In OneTrust, create an App Scan workflow for your domain and note the appId returned in the UI.
Authenticate with an OAuth 2.0 client-credentials token scoped to CookieCompliance.Write.
Trigger a rescan via POST https://{hostname}/api/cookiecompliance/v1/apps/{appId}/scan with an empty body or optional scanType field; capture the returned scanId.
Poll GET https://{hostname}/api/cookiecompliance/v1/apps/{appId}/scan/{scanId}/status until the status field returns COMPLETED.
Fetch the delta of added or removed cookies since the last scan via GET https://{hostname}/api/cookiecompliance/v1/apps/{appId}/scan/{scanId}/delta to identify newly appearing or removed trackers.
Review uncategorized cookies in the delta response and call PATCH on each cookie record to assign the correct category (e.g., StrictlyNecessary, Performance, Targeting) before publishing the updated cookie declaration.
Known gotchas
REST scanning is limited to files under 64 MB; larger scan inputs require the FTP-based upload path documented separately in the OneTrust developer portal.
Cookie categorization is not automatic — the delta endpoint flags new cookies but category assignment requires a manual or rule-driven PATCH call before the consent banner reflects the new cookie.
Scans triggered via API still consume scan credits in your OneTrust license; avoid polling-based rescans on short intervals.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp