diff --git a/docs/endpoints/post-identity-buckets.md b/docs/endpoints/post-identity-buckets.md
index c75e7740d..b5bd5054a 100644
--- a/docs/endpoints/post-identity-buckets.md
+++ b/docs/endpoints/post-identity-buckets.md
@@ -17,6 +17,8 @@ Used by: This endpoint is used mainly by advertisers and data providers. For det
`POST '{environment}/v2/identity/buckets'`
+For authentication details, see [Authentication and Authorization](../getting-started/gs-auth.md).
+
:::important
You must encrypt all requests using your secret. For details, and code examples in different programming languages, see [Encrypting Requests and Decrypting Responses](../getting-started/gs-encryption-decryption.md).
:::
diff --git a/docs/endpoints/post-identity-map.md b/docs/endpoints/post-identity-map.md
index 9c48e5d59..7f9c7bfc9 100644
--- a/docs/endpoints/post-identity-map.md
+++ b/docs/endpoints/post-identity-map.md
@@ -13,6 +13,8 @@ Maps multiple email addresses, phone numbers, or their respective hashes to thei
Used by: This endpoint is used mainly by advertisers and data providers. For details, see [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md).
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
## Batch Size and Request Parallelization Requirements
Here's what you need to know:
@@ -26,6 +28,8 @@ Here's what you need to know:
`POST '{environment}/v2/identity/map'`
+For authentication details, see [Authentication and Authorization](../getting-started/gs-auth.md).
+
:::important
You must encrypt all requests using your secret. For details, and code examples in different programming languages, see [Encrypting Requests and Decrypting Responses](../getting-started/gs-encryption-decryption.md).
:::
diff --git a/docs/endpoints/post-optout-status.md b/docs/endpoints/post-optout-status.md
index 55c8d6514..0cd85de07 100644
--- a/docs/endpoints/post-optout-status.md
+++ b/docs/endpoints/post-optout-status.md
@@ -30,6 +30,8 @@ The key guidelines for managing batches of requests to this endpoint are as foll
`POST '{environment}/v2/optout/status'`
+For authentication details, see [Authentication and Authorization](../getting-started/gs-auth.md).
+
:::important
You must encrypt all requests using your secret. For details, and code examples in different programming languages, see [Encrypting Requests and Decrypting Responses](../getting-started/gs-encryption-decryption.md).
:::
diff --git a/docs/endpoints/post-token-generate.md b/docs/endpoints/post-token-generate.md
index 3fbe86d29..819376f38 100644
--- a/docs/endpoints/post-token-generate.md
+++ b/docs/endpoints/post-token-generate.md
@@ -26,7 +26,9 @@ Rather than calling this endpoint directly, you could use one of the SDKs to man
`POST '{environment}/v2/token/generate'`
-Here's what you need to know about this endpoint requests:
+For authentication details, see [Authentication and Authorization](../getting-started/gs-auth.md).
+
+Here's what you need to know about sending requests to this endpoint:
- To ensure that the API key used to access the service remains secret, UID2 tokens must be generated only on the server side after authentication.
- You must encrypt all requests using your secret. For details, and code examples in different programming languages, see [Encrypting Requests and Decrypting Responses](../getting-started/gs-encryption-decryption.md).
diff --git a/docs/endpoints/post-token-validate.md b/docs/endpoints/post-token-validate.md
index e2238c572..839cab9d3 100644
--- a/docs/endpoints/post-token-validate.md
+++ b/docs/endpoints/post-token-validate.md
@@ -21,6 +21,8 @@ This endpoint is intended primarily for testing and troubleshooting new integrat
`POST '{environment}/v2/token/validate'`
+For authentication details, see [Authentication and Authorization](../getting-started/gs-auth.md).
+
:::important
You must encrypt all requests using your secret key. For details, and code examples in different programming languages, see [Encrypting Requests and Decrypting Responses](../getting-started/gs-encryption-decryption.md).
:::
diff --git a/docs/endpoints/summary-endpoints.md b/docs/endpoints/summary-endpoints.md
index 06514b256..b9ef57d8a 100644
--- a/docs/endpoints/summary-endpoints.md
+++ b/docs/endpoints/summary-endpoints.md
@@ -35,6 +35,8 @@ The following endpoints are used by advertisers and third-party data providers.
The following endpoint can be used by advertisers, third-party data providers, DSPs, and sharers. Publishers do not need to use this endpoint.
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
| Endpoint | Description | Request Encryption | Response Decryption |
| :--- | :--- | :--- | :--- |
| [POST /optout/status](post-optout-status.md) | Checks the opt-out status of raw UID2s. This endpoint takes a list of raw UID2s as input, and returns the raw UID2s that have opted out, as well as the time that the opt-out took place. | Required | Required |
diff --git a/docs/getting-started/gs-sharing.md b/docs/getting-started/gs-sharing.md
index 9596c5664..001befdea 100644
--- a/docs/getting-started/gs-sharing.md
+++ b/docs/getting-started/gs-sharing.md
@@ -9,7 +9,7 @@ import Link from '@docusaurus/Link';
# UID2 Sharing
-In UID2, sharing is a process for distributing [raw UID2s](../ref-info/glossary-uid.md#gl-raw-uid2), either directly or encrypted into [UID2 tokens](../ref-info/glossary-uid.md#gl-raw-uid2), between UID2 participants.
+In UID2, sharing is a process for distributing [raw UID2s](../ref-info/glossary-uid.md#gl-raw-uid2), either directly or encrypted into [UID2 tokens](../ref-info/glossary-uid.md#gl-uid2-token), between UID2 participants.
All instances where a raw UID2 or UID2 token is shared with another participant fall under the definition of sharing. All sharing participants must meet the legal requirements specified in the following section, [Legal Requirements for UID2 Sharing](#legal-requirements-for-uid2-sharing).
diff --git a/docs/guides/advertiser-dataprovider-guide.md b/docs/guides/advertiser-dataprovider-guide.md
index ea6747e1d..e1fbc3bae 100644
--- a/docs/guides/advertiser-dataprovider-guide.md
+++ b/docs/guides/advertiser-dataprovider-guide.md
@@ -106,6 +106,8 @@ It's important to honor user opt-out status. Here are two ways you can check tha
- Advertisers and data providers can check the opt-out status of raw UID2s using the [POST /optout/status](../endpoints/post-optout-status.md) endpoint.
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
## FAQs
For a list of frequently asked questions for advertisers and data providers using the UID2 framework, see [FAQs for Advertisers and Data Providers](../getting-started/gs-faqs.md#faqs-for-advertisers-and-data-providers).
diff --git a/docs/guides/dsp-guide.md b/docs/guides/dsp-guide.md
index 3a07a7770..e1858a800 100644
--- a/docs/guides/dsp-guide.md
+++ b/docs/guides/dsp-guide.md
@@ -12,7 +12,7 @@ import Link from '@docusaurus/Link';
This guide is for DSPs who transact on UID2s in the bidstream.
-DSPs receive UID2 tokens in bid requests, and decrypt the UID2 tokens to arrive at raw UID2s that they can use for bidding, using one of the server-side SDKs that support this function.
+DSPs receive UID2 tokens in bid requests, and decrypt the [UID2 tokens](../ref-info/glossary-uid.md#gl-uid2-token) to arrive at [raw UID2s](../ref-info/glossary-uid.md#gl-raw-uid2) that they can use for bidding, using one of the server-side SDKs that support this function.
For a summary of available server-side SDKs, see [SDKs: Summary](../sdks/summary-sdks.md).
@@ -38,6 +38,8 @@ This section includes the following information for DSPs, who must honor user op
- [POST /optout/status Endpoint](#post-optoutstatus-endpoint)
- [Bidding Opt-Out Logic](#bidding-opt-out-logic)
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
#### Opt-Out Webhook
To receive and honor user opt-outs from the UID2 service, the DSP establishes a pre-configured interface (an opt-out webhook/API endpoint) and provides it to the UID2 service during onboarding. When a user opts out, the UID2 service sends the user's raw UID2 and the corresponding opt-out timestamp to the pre-configured interface.
diff --git a/docs/guides/integration-javascript-client-server.md b/docs/guides/integration-javascript-client-server.md
index 64119aa5d..836c778e1 100644
--- a/docs/guides/integration-javascript-client-server.md
+++ b/docs/guides/integration-javascript-client-server.md
@@ -32,6 +32,8 @@ This guide outlines the basic steps that you need to consider if you are buildin
For a workflow diagram, see [Integration Steps](#integration-steps). See also [FAQs](#faqs).
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
To facilitate the process of establishing client identity using UID2 and retrieving advertising tokens, the web integration steps provided in this guide rely on the SDK for JavaScript. Here's an [example application](https://example-jssdk-integ.uidapi.com/) that illustrates the integration steps described in this guide and the usage of the SDK (currently only for email addresses). For the application documentation, see [UID2 SDK Integration Example](https://github.com/IABTechLab/uid2-examples/blob/main/publisher/standard/README.md).
:::tip
diff --git a/docs/guides/integration-mobile-overview.md b/docs/guides/integration-mobile-overview.md
index b724a85fa..95674940b 100644
--- a/docs/guides/integration-mobile-overview.md
+++ b/docs/guides/integration-mobile-overview.md
@@ -63,6 +63,8 @@ To determine the best integration path for your mobile scenario, consider these
The options for integrating with UID2 using the UID2 mobile SDKs are summarized in the following table. Choose the integration approach that's best for you.
+For details, see [Integration Approaches](../ref-info/ref-integration-approaches.md).
+
| Scenario | Option | Integration Guide |
| :--- | :--- | :--- |
| You have access to DII (email address or phone number) on the client side/within the mobile app, and want to keep changes within your app only. | Client-side integration | [UID2 Client-Side Integration Guide for Mobile](integration-mobile-client-side.md) |
diff --git a/docs/guides/integration-publisher-server-side.md b/docs/guides/integration-publisher-server-side.md
index c8cb77db7..182705fb2 100644
--- a/docs/guides/integration-publisher-server-side.md
+++ b/docs/guides/integration-publisher-server-side.md
@@ -86,6 +86,8 @@ For an example of what a UID2 token might look like in the bidstream, when it's
Use the `POST /token/refresh` endpoint to make sure you always have a valid and up-to-date UID2 token. The UID2 token must be refreshed to sync with the UID2 rotation. In addition, the token refresh process checks the user's opt-out status, and if the user has opted out, no new token is sent. This ends the token refresh chain, and you must not use that UID2 token again.
+For details about the UID2 opt-out workflow and how users can opt out, see [User Opt-Out](../getting-started/gs-opt-out.md).
+
| Step | Endpoint | Description |
| :--- | :--- | :--- |
| 3-a |N/A | When a user returns to an asset and becomes active again, refresh the UID2 token before sending it to the SSP. |
diff --git a/docs/guides/operator-guide-aws-marketplace.md b/docs/guides/operator-guide-aws-marketplace.md
index 3a99f33d9..5053bc6e9 100644
--- a/docs/guides/operator-guide-aws-marketplace.md
+++ b/docs/guides/operator-guide-aws-marketplace.md
@@ -13,7 +13,9 @@ import AttestFailure from '/docs/snippets/_private-operator-attest-failure.mdx';
# UID2 Private Operator for AWS Integration Guide
-The UID2 Operator is the API server in the UID2 ecosystem. For a Private Operator service running in AWS Marketplace, the UID2 Operator solution is enhanced with [AWS Nitro](https://aws.amazon.com/ec2/nitro/) Enclave technology. This is an additional security measure to help protect UID2 information from unauthorized access.
+The UID2 Operator is the API server in the UID2 ecosystem. For details, see [The UID2 Operator](../ref-info/ref-operators-public-private.md).
+
+For a Private Operator service running in AWS Marketplace, the UID2 Operator solution is enhanced with [AWS Nitro](https://aws.amazon.com/ec2/nitro/) Enclave technology. This is an additional security measure to help protect UID2 information from unauthorized access.
## UID2 Private Operator for AWS
diff --git a/docs/guides/operator-guide-azure-enclave.md b/docs/guides/operator-guide-azure-enclave.md
index bcf948d1f..a866f96b4 100644
--- a/docs/guides/operator-guide-azure-enclave.md
+++ b/docs/guides/operator-guide-azure-enclave.md
@@ -12,7 +12,9 @@ import ReleaseMatrix from '/docs/snippets/_private-operator-release-matrix.mdx';
# UID2 Private Operator for Azure Integration Guide
-The UID2 Operator is the API server in the UID2 ecosystem. This guide provides information for setting up the UID2 Operator Service as a Private Operator in an instance of [Confidential Containers](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers), a confidential computing option from Microsoft Azure. Confidential Containers instances run in a hardware-backed Trusted Execution Environment (TEE) that provides intrinsic capabilities such as data integrity, data confidentiality, and code integrity.
+The UID2 Operator is the API server in the UID2 ecosystem. For details, see [The UID2 Operator](../ref-info/ref-operators-public-private.md).
+
+This guide provides information for setting up the UID2 Operator Service as a Private Operator in an instance of [Confidential Containers](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers), a confidential computing option from Microsoft Azure. Confidential Containers instances run in a hardware-backed Trusted Execution Environment (TEE) that provides intrinsic capabilities such as data integrity, data confidentiality, and code integrity.
When the Docker container for the UID2 Operator Confidential Containers instance starts up, it completes the attestation process that allows the UID2 Core Service to verify the authenticity of the Operator Service and the enclave environment that the Operator Service is running in.
diff --git a/docs/guides/operator-private-gcp-confidential-space.md b/docs/guides/operator-private-gcp-confidential-space.md
index ba84f8edc..11c2b1e60 100644
--- a/docs/guides/operator-private-gcp-confidential-space.md
+++ b/docs/guides/operator-private-gcp-confidential-space.md
@@ -12,6 +12,8 @@ import ReleaseMatrix from '/docs/snippets/_private-operator-release-matrix.mdx';
# UID2 Private Operator for GCP Integration Guide
+The UID2 Operator is the API server in the UID2 ecosystem. For details, see [The UID2 Operator](../ref-info/ref-operators-public-private.md).
+
This guide provides information for setting up the UID2 Operator Service as a Private Operator instance in [Confidential Space](https://cloud.google.com/confidential-computing#confidential-space), a confidential computing option from [Google Cloud](https://cloud.google.com/docs/overview/) Platform. Confidential Space offers a secure enclave environment, known as a Trusted Execution Environment (TEE).
:::note
diff --git a/docs/ref-info/glossary-uid.md b/docs/ref-info/glossary-uid.md
index 0eb77deb8..70e7fe63d 100644
--- a/docs/ref-info/glossary-uid.md
+++ b/docs/ref-info/glossary-uid.md
@@ -330,7 +330,7 @@ import Link from '@docusaurus/Link';
The Opt-Out Service is a global UID2 service that manages and stores user opt-out requests.
@@ -374,6 +374,7 @@ import Link from '@docusaurus/Link';
A refresh token is an opaque string that is issued along with the UID2 token. It is used to refresh the UID2 token, which has a limited life.
When the UID2 server receives the refresh token with a request for a new UID2 token, it checks for user opt-out. If the user has opted out of UID2, no new UID2 token is generated.
When a new UID2 token is generated and returned in response to the refresh token, a new refresh token is returned along with it. However, if the user is inactive for a long period of time, the refresh token itself expires.
### S
diff --git a/docs/sharing/sharing-overview.md b/docs/sharing/sharing-overview.md
index 570e8c8bb..a71a4a586 100644
--- a/docs/sharing/sharing-overview.md
+++ b/docs/sharing/sharing-overview.md
@@ -10,7 +10,7 @@ import Link from '@docusaurus/Link';
# UID2 Sharing: Overview 
-In UID2, sharing is a process for distributing either [raw UID2s](../ref-info/glossary-uid.md#gl-raw-uid2) or [UID2 tokens](../ref-info/glossary-uid.md#gl-raw-uid2) between UID2 participants.
+In UID2, sharing is a process for distributing either [raw UID2s](../ref-info/glossary-uid.md#gl-raw-uid2) or [UID2 tokens](../ref-info/glossary-uid.md#gl-uid2-token) between UID2 participants.
All instances where a raw UID2 or UID2 token is shared with another participant fall under the definition of sharing. All sharing participants who send raw UID2s must follow the security requirements specified in the standard security practices. For details, see [Security Requirements for UID2 Sharing](sharing-security.md). We encourage all participants who are sharing UID2 tokens to follow these steps.