation on a custom storefrontInstallation on a custom storefront
To integrate into a custom storefront, you need to load the correct JavaScript asset, pass additional parameters, and update the storefront's content security policy.
Anchor to AssetsAssets
Include the Customer Privacy JavaScript asset, either by itself or bundled with a consent banner using one of the following:
-
Customer Privacy API bundled with the Shopify Cookie Banner
When using an app, the developers might provide a different bundled asset.
Anchor to DomainsDomains
Identify the following domains:
-
Storefront: This is the domain of your storefront. For example,
hydrogen.shop
. -
Checkout: The domain where customers check out. For example,
checkout.hydrogen.shop
.If your custom storefront uses Hydrogen, then you can find these values in the Shopify admin, at Settings -> Domains.
When you build your query, use the checkout domain as the value for
checkoutRootDomain
. For example,checkout.hydrogen.shop
.For
storefrontRootDomain
, always use the shared, top level domain. For example,hydrogen.shop
.Your checkout should be within the same root domain as the storefront so that it can read cookies set on the storefront domain - otherwise checkout will not be able to read and respect visitor consent given on your storefront.
For example, in the following scenarios, checkout honours consent that's given on the storefront:
-
If your storefront is hosted on
hydrogen.shop
and the checkout is oncheckout.hydrogen.shop
, consent will be honored on checkout. -
If your storefront is hosted on
landing.hydrogen.shop
and the checkout is onhydrogen.shop
, consent will be honored on checkout. -
If your storefront is hosted on
hydrogen.shop
and the checkout is onexample.com
, consent management will not be honored on checkout, as cookies cannot be read across domains.
Anchor to Storefront API tokenStorefront API token
Our consent API will contact Shopify servers to manage consent using the Storefront API which needs a Storefront API token.
Anchor to Updating your Content Security PolicyUpdating your Content Security Policy
The Customer Privacy API (and the Shopify Cookie banner if used) will POST
to the Storefront API at the checkout domain.
This domain needs to be allowed in your Content Security Policy. This can be done manually in your server, or configured for Oxygen.
Anchor to Setting ConsentSetting Consent
To pass consent to the Customer Privacy API, load the Customer Privacy API and pass the additional arguments to setTrackingConsent
:
Refer to setTrackingConsent
for details on this method.
When using the Shopify Cookie banner, initialize the banner with the following configuration (this will automatically pass consent to the Customer Privacy API):
Re-show the consent preferences modal (requires the storefront-banner.js
script, same as above):
Anchor to Data sale / sharing opt outsData sale / sharing opt outs
To set data sale / sharing opt outs, integrate as above, but pass sale_of_data
instead of marketing
, analytics
, and preferences
arguments to setTrackingConsent()
, with the desired preference (usually false
after the visitor opts out in the form):
These API methods let you control and interact with the Shopify cookie banner at runtime.
Anchor to Showing the preferences modalShowing the preferences modal
You can show the preferences modal of the Shopify cookie banner using the showPreferences()
method:
Anchor to Upgrading the Customer Privacy APIUpgrading the Customer Privacy API
The Customer Privacy API is backwards compatible.
Anchor to Collecting ConsentCollecting Consent
You must decide how to map the consent you collect in your banner to the four consent signals used by Shopify. The following snippet shows the backwards compatibility between the legacy Boolean argument and the new granular argument.
Two methods have been renamed to generalize their use:
Anchor to Migrating data processing permission checksMigrating data processing permission checks
Data processing has been separated into granular use. You must decide how to map your processing needs to one of the data processing purposes provided by Shopify.
userCanBeTracked
and userDataCanBeSold
use the following consent signals to determine if consent has been granted:
userCanBeTracked
: Analytics and marketing both must be accepted (when required)userDataCanBeSold
: Sale of data must not be rejected
Anchor to Legacy documentationLegacy documentation
This documentation is here for historical reference. Do not begin any new integrations with the methods in this section. You should begin migrating away from these methods using the document in Upgrading the Customer Privacy API
You can use this method to determine if you should show a GDPR banner.
Anchor to Request dataRequest data
window.Shopify.customerPrivacy.shouldShowGDPRBanner();
Anchor to ResponseResponse
This method returns a boolean value that indicates if you should show a GDPR banner.
The response aggregates the visitor’s location, the app user's preference, and whether the visitor has already provided a consent value in the past year.
Visitor consent provided in past year | Visitor in EU | App user limits tracking for customers in Europe | Boolean value |
---|---|---|---|
Not applicable | Not applicable | ✘ | false |
✘ | ✔ | ✔ | true |
✘ | ✘ | ✔ | false |
✔ | ✔ | ✔ | false |
✔ | ✘ | ✔ | false |
Anchor to setTrackingConsent(consent: boolean, callback: function)set Tracking Consent(consent: boolean, callback: function)
You can use this method to set a buyer's response to a tracking consent request.
Anchor to Request dataRequest data
window.Shopify.customerPrivacy.setTrackingConsent(consent: boolean, callback: function);
Request parameters:
Name | Type | Description |
---|---|---|
consent | boolean | Indicates the buyer's response to the tracking consent request. You can obtain the response using a banner UI element or other similar mechanism. If set to true , then the API returns a custom event called trackingConsentAccepted . If set to false , then no custom event is returned but the callback function is still executed. |
callback | function | A function that executes after the API has set tracking consent. You can use this function to hide the UI banner element or execute a similar task. |
Example request:
The following example request shows a JavaScript function that sets consent
to true
and executes another function to hide the banner.
Anchor to ResponseResponse
The API executes the callback function and optionally emits a custom event called trackingConsentAccepted
.
Example response:
A successful request returns an empty object:
If there is an error with the request, then an error object is returned:
Anchor to Visitor trackingVisitor tracking
This documentation is here for historical reference. Do not begin any new integrations with the methods in this section. You should begin migrating away from these methods using the document in Upgrading the Customer Privacy API
You can use the Customer Privacy API to check if customers have consented to be tracked and if app users have decided to disallow the sale of visitor data. Your implementation must include a loading pattern to ensure that the API is available. For visitor tracking consent, you should implement a mechanism for listening to consent collection events that can fire asynchronously on the page, to ensure that you don't miss any tracking opportunities.
You can use the following methods for consent collection:
-
userCanBeTracked(): boolean
- Covers the scenario of tracking a visitor (GDPR). -
userDataCanBeSold(): boolean
- Covers the scenario of selling visitor data (CCPA).If
userCanBeTracked
is set tofalse
, then the following behaviour must be observed: -
No persistent, non-essential cookies should be set
-
No data should be emitted to third-party platforms
If
userDataCanBeSold
is set tofalse
, then the following behaviour must be observed: -
Data can be emitted (if tracking isn't blocked)
-
Data can't be sold to third-parties
If the Customer Privacy API isn't available, then tracking and data emission can proceed. All methods should be preceded with a check that the API is available before checking that tracking or sale of data is blocked.
Example API check:
if (!window.Shopify.customerPrivacy || window.Shopify.customerPrivacy.userCanBeTracked()) { startTracking() }
You can use this method to return whether the storefront visitor has consented to be tracked.
Anchor to Request dataRequest data
window.Shopify.customerPrivacy.userCanBeTracked();
Anchor to ResponseResponse
The API returns a boolean value that indicates whether a user can be tracked.
The response aggregates the visitor’s consent and location, as well as the app user's preference.
Visitor consent | Visitor in EU | App user limits tracking for customers in Europe | Boolean value |
---|---|---|---|
Not applicable | Not applicable | ✘ | true |
✔ | ✔ | ✔ | true |
✔ | ✘ | ✔ | true |
✘ | ✔ | ✔ | false |
✘ | ✘ | ✔ | false |
Undeclared | ✔ | ✔ | false |
Undeclared | ✘ | ✔ | true |
Anchor to Listening for consent collectionListening for consent collection
A trackingConsentAccepted
event fires when positive tracking consent is collected on the page.
By listening for this event and calling your custom start tracking method when it fires, you avoid any possible data loss due to missing asynchronous consent collection.
Use this method to determine if the app user has explicitly disallowed selling data to third parties for visitors located in California or Virginia. This enables compliance with the CCPA and VCDPA.
Anchor to Request DataRequest Data
window.Shopify.customerPrivacy.userDataCanBeSold();
Anchor to ResponseResponse
The API returns a Boolean value indicating whether data can be sold to third parties for visitors located in California (CA) or Virginia (VA).
The API response aggregates the app user's preferences and the visitor’s location. However, you can't use the API to enable visitors to opt-out of the sale of their data.
User consent | Visitor in CA or VA | App user limits the third-party sale of CA or VA customers’ data | Boolean value |
---|---|---|---|
Not applicable | ✔ | ✔ | false |
Not applicable | ✘ | ✔ | true |
Not applicable | ✔ | ✘ | true |
Not applicable | ✘ | ✘ | true |