Implement a cross-device consent synchronization flow using a consent server-side API and signed JWT tokens

Verified steps

1. When an authenticated user updates consent on one device, POST the consent event to your central consent store (or directly to your consent platform API) with a JWT signed by YOUR_SIGNING_KEY that includes the user's stable identifier (e.g., hashed email or internal userId).
2. On any subsequent device or session where the user is authenticated, retrieve current consent on page load by calling your consent API with the user's identifier; return the latest consent record including purpose decisions and timestamp.
3. Apply the retrieved consent state to your CMP on the new device: for Transcend, call Transcend.overrideConsentOptions(consentMap) with the server-fetched preferences so the banner does not re-appear for returning users who have already consented.
4. For unauthenticated sessions, fall back to local cookie-based consent; when the user subsequently authenticates, merge the local and server-side consent records by taking the most recently updated per-purpose decision.
5. Log sync events with origin device, destination device, timestamp, and the consent record version to support audit and debugging of cross-device consent conflicts.
6. Expire the signed JWT used for consent API calls after a short TTL (e.g., 15 minutes) to prevent replay attacks; refresh it via your authentication flow rather than storing a long-lived consent API token on the client.