# Consent Management (/docs/sdk/consent) ## API [#api] Consent is managed at runtime via `setConsent`: ```ts await layers.setConsent({ advertising: true, analytics: true }); // grant both await layers.setConsent({ advertising: false, analytics: true }); // only analytics await layers.setConsent({ advertising: false, analytics: false }); // revoke all ``` `setConsent` takes an object, not a boolean. Omitted keys are left unchanged (so you can update just one dimension). Read current state synchronously: ```ts layers.getConsentState(); // { advertising: boolean, analytics: boolean } layers.isAnalyticsEnabled(); // boolean layers.isAdvertisingEnabled(); // boolean ``` Under the hood the client POSTs to `/consent` to persist the state server-side and applies the same state locally so future events are gated immediately. ## What each dimension gates [#what-each-dimension-gates] * **`analytics`** — off → events are NOT enqueued or sent. Stored only if already in the queue and forcibly flushed. * **`advertising`** — off → events still flow to `sdk_events`, but the server relay skips forwarding to Meta / TikTok. (Server-side killswitches from remote config also respect this.) ## ATT (iOS) [#att-ios] Setting consent does NOT automatically request or set ATT — they're separate. See [ATT](/docs/sdk/att). The ingest endpoint accepts an `att_status` field on `/consent` requests if you want to record it alongside consent state: ```ts // React Native (wrapper does both) await Layers.requestTracking(); ``` ## CMP integrations [#cmp-integrations] The SDK doesn't ship prebuilt CMP integrations. Wire your CMP's consent callback to `layers.setConsent(...)` yourself. ## Server-side DSAR / "right to be forgotten" [#server-side-dsar--right-to-be-forgotten] DSAR requests are handled through the partner API, not the ingest endpoint. See the [audit log](/docs/organizations/audit-log) for consent-change history. ## What was removed from this page [#what-was-removed-from-this-page] Previous versions mentioned `defaultConsent` init flag, auto DNT / GPC handling, and specific CMP listeners (OneTrust, Didomi, Cookiebot). None of those are currently implemented — CMP wiring is your responsibility.