Skip to main content

Server-Side Token Generation

If you're a publisher setting up a client-server or server-side UID2 integration, the first step is to generate the UID2 token on your server. Then, you can keep the token refreshed either on the client side or server side, and pass the token to the client side for sending to the RTB bidstream.

There are two approaches for publishers generating UID2 tokens on the server side by providing directly identifying information (DII) (email address or phone number):

  • Integration with an SDK
  • Direct integration to API endpoints

For security reasons, the API key and secret used in token generation must be called on the server side. Do not store these values on the client side, whether on a web page, mobile app, or in Prebid. For details, see Security of API Key and Client Secret.

Options are summarized in the following table.

Integration Solution Generate TokenRefresh Token
UID2 SDK for Java✅ 
UID2 SDK for Python
Direct integration (API endpoints with custom code)

Whatever integration option you choose to generate the identity (UID2 token and associated values), you'll need to implement one of the following:

  • SDK: Use one of the Publisher Client classes, in one of the UID2 server-side SDKs. These classes simplify the request into a single method call.

    For instructions, see one of the following:

    If you're using an SDK option, the Identity response that you need for the rest of this guide is the output of the applicable method, as follows:

  • API: Call the POST /token/generate endpoint.

    The identity output that you need for the rest of this guide is the content inside the body section of a successful endpoint response. For an example, see Successful Response.


The endpoint and SDK API return opt-out status if the DII you are generating the token for has been opted out of UID2. If this happens, save the information and do not call the token generation endpoint for the same DII again.