Intro
The Omnisend Cookie Consent API allows you to send visitor cookie consent signals to Omnisend and conditionally control which features are activated based on the consent categories granted. This helps your website comply with privacy regulations such as GDPR and ePrivacy.
InfoThe Cookie Consent API requires the Omnisend Javascript snippet to be installed on your website.
If you already have connected your store with Omnisend - you have already added this snippet.
Get consent API
To start working with cookie consent, retrieve the API instance:
const api = __omnisendCookieConsent.getConsentAPI();If your script may load before the Omnisend snippet, use the wait option to poll until it becomes available:
const api = await __omnisendCookieConsent.getConsentAPI({ wait: true });When wait is true, the function returns a Promise that resolves to the API or null on timeout (default 10 seconds).
Consent categories
Omnisend recognizes the following cookie consent categories:
| Category | Type | Mandatory | Description |
|---|---|---|---|
| necessary | boolean | Yes | Always true when consent exists. Required cookies that cannot be opted out of |
| analytics | boolean | No | Analytics, tracking, and performance cookies |
| marketing | boolean | No | Marketing and advertising cookies |
| preferences | boolean | No | User preference and settings cookies |
The necessary category is always true when any consent has been set. The optional categories (analytics, marketing, preferences) can be individually toggled by the visitor.
How consent categories affect Omnisend behavior
Currently, only the marketing category has an observable effect on Omnisend behavior. It controls whether tracking cookies are placed and whether forms render in full or fallback mode.
The analytics and preferences categories are reserved for future use and currently have no effect on Omnisend behavior.
The actual behavior depends on the combination of your store's Tracking By Default setting and the current consent state:
| Tracking By Default | Consent state | Behavior |
|---|---|---|
| ON (opt-out) | null (never set) | Tracking cookies placed; full forms render |
| ON (opt-out) | marketing: true | Tracking cookies placed; full forms render |
| ON (opt-out) | marketing: false | Tracking cookies removed; fallback forms render |
| OFF (opt-in) | null (never set) | No cookies; fallback forms render |
| OFF (opt-in) | marketing: true | Tracking cookies placed; full forms render |
| OFF (opt-in) | marketing: false | No cookies; fallback forms render |
InfoTracking By Default ON (opt-out model): Omnisend places tracking cookies by default. Cookies are removed only when the visitor explicitly declines marketing consent. If no consent signal is sent, tracking proceeds as normal.
Tracking By Default OFF (opt-in model): Omnisend does not place tracking cookies until the visitor explicitly grants marketing consent. If no consent signal is sent, no tracking occurs.
To learn more about Omnisend tracking cookies and how to change the Tracking By Default mode, see Manage Omnisend tracking cookies.
How consent state works
Consent state is held in memory only. Omnisend does not persist consent to cookies, localStorage, or any other storage. The state starts as null on every page load and remains null until setConsent() is called.
Your Consent Management Platform (CMP) is the source of truth for the visitor's consent choices. On each page load, the CMP must call setConsent() to pass the current consent state to Omnisend. When the visitor updates their preferences mid-session, call setConsent() again with the new values.
Send consent signal
Use api.consentManager.setConsent() to send the visitor's cookie consent choices to Omnisend. Call this method on every page load once your CMP has resolved the visitor's consent, and again whenever the visitor updates their decision:
api.consentManager.setConsent({
necessary: true,
analytics: true,
marketing: false,
preferences: true
});Note: The
necessaryproperty must always betrue. Optional categories that are omitted are treated as not consented.
Revoking consent
When the marketing category changes from true to false (either via a new setConsent() call or when consent is set for the first time with marketing: false), Omnisend immediately:
- Removes tracking cookies -- all Omnisend tracking cookies are deleted from the visitor's browser.
- Switches forms to fallback rendering -- Omnisend forms that rely on marketing consent degrade to a fallback version that does not set tracking cookies.
- Stops behavioral tracking -- no further browsing behavior is recorded for the visitor until marketing consent is granted again.
These side effects happen synchronously when setConsent() is called. There is no delay or asynchronous cleanup.
Get current consent
Check a specific category
Use api.hasConsent() to check whether the visitor has granted consent for a specific category:
if (api.hasConsent('analytics')) {
// Analytics consent granted
}
if (api.hasConsent('marketing')) {
// Marketing consent granted
}Returns true if consent is granted for the given category, false otherwise. When no consent has been set yet (state is null), hasConsent() returns false for all categories.
To distinguish between "consent denied" and "consent not yet decided," use getConsent() — it returns null when no consent choice has been made:
const consent = api.consentManager.getConsent();
if (consent === null) {
// Visitor has not made a consent choice yet
} else if (!consent.marketing) {
// Visitor has explicitly denied marketing consent
}Get full consent object
Use api.consentManager.getConsent() to retrieve the full consent state:
const consent = api.consentManager.getConsent();
if (consent) {
// consent.necessary is always true
// consent.analytics — true/false/undefined
// consent.marketing — true/false/undefined
// consent.preferences — true/false/undefined
}Returns the consent object or null if the visitor has not yet made a consent choice.
Subscribe to consent changes
Use api.consentManager.subscribeConsent() to register a callback that fires whenever the visitor updates their consent preferences:
const unsubscribe = api.consentManager.subscribeConsent((consent) => {
if (consent?.analytics) {
// Activate analytics
}
if (consent?.marketing) {
// Activate marketing
}
});- The handler is called only on future changes, not on subscribe.
- Call the returned function to unsubscribe from further updates.
API reference
The API is organized in two levels. The api object exposes a convenience method (hasConsent) alongside the consentManager namespace, which holds the full consent lifecycle methods:
| Method | Description |
|---|---|
__omnisendCookieConsent.getConsentAPI(options?) | Get the consent API instance |
Top-level (api) | |
api.hasConsent(category) | Check if a specific category has consent. Returns false when consent has not been set |
Consent manager (api.consentManager) | |
api.consentManager.setConsent(consent) | Send consent signal to Omnisend |
api.consentManager.getConsent() | Get the current consent object or null |
api.consentManager.subscribeConsent(handler) | Subscribe to consent changes (returns unsubscribe function) |