|
| 1 | +--- |
| 2 | +title: How the UID2 Token Is Created |
| 3 | +description: Reference information about the process for generating a UID2 token. |
| 4 | +hide_table_of_contents: false |
| 5 | +sidebar_position: 06 |
| 6 | +--- |
| 7 | + |
| 8 | +import Link from '@docusaurus/Link'; |
| 9 | + |
| 10 | +# How the UID2 Token Is Created |
| 11 | + |
| 12 | +When a publisher sends <Link href="../ref-info/glossary-uid#gl-dii">DII</Link> (email or phone number) to UID2, and in return receives a <Link href="../ref-info/glossary-uid#gl-uid2-token">UID2 token</Link> to use for targeted advertising, there is a very specific sequence of processing steps that occurs along the way. |
| 13 | + |
| 14 | +It's very important that the exact steps are performed, in the correct sequence: |
| 15 | +- When steps are performed in sequence, the resulting value **matches** other instances of tokens generated from online activity by the same individual, and therefore the token is **valuable** for targeted advertising. |
| 16 | +- If steps are taken out of sequence, the resulting value **does not match** other instances of tokens generated from online activity by the same individual, and therefore the token is **not valid** for targeted advertising. |
| 17 | + |
| 18 | + Some preliminary steps are taken by the publisher, but most of the processing steps are done by the UID2 Operator. For a summary, see [Steps to Create a UID2 Token](#steps-to-create-a-uid2-token). For visuals, see [Creating a UID2 Token—Example](#creating-a-uid2-tokenexample). |
| 19 | + |
| 20 | +<!-- Here's a common scenario. |
| 21 | +
|
| 22 | +A publisher has a user's email address or phone number, and wants to generate a UID2 token. The publisher follows these steps: |
| 23 | +
|
| 24 | +1. First, performs some steps on the DII to apply some security before sending it to the UID2 service. The publisher performs these steps: |
| 25 | + - Normalizes the DII. This is optional for emails but is required for phone numbers. For details, see [Phone Number Normalization](../getting-started/gs-normalization-encoding.md#phone-number-normalization). |
| 26 | + - Applies the SHA-256 hashing algorithm to the result. |
| 27 | + - Optionally, applies Hex to Base64 encoding to the result. --> |
| 28 | + |
| 29 | +## Steps to Create a UID2 Token |
| 30 | + |
| 31 | +The following table shows the steps for creating a UID2 token from DII, the sequence, and who performs each step. |
| 32 | + |
| 33 | +For an example showing each step performed on a sample value, see [Creating a UID2 Token—Example](#creating-a-uid2-tokenexample). |
| 34 | + |
| 35 | +<table width="100%"> |
| 36 | + <thead> |
| 37 | + <tr> |
| 38 | + <th width="10%">Step</th> |
| 39 | + <th width="30%">Action</th> |
| 40 | + <th width="30%">Who Does It?</th> |
| 41 | + <th width="30%">Documentation</th> |
| 42 | + </tr> |
| 43 | + </thead> |
| 44 | + <tbody> |
| 45 | + <tr> |
| 46 | + <td>1</td> |
| 47 | + <td>Normalization</td> |
| 48 | + <td>**Email**: Publisher or UID2 service<br/>**Phone number**: Publisher must normalize</td> |
| 49 | + <td>[Email Address Normalization](../getting-started/gs-normalization-encoding.md#email-address-normalization)<br/>[Phone Number Normalization](../getting-started/gs-normalization-encoding.md#phone-number-normalization)</td> |
| 50 | + </tr> |
| 51 | + <tr> |
| 52 | + <td>2</td> |
| 53 | + <td>SHA-256 hashing</td> |
| 54 | + <td>Publisher or UID2 service</td> |
| 55 | + <td>[Email Address Hash Encoding](../getting-started/gs-normalization-encoding.md#email-address-hash-encoding)<br/>[Phone Number Hash Encoding](../getting-started/gs-normalization-encoding.md#phone-number-hash-encoding)</td> |
| 56 | + </tr> |
| 57 | + <tr> |
| 58 | + <td>3</td> |
| 59 | + <td>Hex to Base64 encoding</td> |
| 60 | + <td>Publisher or UID2 service</td> |
| 61 | + <td>[Email Address Hash Encoding](../getting-started/gs-normalization-encoding.md#email-address-hash-encoding)<br/>[Phone Number Hash Encoding](../getting-started/gs-normalization-encoding.md#phone-number-hash-encoding)</td> |
| 62 | + </tr> |
| 63 | + <tr> |
| 64 | + <td>4</td> |
| 65 | + <td>Send value to UID2 Operator via the [POST /token/generate](../endpoints/post-token-generate.md) endpoint, an SDK, Prebid.js, or another supported integration.</td> |
| 66 | + <td>Publisher</td> |
| 67 | + <td>Various: for a summary, see [Implementation Resources](../overviews/overview-publishers.md#implementation-resources)</td> |
| 68 | + </tr> |
| 69 | + <tr> |
| 70 | + <td>5</td> |
| 71 | + <td>Perform multiple steps including hashing, salting, and encryption to create a UID2 token.</td> |
| 72 | + <td>UID2 service</td> |
| 73 | + <td>Not applicable: these steps are all performed by the UID2 service.</td> |
| 74 | + </tr> |
| 75 | + </tbody> |
| 76 | +</table> |
| 77 | + |
| 78 | +## Creating a UID2 Token—Example |
| 79 | + |
| 80 | +The following diagram shows the high-level steps for creating a [raw UID2](../ref-info/glossary-uid.md#gl-raw-uid2) (first column, second column) and then a [UID2 token](../ref-info/glossary-uid.md#gl-uid2-token) (third column). |
| 81 | + |
| 82 | +The publisher can send a request to the [POST /token/generate](../endpoints/post-token-generate.md) endpoint or use one of the other options, such as an SDK or Prebid. Whatever the integration option, the result is a UID2 token—an encrypted value that the publisher can send in the bidstream for targeted advertising. |
| 83 | + |
| 84 | + |
| 85 | + |
| 86 | +The token cannot be reverse engineered to tie back to the advertiser side. The UID2 process operates by passing an email or its hashed equivalent to the UID2 Operator, and the Operator then processes and encrypts the value to create a UID2 token. Demand-Side Platforms (DSPs) decrypt this token to arrive at the underlying raw UID2, and can then align it with UID2 segments predefined by advertisers who have transformed their data into UID2 format. Each participant only has access to their own specific information. |
0 commit comments