Title
Date: 2024-08-02
Status: accepted
Context
The purpose of the UDP is the secure retrieval of user data, which means we use the information of the currently authenticated user from the __sso cookie to make the retrieval to e.g. the customer data platform (CDP).
Decision
Since we also need to return user data if one is not logged in based on anonymousId, we decided to expect a cookie with that information which should be provided by the MTAM when it knows about the anonymousId.
Consequences
No client can make a fetch call with a userIdenitfier in it.