Skip to content
Contact Support
  • There are no suggestions because the search field is empty.

How to set up CookieYes with the Shopify Customer Privacy API

Shopify's Customer Privacy API is the consent signal that ProfitMetrics and most other Shopify apps use to decide whether tracking is allowed. CookieYes captures the visitor's consent in its banner, but you need to connect it to the Customer Privacy API so Shopify knows what was chosen. The steps below cover both ways CookieYes can be installed on a Shopify store.

What You Need

Requirement Where to find it
CookieYes account cookieyes.com — free or paid plan
Shopify store Admin access required to edit theme code or install apps
ProfitMetrics Shopify app Installed and configured

Option A — CookieYes Shopify App (recommended)

The CookieYes Shopify App from the Shopify App Store handles the Customer Privacy API wiring automatically. This is the simpler path and avoids any code in your theme.

  1. In your Shopify admin, go to Apps → search for CookieYes → install the official CookieYes app.
  2. Connect the app to your CookieYes account when prompted (or sign up directly inside the install flow).
  3. In the CookieYes dashboard, configure your banner copy, categories, and geo-targeting under Cookie Banner.
  4. Enable the Shopify Customer Privacy API toggle in the CookieYes app settings inside Shopify. This is on by default for app-based installs but worth confirming.
  5. Publish the banner and place a test order to confirm the integration is working (see Verifying the setup).
No theme code is required for this option. The app injects the banner script through Shopify's Web Pixel framework and writes consent to the Customer Privacy API on every change.

Option B — CookieYes installed via theme code

If CookieYes is installed by adding its script directly to your theme (rather than through the Shopify App), you need to add one extra line of code so consent is passed to Shopify.

Step 1 — Confirm CookieYes is loading from the theme

In your Shopify admin, go to Online Store → Themes → Edit code → open layout/theme.liquid. You should see a CookieYes script tag in the <head>, similar to:

<script id="cookieyes" type="text/javascript"
  src="https://cdn-cookieyes.com/client_data/YOUR_KEY/script.js"></script>

If this script is missing, install CookieYes from your CookieYes dashboard under Sites → Get installation code first.

 

Step 2 — Add the CookieYes Shopify bridge script

CookieYes provides a hosted script that passes consent to Shopify's Customer Privacy API. Paste this line in layout/theme.liquid before the CookieYes script tag, inside the <head>:

<script src="https://cdn-cookieyes.com/common/shopify.js"></script>

The bridge needs to load first so it is ready to receive CookieYes's initial consent event when CookieYes itself loads.

Step 3 — Save and publish

Save theme.liquid. The change takes effect immediately on the live theme. If you are working in a draft theme, publish it before testing.

Order matters. The final order in your <head> must be: shopify.js first, then the main CookieYes script second.

Option C — CookieYes via the official GTM template

If you manage your tags through Google Tag Manager, install CookieYes using its official Community Template and add the Shopify bridge directly to your theme so it loads before GTM.

 

Step 1 — Add the Shopify bridge to your theme

In your Shopify admin, go to Online Store → Themes → Edit code → open layout/theme.liquid. Paste this line inside the <head>before your GTM snippet:

<script src="https://cdn-cookieyes.com/common/shopify.js"></script>

The final order in your <head> must be:

  1. shopify.js bridge script
  2. GTM <head> snippet
  3. (CookieYes itself loads via the GTM template)

Step 2 — Add the CookieYes template to your GTM workspace

  1. In GTM, go to Tags → New → Tag Configuration → Discover more tag types in the Community Template Gallery.
  2. Search for CookieYes and add the official template to your workspace.
  3. Configure the tag with your CookieYes site key (from your CookieYes dashboard under Sites).
  4. Set the trigger to Consent Initialization - All Pages so it loads before other tracking tags.
  5. Save and publish your GTM container.
Don't add the bridge as a Custom HTML tag in GTM. The bridge must load before GTM itself, which is only possible by placing it directly in theme.liquid.

Tell Shopify to use a custom banner

This step is required for Options B and C. Without it, Shopify keeps managing consent itself and ignores the values CookieYes is sending. Option A (Shopify App) usually configures this automatically, but it's worth verifying.

  1. In your Shopify admin, go to Settings → Customer Privacy → Cookie Banner.
  2. Confirm that CookieYes GDPR Cookie Banner appears under Installed privacy apps.
  3. Click More actions → Use custom cookie banner.
  4. In the modal, select the regions where Shopify should defer to your custom banner — typically EU and UK at minimum.
  5. Click Confirm.

After this, the Customer Privacy API permissions for your tracking should show as Not required, because CookieYes is now responsible for consent.

Enable Support GCM in CookieYes

For ProfitMetrics' Conversion Booster and Google Ads tracking to receive correct consent signals, CookieYes also needs to dispatch Google Consent Mode signals.

  1. In the CookieYes dashboard, go to Site Settings → Advanced Settings.
  2. Enable the Support GCM toggle.
  3. Save your changes.

Verifying the setup

After publishing, verify that consent flows from CookieYes into the Customer Privacy API on a real storefront page.

  1. Open your storefront in an incognito window.
  2. Before interacting with the banner, open DevTools → Console and run: 
    window.Shopify.customerPrivacy.getTrackingConsent()
    All consent values should return null (unknown).
  3. Accept the CookieYes banner with all categories enabled, then run the same command. analyticsmarketing, and preferences should now return true.
  4. Reload, reject all non-essential categories in the banner, and run the command again. The values should return false.

Once consent is updating correctly, place a test order with all categories accepted to confirm everything is working end-to-end.

Troubleshooting

Issue Cause & fix
Shopify.customerPrivacy is undefined The Customer Privacy API only loads on storefront pages, not in the Shopify admin or password page. Test on the live storefront in a regular browser tab.
Consent values stay null after accepting The bridge script is loading after CookieYes. Confirm shopify.js is placed before the CookieYes script in theme.liquid, or before the GTM snippet for GTM installs.
Consent updates in CookieYes but Shopify ignores it Shopify is still managing consent itself. Go to Settings → Customer Privacy → Cookie Banner and switch to Use custom cookie banner.
Banner shows but consent never updates Shopify Open DevTools and run getCkyConsent(). If it returns undefined, the CookieYes script itself is not loading — re-check your CookieYes installation (theme code, GTM tag, or Shopify App).

If you have run the diagnostics in the console above and consent still is not flowing through correctly, contact support@profitmetrics.io with a screenshot of the console output and we will help you investigate.