UID2 Credentials

Each UID2 participant needs at least one set of unique credentials. The set of credentials you need is determined by how you are participating in UID2, as shown in the following table.

Audience	Credentials	Integration
Participants using a client-side implementation	Both of the following: Subscription ID Public key These two, together, are sometimes called client keypair.	Integrations using one of these: UID2 Client-Side Integration Guide for Prebid.js Client-Side Integration Guide for JavaScript UID2 Client-Side Integration Guide for Mobile
Participants using a client-server implementation	Both of the following: API key, also called a client key Client secret, a value known only to the participant and the UID2 service	Integrations using one of these: Client-Server Integration Guide for JavaScript UID2 Client-Server Integration Guide for Prebid.js UID2 Client-Server Integration Guide for Mobile
Participants using a server-side implementation	Both of the following: API key, also called a client key Client secret, a value known only to the participant and the UID2 service	Integrations using one of these: Publisher Integration Guide, Server-Side Advertiser/Data Provider Integration Overview

Separate Credentials Per Environment/Role

If you're using the integration environment as well as the production environment, you'll get a separate set of credentials for each environment. See Getting Your Credentials.

In addition, in some cases, we recommend, but do not require, that you have a different set of credentials for a different scenario. For example:

• If you're a publisher who generates UID2 tokens (via POST /token/generate or in some other way), but you also create/map raw UID2s on your own behalf (see POST /identity/map), you might have separate credentials for each of these activities.
• If you're an advertiser, in a scenario where you allow multiple service providers to operate using your advertiser keys, you might choose to have separate credentials for each service provider.

Getting Your Credentials

The following table shows how you get your credentials, for each integration approach and each environment.

Environment	Integration Type	Getting Credentials
Prod	Client-Side	UID2 Portal > Client-Side Integration
	Client-Server	UID2 Portal > API Keys
	Server-Side	UID2 Portal > API Keys
Integ	Client-Side	Ask your UID2 contact.
	Client-Server
	Server-Side

Subscription ID and Public Key

If you're using a client-side implementation (see UID2 Client-Side Integration Guide for Prebid.js or Client-Side Integration Guide for JavaScript), you'll receive the following credentials:

• Subscription ID: This value identifies your site to the UID2 service.
• Public key: This value is used for encryption.

Client keypair is a group term we use for these two values, which are used to uniquely define an account that's using an implementation that generates the token on the client side.

When you're implementing UID2 on the client side, by using the UID2 JavaScript SDK, Client-Side Integration for Mobile, or Prebid.js, provide the values to the SDK or to Prebid.js as part of configuration.

Notes:

• Unlike the API key and client secret, the Subscription ID and public key do not have to be kept secure.

• The values are valid for a specific environment. If you're using both the integration and production environments, you'll get a set of credentials for each environment.

• Subscription ID and public key credentials can be used only to generate client-side tokens. If you need any additional roles (see API Permissions), request API Key and Client Secret for those roles.

API Key and Client Secret

If you're using a client-server or server-side implementation (see UID2 Client-Server Integration Guide for Prebid.js or Client-Server Integration Guide for JavaScript), the API key and client secret allow you to connect to the Operator Service and call API endpoints. These values identify you to the service.

Here is some information about API keys and client secrets:

• You must keep these values secure. For details, see Security of API Key and Client Secret.
• One UID2 participant can have multiple keys.
• Each key has a set of permissions that determine the endpoints you can use it on.
• Each key has a corresponding client secret.
• Most API endpoints require both API key and client secret for authentication. For details, see Authentication and Authorization.
• If you're using the integration environment as well as the production environment, you'll receive separate API keys for each environment. For details, see Getting Your Credentials.
• The client secret is valid for a specific environment. If you're using both the integration and production environments, you'll get a client secret for each environment.

As part of getting your UID2 account set up, we'll give you one or more API keys, each with a corresponding client secret. For details of who to talk to, see Contact Info.

Security of API Key and Client Secret

Security of keys and client secrets is very important. Follow these guidelines:

• When you receive your API key and client secret, store them in a secure location.
• Keep track of all places where these values are stored and used, so that if you need to rotate the key you can do it quickly.
• Establish a process for replacing the key and secret with new values if the existing ones are compromised.

It's best to refresh your API key and client secret on a regular cadence—for example, yearly—to help reduce the risk of your credentials being compromised.

Refreshing Credentials

To request new credentials at any time, do one of the following:

• If you have UID2 Portal access, and you need new Production credentials: go to the page listed in Getting Your Credentials.
• If you don't have UID2 Portal access, or you need new credentials for the Integration environment, ask your UID2 contact.