Introduction
iubenda is an easy way to manage privacy and cookie policies without having to do the legal work, and if you pay for a subscription, you can embed the policy on your site. There’s one issue though; doing that requires JavaScript.
So What’s The Issue?
For starters, needing JavaScript to load a privacy policy is not only ironic, it’s also a waste of resources. To make matters worse, since iubenda is also used to display cookie consent messages, the main domain is blocked in several annoyance filter lists, including Fanboy’s Annoyance and I don’t care about cookies. iubenda does have a fallback; if the script fails to load, a link to the policy is displayed instead, and it looks about as stupid as one would expect. It also defeats the purpose of embedding the policy on your site in the first place.
Well this is awkward
The API
iubenda has two ways of embedding a privacy policy on WordPress via the direct text method. The first method is JavaScript, the second method is via an API. This API returns your policy as a JSON file with two elements, success and content. success returns either true or false, and content returns the raw HTML of your privacy policy. This raw HTML does not include iubenda’s standard hosting disclaimer at the bottom, unlike the JavaScript variant.
What You’ll Need
First of all, an iubenda Pro or Ultra policy license is needed; direct text embedding is not available in the free edition. You’ll also need the free JSON Content Importer plugin. You don’t need the pro version; the free version will work perfectly fine. JSON Content Importer can read and update a JSON API without the need for JavaScript.
The plugin also includes a Gutenberg block that makes it easier to set up. While this tutorial will be based on using the Gutenberg page editor, the process can be done on other page builders or the Classic Editor via shortcodes. A guide on shortcodes can be found on the official plugin page here.
First, enable the cache in the JSON Content Importer plugin settings. This ensures that an iubenda policy will be shown even if the plugin fails to connect to the API. Next, create a new page. If your theme allows it, you should hide the page title, as iubenda’s HTML has one built in by default. Go to your iubenda dashboard and open the embed options and select “direct text embedding”. Copy the API key for the policy you want to embed, I highly recommend either the “only legal” or “no markup” options. Since the API does not have CSS or images, the simplified policy does not render well.
Either create a new page or edit your privacy policy page. Add a “JSON Content Importer FREE Block with API-data” to your page. In the API-URL section, paste the API URL of the policy you want to embed. Then in the “Template to use for JSON” add {content:purejsondata}. Do not use {content:html}; this causes elements to be transcoded into HTML characters, which among other things, causes all URLs to break.
Your settings should look something like this
Wrapping Things Up
And that’s it. Use the debug setting if something doesn’t load right, and if everything works, publish the page. The policy will be rendered using your WordPress theme and typography settings. Since the JSON Content Importer is a Gutenberg block, you can do all sorts of things like stick it in an Accordion via the Kandence – Blocks plugin.
One final note: The API unfortunately does load in inline JavaScript. If that bothers you, you can use a plugin such as Autoptimize or LiteSpeed Cache to move it to an external file.