Skip to content

gs-permissions.md

Latest commit

 

History

History
29 lines (21 loc) · 2.99 KB

gs-permissions.md

File metadata and controls

29 lines (21 loc) · 2.99 KB
title description hide_table_of_contents sidebar_position
API Permissions
Information about UID2 API permissions.
false
7

import Link from '@docusaurus/Link';

API Permissions

The UID2 ecosystem includes several different API permissions that allow access to complete specific activities. This approach is part of the overall secure design of UID2.

For each UID2 participant that has API Key and Client Secret, the permissions are linked to the participant's API credentials (see Account Setup and UID2 Credentials).

:::note If you're a publisher and are implementing UID2 on the client side, API permissions do not apply to you. Instead, you'll receive a different set of credentials that are specifically for generating a client-side token request. For details, see Subscription ID and Public Key. :::

A participant can have one or several sets of API credentials with associated permissions. In cases where you have more than one API permission, you have the option to have a separate set of credentials for each permission or have a single set of credentials for all permissions. We recommend having a separate set of credentials for each permission.

The following table lists the key permissions, the types of participants that commonly use them, and a summary of the key associated activities.

Name Participant Type Permissions
Generator Publishers Permission to call the POST /token/generate, POST /token/validate, and POST /token/refresh endpoints, to generate UID2 tokens from DII and to refresh them, using one of these integration methods:
  • A Prebid integration
  • The SDK for JavaScript
  • An integration that directly calls the applicable API endpoints for retrieving and managing UID2 tokens.
Bidder DSPs Permission to decrypt UID2 tokens coming in from the bidstream from publishers into raw UID2s for bidding purposes.
Sharer Any participant type that takes part in UID2 sharing. For details, see UID2 Sharing: Overview. Permission to do both of the following:
  • Encrypt raw UID2s into UID2 tokens for sharing with another authorized sharing participant, using a UID2 SDK or Snowflake
  • Decrypt UID2 tokens received from another authorized sharing participant into raw UID2s.
Mapper Advertisers
Data Providers		 Permission to use the POST /identity/buckets endpoint to monitor rotated salt buckets and to use the POST /identity/map endpoint to map multiple email addresses, phone numbers, or their respective hashes to their raw UID2s and salt bucket IDs.