UID2 Token Validator
The UID2 Token Validator is a web-based tool that validates UID2 tokens against their source directly identifying information (DII) to confirm that your token generation process is correct.
Overview
When publishers generate UID2 tokens by providing DII, in some cases the resulting UID2 token appears valid but is not. This is because the normalization or hashing steps are not performed correctly. Because UID2 uses the normalized and hashed form of DII to derive the token, an error in either step produces a UID2 token and underlying raw UID2 that do not correspond to the correct values generated from the same DII by other participants.
Prerequisites
To use the UID2 Token Validator, you need:
- A UID2 API Key (Client Key)
- A UID2 Client Secret
If you do not have these, see API Keys for instructions on creating them in the UID2 Portal.
Using the Token Validator
To use the token validator, follow these steps:
- In the fields at the top of the Token Validation section, enter your API Key (Client Key) and Client Secret.
- Select the Operator (environment) you want to validate against. For information about UID2 environments, see Environments.
Validate a Single Token
To validate a single token, follow these steps:
- Under Input Mode, select Single Validation.
- In the Identifier field, enter the DII you used to generate the token. This can be:
- A raw email address
- A raw phone number
- A normalized and then Base64-encoded email hash
- A normalized and then Base64-encoded phone hash
- Select the identifier type that matches your input.
- In the Token field, paste the UID2 token you want to validate.
- Click Validate Tokens.
Validate Multiple Tokens (CSV)
To validate a batch of token-identifier pairs, follow these steps:
- Under Input Mode, select CSV.
- Prepare a CSV file with the following columns:
identifier: The DII (raw email, raw phone, email hash, or phone hash).identifier_type: Eitheremail,phone,email_hashorphone_hash.token: The UID2 token to validate.
- Upload the CSV file.
- Click Validate Tokens.
Interpret Validation Results
When you click Validate Tokens, the Validation Results table displays a row for each token-identifier pair, in the format shown in the following table.
| Column | Description |
|---|---|
| Identifier | The DII you entered. |
| Identifier Type | email, phone, email_hash or phone_hash. |
| Normalized Hash | The Base64-encoded SHA-256 hash of the normalized DII. |
| Token | The token you submitted. |
| Validation | The result of the validation. For details, see the following table. |
The Validation column reflects the response from the POST /token/validate endpoint.
| Validation Result | Meaning |
|---|---|
Token matches identifier | The token matches the provided DII. This means that the token was generated from the correct normalized hash. |
Failed: Token does not match identifier | The token does not match the provided DII. The most likely cause is incorrect normalization or hashing. |
Failed: Invalid token | The token is malformed and cannot be parsed. |
Failed: {"status":"unauthorized"} | The API credentials provided are invalid or unauthorized. |
If the result is Failed: Token does not match identifier, compare the Normalized Hash shown in the results with the value your own implementation produced for the same DII. If they differ, the issue is in your normalization or hashing steps. For details, see Normalization and Encoding and Preparing Emails and Phone Numbers for Processing.