Cookies Object
Overview
The cookies object is a flat key-value map containing browser cookies required by tracking platforms and advertising destinations. This object is designed for server-side tracking where cookie values must be collected from the original user session and transmitted through the API to enable proper attribution across advertising platforms and analytics destinations.
Include only cookies required by the client's active destinations.
Structure
Cookies are transmitted as a flat object where each key is the cookie name and each value is the cookie value. Both must be strings.
{
"_ga": "GA1.2.123456789.1640995200",
"_gcl_aw": "GCL.1640995200.CjwKCAiA",
"_fbp": "fb.1.1640995200.123456789"
}
If cookies are not available or the format is invalid, an empty object {} will be used.
What Cookies Can You Send?
You can send any cookie that is relevant for tracking and attribution — this includes both platform-proprietary cookies (like _ga, _fbp, _ttp) and custom cookies specific to your implementation (like custom_session_id, affiliate_ref).
However, there is an important distinction: a cookie is only processed and forwarded to a destination if it has been mapped by DATA Reshape with a defined purpose for that specific destination. Any cookie that is not mapped will be accepted in the payload but silently ignored during processing.
This means you can safely send all tracking-related cookies you have available — DATA Reshape will pick up and use only the ones that are relevant for each active destination. There is no penalty for sending extra cookies, but sending cookies that have no tracking purpose (like session tokens, CSRF tokens, or UI preference cookies) adds unnecessary payload size.
The list of mapped cookies per destination is managed by DATA Reshape and evolves as new platform integrations are added. You do not need to know which cookies are mapped — just send all tracking-related cookies and DATA Reshape will handle the rest.
Example
{
// Platform cookies — processed if destination is active and cookie is mapped
"_ga": "GA1.2.123456789.1640995200",
"_gcl_aw": "GCL.1640995200.CjwKCAiA",
"_fbp": "fb.1.1640995200.123456789",
"_fbc": "fb.1.1640995200.AbCdEfGhIjKlMnOp",
"_ttp": "123456789.abcdefgh",
// Custom cookies — processed only if mapped by DATA Reshape
"affiliate_ref": "partner_abc_123",
"landing_campaign": "spring_sale_2025"
}
Cookie Collection (Server-Side)
Since cookies are only available in API implementations, they must be collected during the user's browser session and sent via webhook:
// Collect cookies server-side for webhook transmission
$requiredCookies = ['_ga', '_gid', '_gcl_aw', '_fbp', '_fbc', '_ttp'];
$cookies = [];
foreach ($requiredCookies as $name) {
if (isset($_COOKIE[$name]) && !empty($_COOKIE[$name])) {
$cookies[$name] = $_COOKIE[$name];
}
}
Usage in Webhook Payload
$payload = [
'event' => [
'name' => 'checkout_completed',
'value' => 299.99,
'currency' => 'USD',
'id' => 'ORDER_12345'
],
'context' => [
'environment' => 'prod',
'data_source' => 'website'
],
'cookies' => [
'_ga' => 'GA1.2.123456789.1640995200',
'_gcl_aw' => 'GCL.1640995200.CjwKCAiA',
'_fbp' => 'fb.1.1640995200.123456789'
],
'user' => [
'email' => '[email protected]'
]
];
Best Practices
- Required Cookies Only — include only cookies needed by client's active platforms
- Valid Values — ensure cookie values are current and properly formatted
- Consent Compliance — respect user privacy preferences; include marketing cookies only with marketing consent
- Session Preservation — collect cookies during user session for later API use; store them in session or database for delayed order processing
- HTTPS Only — always use HTTPS for API calls containing cookie data