Didomi Consent String & Signature

What is the Didomi Consent String (DCS)?

The Didomi Consent String (DCS) is a modern and flexible consent string format, designed to offer full flexibility and compactness in representing user privacy choices. It goes far beyond the scope of traditional solutions by allowing organizations to encode and store all types of consent data in a single binary string.

While the IAB's TC String is the industry standard for TCF vendors, it only works within the IAB TCF ecosystem. The Didomi Consent String supports custom vendors and purposesnon-IAB vendorsAuthorized Technology Providers (ATPs), and more. This means you can centralize all user privacy preferences into a single, lightweight, and privacy-compliant format.

The DCS is used by Didomi SDKs across web and mobile platforms to store and share user choices efficiently. It's a foundational piece of privacy infrastructure that enables both legal compliance and high performance.

The Didomi Consent String replaces the traditional didomi_token, typically stored in cookies or local storage. It serves as Didomi’s internal storage format for user choices and can be:

  • Stored in cookies or local storage.
  • Read by Didomi SDKs, APIs, and third-party integrations.
  • Used to determine whether consent or legitimate interest applies to specific data processing activities.

Benefits of Using the DCS

  • Compact Size: Uses a binary format instead of JSON, reducing the overall cookie size to stay well below 2 KB.
  • Performance Boost: Lighter payloads improve page speed and SEO rankings.
  • Easier to Parse: No need to decode complex JSON strings client-side.

What Information is Stored in the DCS?

The Didomi Consent String contains structured, compact data that includes:

  • Header metadata: version, creation date, last update date, user ID, and sync status.
  • Purposes consent: user choices for processing their personal data for specific purposes under consent.
  • Purposes legitimate interest: user choices for processing under legitimate interest.
  • Vendors consent: user choices for allowing vendors to process data under consent.
  • Vendors legitimate interest: user choices for vendors under legitimate interest.
  • Device ID (DID): a unique device identifier (optional).
  • Organization User ID (OUID): a user ID provided by the organization, useful for syncing across devices (optional).
  • Signature: a cryptographic signature to verify the integrity and authenticity of the consent string (optional and premium).

DCS Format and Encoding Mechanisms

The Didomi Consent String uses a binary format designed for efficiency and flexibility. It supports three encoding mechanisms:

  • BitField: Ideal for compactly encoding consecutive or closely packed IDs.
  • Range: Efficient when encoding groups of IDs with gaps.
  • Fibonacci: Optimized for compressing large sets of continuous or patterned ID ranges.

Each section within a DCS (e.g., purposes or vendors) may use a different encoding mechanism, depending on the nature and distribution of the IDs. The encoding is automatically selected by the Didomi DCS library to generate the smallest and most efficient string possible.


How to Migrate to the Didomi Consent String

⚠️ Important: Brand new notices created after June 17th, 2025 will have the Didomi Consent String enabled by default. Notices created before this date must be migrated before October 2025 (exact ETA will be communicated soon). After this date, Didomi will enforce the DCS and remove support for the old didomi_token format.

➡️ If you would like to bulk migrate all your notices, please contact our support team.

Migration Steps

  1. Log in to the Didomi Console.
  2. Go to Consent Notices and select a notice to edit.
  3. Navigate to Customization → Cookies & storage → Didomi Consent String.
  4. Check the box to Enable Didomi Consent String.

Before Publishing

If your code (website or app) previously accessed didomi_token in JSON format, make sure it is updated to handle the new binary format of didomi_dcs. Refer to our developer documentation for more details.


Enabling the Signature Feature

What is the Signature?

Didomi Signature is a premium feature that adds a cryptographic seal to the consent string, ensuring the authenticity and integrity of user consent.

  • Verifies that consent data has not been tampered with.
  • Adds legal value by proving that a user’s consent is genuine and unchanged.

The signature is  a combination of a key and the signature itself.

→ Didomi uses multiple signing keys (A, B, C…) with a round-robin algorithm.

→ 🔒 If a key is compromised, it is disabled and rotated out.

→ 🧘 No service disruption during key change.

Signature example

CMEYCIQCxaQZGTjKUdeh1BfsWE1fbHoskKbOu8lqcbhQAe7pRlQIhAI80Rm3Qk6VGWNUMLD8D/VcndQ1ufw26hQsfWNgH7KjY

How to Enable the Signature

  1. Contact Didomi Support to enable the Signature feature for your organization.
  2. Once the feature is enabled, return to the Didomi Console.
  3. Navigate to the desired notice and enable Signature under Customization → Cookies & storage → Didomi Consent String.


How to Read and Decode the DCS

You can decode a Didomi Consent String using the DCS decoder, which transforms the binary string into a human-readable JSON object.

For more details on how to decode the DCS programatically visit our developer documentation.

Decoded Output Includes:

  • 📝 A full JSON object containing consent metadata, vendor/purpose selections, and timestamps.
  • 🔒 Signature verification status, if the DCS contains a cryptographic signature.

This can be useful for debugging, auditing, or proving compliance.


Questions You Might Have

  • What is the migration timeline and what happens after the deadline?
    • The Didomi Consent String is required for all notices starting September 15th, 2025. After this date, the legacy didomi_token format will no longer be supported and may break your implementation if not updated in time.
  • Can I bulk migrate all my consent notices?
    • Yes, if you would like to bulk migrate all your notices, please contact our support team for assistance.
  • Are you integrating with third-party vendors that expect the old didomi_token? You might need to coordinate timeline and format updates with your tech partners.
  • Need to decode or test a consent string? Use the DCS decoder.
  • Which platforms support the Didomi Consent String?
    • DCS is fully supported on both Web and Mobile platforms. This includes all Didomi SDKs for websites, iOS, and Android applications.

Need help? Contact support@didomi.io or visit our Developer Docs to learn more about parsing, decoding, and verifying DCS tokens.