UID2 Credentials
Each UID2 participant gets a set of unique credentials. The set of credentials you get is determined by how you are participating in UID2, as shown in the following table.
Audience | Credentials | Integration |
---|---|---|
Participants using a client-side implementation | Both of the following: These two, together, are sometimes called client keypair. | Integrations using one of these: |
Participants using a client-server implementation | Both of the following:
| Integrations using one of these: |
Participants using a server-side implementation | Both of the following:
| Integrations using one of these: |
If you're using the integration environment as well as the production environment, you'll get a separate set of credentials for each environment.
Subscription ID and Public Key
If you're using a client-side implementation (see UID2 Client-Side Integration Guide for Prebid.js or Client-Side Integration Guide for JavaScript), you'll receive the following credentials:
- Subscription ID: This value identifies your site to the UID2 service.
- Public key: This value is used for encryption.
Client keypair is a group term we use for these two values, which are used to uniquely define an account that's using an implementation that generates the token on the client side.
When you're implementing UID2 on the client side, by using the UID2 JavaScript SDK, Client-Side Integration for Mobile, or Prebid.js, provide the values to the SDK or to Prebid.js as part of configuration.
Notes:
-
Unlike the API key and client secret, the Subscription ID and public key do not have to be kept secure.
-
The values are valid for a specific environment. If you're using both the integration and production environments, you'll get a set of credentials for each environment.
-
Subscription ID and public key credentials can be used only to generate client-side tokens. If you need any additional roles (see API Permissions), request API Key and Client Secret for those roles.
API Key and Client Secret
If you're using a client-server or server-side implementation (see UID2 Client-Server Integration Guide for Prebid.js or Client-Server Integration Guide for JavaScript), the API key and client secret allow you to connect to the Operator Service and call API endpoints. These values identify you to the service.
Here is some information about API keys and client secrets:
- You must keep these values secure. For details, see Security of API Key and Client Secret.
- One UID2 participant can have multiple keys.
- Each key has a set of permissions that determine the endpoints you can use it on.
- Each key has a corresponding client secret.
- Most API endpoints require both API key and client secret for authentication. For details, see Authentication and Authorization.
- If you're using the integration environment as well as the production environment, you'll receive separate API keys for each environment.
- The client secret is valid for a specific environment. If you're using both the integration and production environments, you'll get a client secret for each environment.
As part of getting your UID2 account set up, we'll give you one or more API keys, each with a corresponding client secret. For details of who to talk to, see Contact Info.
Security of API Key and Client Secret
Security of keys and client secrets is very important. Follow these guidelines:
- When you receive your API key and client secret, store them in a secure location.
- Keep track of all places where these values are stored and used, so that if you need to rotate the key you can do it quickly.
- Establish a process for replacing the key and secret with new values if the existing ones are compromised.
It's best to refresh your API key and client secret on a regular cadence—for example, yearly—to help reduce the risk of your credentials being compromised.
Refreshing Credentials
To request new credentials at any time, ask your UID2 contact.