Learn how to integrate Universal ID with your DSP

Universal ID Overview

Solution Overview

RTB Process

  1. The Publisher first loads its CMP and captures the user’s consent preferences. This is essential before any IDs or ads are requested or delivered

  2. The Publisher calls ID5 (via the ID5 API, a header bidding identity module, or server-to-server) to request the ID5 ID, which can then be placed in cache (in the user’s browser or the publisher’s server) to avoid unnecessary http requests on future page views. 

  3. Via the publisher’s header bidding wrapper, or through a direct integration, SSPs receive the ID5 ID in the ad request to their servers

  4. SSPs pass the ID5 ID into the OpenRTB bid request that they send to their DSP partners

  5. Outside of the RTB process, DSPs receive keys from ID5 so they can properly decrypt the value they receive in bid requests. DSPs will also receive merge instructions from ID5 to link publisher-specific IDs together.

Data Integrations

  1. Publisher first loads its CMP and captures the user’s consent preferences. This is essential before any IDs or ads are requested or delivered

  2. The Publisher calls ID5 (via the ID5 API or server-to-server) to request the ID5 ID, which can then be placed in cache (in the user’s browser or the publisher’s server) to avoid unnecessary http requests on future page views. 

  3. The data platform’s tag on the publisher’s page retrieves the ID5 ID and passes it, along with any other data signals they normally use, to their servers for processing

  4. The data platform pushes the data to the DSP and includes the ID5 ID in addition to, or instead of, the normal user IDs they pass

  5. Outside of the data ingestion process, DSPs receive keys from ID5 so they can properly decrypt the value they receive in bid requests. DSPs will also receive merge instructions from ID5 to link publisher-specific IDs together.

ID5 Integration Overview

Integration Phases

Phase 1: Listen & Log

Phase 2: Read & Use

Phase 3: Enrich & Measure

ID5 Integration Details

ID5 Partner Creation

Before getting started with the Universal ID, we need to make sure you have an ID5 Partner account. If you are not already integrated with ID5, reach out to contact@id5.io and we’ll get you set up right away.

Receiving the ID5 ID from SSPs

From OpenRTB Bid Requests

SSPs may pass the ID5 ID within the OpenRTB bid request to DSPs for logging, user lookup, and bidding usage. While OpenRTB still hasn’t standardized the location for the ID5 ID (or other identity provider IDs), the user.ext.eids array is recommended (but should be agreed upon with your SSP partners):

{ "user": {
      "id": "SSP_UID",       // remains unchanged
      "buyeruid": "DSP_UID", // remains unchanged
      "ext": {
          "eids": [{
              "source": "id5-sync.com",
              "uids": [{
                  "id": "ID5-abc123", // the ID5 Universal ID
                  "ext": {
                      "linkType": 2 // 0 = unlinked; 1 = probabilistic; 2 = deterministic
                  }
              }]
          }]
      }
}}

From BidSwitch Bid Requests

Per BidSwitch’s Buyer Protocol v6.0, the Universal ID will be sent to DSPs in the user.ext.xuid array. The provider value will be "id5". Note that Bidswitch does not currently pass the "linkType" field. If you are interested in receiving this field from them, please let them know.

{ "user": {
      "id": "SSP_UID",       // remains unchanged
      "buyeruid": "DSP_UID", // remains unchanged
      "ext": {
          "xuid": [{
              "id": "ID5-abc123", // the ID5 Universal ID
              "provider": "id5"
         }]
     }
}}

ID Decryption

Decrypting the Universal ID

ID5 encrypts the ID that we return in order to enforce the privacy preferences of the consumer and the publisher. To learn more about how to decrypt the ID, please visit Decrypting the Universal ID (login required).

Privacy & Regulations

Privacy-by-Design

ID5 has built a privacy-by-design shared ID service for publishers and ad tech vendors. Our service leverages the IAB’s Transparency and Consent Framework (TCF) and US Privacy Framework to capture the user’s privacy preferences.

As a shared ID provider, ID5 acts as a Controller of the Universal ID, and thus, we must receive a valid legal basis to process requests. When we receive a request for the ID5 ID, we check that we have a legal basis to store our user ID in a cookie before proceeding; if we don’t have one, we do not read our cookie or write to it as part of the HTTP response.

When ID5 returns an ID to the page, the value is encrypted in such a way that only platforms that have authorization to process data (based on the consumer’s and publisher’s privacy preferences) are able to decrypt the string back to a stable ID. By doing so, ID5 enforces privacy preferences and regulations, ensuring that no downstream party can understand the ID without the proper legal basis to do so. When the ID is non-decryptable, the request is truly anonymized, preventing any personal data from being retrieved or processed.

Privacy Policy

For our Platform Privacy Policy, please visit https://id5.io/platform-privacy-policy.