IAB TCF

0.2.2 verified Mon Apr 27 auth: no python

A Python implementation of the IAB Transparency and Consent Framework (TCF) consent strings, supporting both v1.1 and v2. Current version: 0.2.2, with Python 3.6+ support. Low release cadence.

pip install iab-tcf

Common errors

error AttributeError: 'TCString' object has no attribute 'get_vendors_allowed' ↓

cause Using v1 method on v2 TCString object.

fix

Use .vendor_consents property instead of .get_vendors_allowed() for v2 strings.

error ModuleNotFoundError: No module named 'bitarray' ↓

cause The dependency 'bitarray-hardbyte' is missing or not installed correctly.

fix

Run 'pip install iab-tcf' which will install bitarray-hardbyte automatically. If manually installing, use 'pip install bitarray-hardbyte'.

error ValueError: invalid literal for int() with base 10: '' ↓

cause Passing an empty or malformed consent string to TCString.

fix

Ensure the consent string is a valid base64-encoded IAB string. Example: 'CPzA4hAPzA4hAAGABBENAtEgAAAAAAAAAAYgAAAAAA'.

Warnings

gotcha The library uses 'vendor_consents' property for v2, but 'get_vendors_allowed' for v1. Mixing them causes AttributeError. ↓

fix Check version: v2 strings use properties like .vendor_consents and .purpose_consents; v1 uses methods like .get_vendors_allowed().

gotcha Encoding a v1 string requires setting many fields manually; skipping required fields leads to incomplete or invalid strings. ↓

fix Always set version, created, last_updated, cmp_id, cmp_version, consent_screen, consent_language, vendor_list_version, tcf_policy_version, purpose_allowed, and vendors_allowed.

gotcha The bitarray-hardbyte dependency is not a typo; it's a fork of bitarray. Installing without it or using standard bitarray will fail. ↓

fix Ensure bitarray-hardbyte is installed, not bitarray. pip install iab-tcf handles this automatically.

deprecated v1.1 support is deprecated in the IAB standard; the library still supports it but it's recommended to use v2 only. ↓

fix Use TCString for v2 strings instead of ConsentString when possible.

Imports

TCString

wrong

from iab_tcf.tcstring import TCString

correct

from iab_tcf import TCString

TCString is exposed at top level

ConsentString

wrong

from iab_tcf.consent import ConsentString

correct

from iab_tcf import ConsentString

ConsentString is also top level

Quickstart

Decode a v2 string and encode a v1 string.

from iab_tcf import TCString, ConsentString

# Decode a v2 consent string
tc_string = "CPzA4hAPzA4hAAGABBENAtEgAAAAAAAAAAYgAAAAAA"
tc = TCString(tc_string)
print("Vendor consents:", tc.vendor_consents)
# Encode a v1 consent string
from datetime import datetime
cs = ConsentString()
cs.set_version(1)
cs.set_created(datetime.now())
cs.set_last_updated(datetime.now())
cs.set_cmp_id(1)
cs.set_cmp_version(1)
cs.set_consent_screen(1)
cs.set_consent_language("EN")
cs.set_vendor_list_version(1)
cs.set_tcf_policy_version(1)
cs.set_purpose_allowed([1,2])
cs.set_vendors_allowed([1,2])
encoded = cs.encode()
print("Encoded v1 string:", encoded)