UID2 Token Validator
The UID2 Token Validator is a web-based tool that validates UID2 tokens against their source directly identifying information (DII) to confirm that your token generation process is correct.
Overview
Publishers who generate UID2 tokens by providing DII sometimes receive tokens that appear valid but are unusable in the UID2 ecosystem. This happens when the normalization or hashing steps are not performed correctly. Because UID2 uses the normalized and hashed form of DII to derive the token, an error in either step produces a raw UID2 that is unique to that publisher. This mismatched raw UID2 will not correspond to the one used by other participants for the same DII, meaning the publisher's tokens will not match up with those from other publishers, data providers, or advertisers' CRM uploads.
Prerequisites
To use the UID2 Token Validator, you need:
- A UID2 API Key (Client Key)
- A UID2 Client Secret
If you do not have these, see API Keys for instructions on creating them in the UID2 Portal.
Using the Token Validator
Enter your API Key (Client Key) and Client Secret in the fields at the top of the Token Validation section.
Select the Operator (environment) you want to validate against. For information about UID2 environments, see Environments.
Validate a Single Token
- Under Input Mode, select Single Validation.
- In the Identifier field, enter the DII you used to generate the token. This can be:
- A raw email address
- A raw phone number
- A Base64-encoded email hash
- A Base64-encoded phone hash
- Select the identifier type that matches your input.
- In the Token field, paste the UID2 token you want to validate.
- Click Validate Tokens.
Validate Multiple Tokens (CSV)
To validate a batch of token-identifier pairs:
- Under Input Mode, select CSV.
- Prepare a CSV file with the following columns:
identifier: The DII (raw email, raw phone, email hash, or phone hash).identifier_type: Eitheremail,phone,email_hashorphone_hash.token: The UID2 token to validate.
- Upload the CSV file.
- Click Validate Tokens.
Interpret Validation Results
When you click Validate Tokens, the Validation Results table displays a row for each token-identifier pair, in the format shown in the following table.
| Column | Description |
|---|---|
| Identifier | The DII you entered. |
| Identifier Type | email, phone, email_hash or phone_hash. |
| Normalized Hash | The Base64-encoded SHA-256 hash of the normalized DII. |
| Token | The token you submitted. |
| Validation | The result of the validation. For details, see the following table. |
The Validation column reflects the response from the POST /token/validate endpoint.
| Validation Result | Meaning |
|---|---|
Token matches identifier | The token matches the provided DII. This means that the token was generated from the correct normalized hash. |
Failed: Token does not match identifier | The token does not match the provided DII. The most likely cause is incorrect normalization or hashing. |
Failed: Invalid token | The token is malformed and cannot be parsed. |
Failed: {"status":"unauthorized"} | The API credentials provided are invalid or unauthorized. |
If the result is Failed: Token does not match identifier, compare the Normalized Hash shown in the results with the value your own implementation produced for the same DII. If they differ, the issue is in your normalization or hashing steps. For details, see Normalization and Encoding and Preparing Emails and Phone Numbers for Processing.