Extension
Buyer Consent
The Buyer Consent extension (dev.ucp.common.buyer_consent) enables privacy compliance for GDPR, CCPA, and other regulations.
Overview
The Buyer Consent extension provides standardized handling of privacy consent across commerce transactions. It supports GDPR, CCPA, and other privacy regulations while enabling businesses to collect necessary consents.
Extension Identifier
dev.ucp.common.buyer_consentConsent Types
marketingEmail/SMS marketing communicationsanalyticsUsage analytics and trackingpersonalizationPersonalized recommendationsthird_party_sharingSharing data with partnerscross_border_transferInternational data transferterms_of_serviceTerms and conditions acceptanceprivacy_policyPrivacy policy acknowledgmentRequired Consents
Businesses declare required consents in their profile. The checkout cannot complete without these:
{
"extensions": {
"dev.ucp.common.buyer_consent": {
"required": ["terms_of_service", "privacy_policy"],
"optional": ["marketing", "analytics", "personalization"]
}
}
}Get Consent Requirements
GET /checkout/sessions/{session_id}/consent
Authorization: Bearer {access_token}Response
{
"consent_requirements": {
"jurisdiction": "EU",
"regulation": "GDPR",
"required": [
{
"type": "terms_of_service",
"description": "I agree to the Terms of Service",
"document_url": "https://business.com/terms",
"version": "2.1"
},
{
"type": "privacy_policy",
"description": "I acknowledge the Privacy Policy",
"document_url": "https://business.com/privacy",
"version": "3.0"
}
],
"optional": [
{
"type": "marketing",
"description": "Send me promotional emails and offers",
"default": false
},
{
"type": "analytics",
"description": "Help improve our services with usage data",
"default": true
}
]
},
"current_consents": []
}Submit Consents
POST /checkout/sessions/{session_id}/consent
Content-Type: application/json
Authorization: Bearer {access_token}
{
"consents": [
{
"type": "terms_of_service",
"granted": true,
"version": "2.1"
},
{
"type": "privacy_policy",
"granted": true,
"version": "3.0"
},
{
"type": "marketing",
"granted": false
},
{
"type": "analytics",
"granted": true
}
],
"metadata": {
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"timestamp": "2025-01-15T10:30:00Z"
}
}Consent Record
Consents are recorded with full audit trail for compliance:
{
"consent_record": {
"id": "consent_abc123",
"session_id": "sess_xyz789",
"user_id": "user_123",
"consents": [
{
"type": "terms_of_service",
"granted": true,
"version": "2.1",
"timestamp": "2025-01-15T10:30:00Z"
}
],
"metadata": {
"ip_address": "192.168.1.1",
"jurisdiction": "EU",
"regulation": "GDPR"
},
"proof": {
"hash": "sha256:def456...",
"signature": "base64-signature..."
}
}
}Consent Withdrawal
POST /consent/withdraw
Content-Type: application/json
Authorization: Bearer {access_token}
{
"consent_types": ["marketing", "analytics"],
"reason": "No longer interested"
}Jurisdiction Detection
UCP automatically detects applicable jurisdiction based on:
- User's billing address
- User's shipping address
- IP geolocation
- Explicit user declaration
Supported Regulations
GDPREuropean UnionCCPACalifornia, USACPRACalifornia, USALGPDBrazilPOPIASouth AfricaPDPASingaporeError Handling
CONSENT_REQUIRED- Missing required consentCONSENT_VERSION_MISMATCH- Document version changedCONSENT_INVALID- Malformed consent dataJURISDICTION_UNAVAILABLE- Cannot determine jurisdiction
Next Steps
- Learn about Transports for API integration
- See Identity Linking for user authentication
- Explore Business Integration for compliance setup
U
Ready to Get Started?
Join the waitlist for early access to UCPStore and start building with UCP.
Join Waitlist