Skip to main content

Authentication and Authorization

To authenticate to the UID2 endpoints in a server-side implementation, you need the following:

  • A client API key. The API key is included as a bearer token in the request's Authorization header. For example:
    Authorization: Bearer YourTokenBV3tua4BXNw+HVUFpxLlGy8nWN6mtgMlIk=
  • A client secret for encrypting API requests and decrypting API responses. This is needed for all endpoints except POST /token/refresh.
    For details, and encryption/decryption examples in several different programming languages, see Encrypting Requests and Decrypting Responses.

If you're a publisher and are implementing UID2 on the client side, the authentication and authorization is managed automatically by your implementation, such as Prebid.js (see UID2 Client-Side Integration Guide for Prebid.js) or the JavaScript SDK (see Client-Side Integration Guide for JavaScript).