Frequently Asked Questions
Frequently asked questions for EUID are grouped into general categories by audience.
FAQs—General
Here are some frequently asked questions regarding the EUID framework.
- Will all integration partners in the UID2 infrastructure (SSPs, third-party data providers, measurement providers) be automatically integrated with EUID?
- Can users opt out of targeted advertising tied to their EUID?
- When I send personal data to EUID, does EUID store the information?
- Should I use a Public Operator or a Private Operator?
For FAQs relating to mobile publisher integrations, see FAQs for Mobile Integrations.
Will all integration partners in the UID2 infrastructure (SSPs, third-party data providers, measurement providers) be automatically integrated with EUID?
No. EUID has its own framework, which is separate from UID2. As such, paperwork relating to accessing and using the UID2 framework does not automatically grant usage and access to the EUID framework. New contracts are required to be signed for EUID.
Can users opt out of targeted advertising tied to their EUID?
Yes. Through the Transparency and Control Portal, users can opt out from being served targeted ads tied to their EUID. Each request is distributed through the EUID Opt-Out Service, and EUID Operators make the opt-out information available to all relevant participants.
When I send personal data to EUID, does EUID store the information?
No. None of the components of the EUID service store any personal information.
In addition, in almost all cases, EUID doesn't store any values at all once the POST /token/generate, POST /token/refresh, or POST /identity/map call is complete. A necessary exception is the case where a user has opted out. In this scenario, EUID stores a hashed, opaque value to indicate the opted-out user. The stored value cannot be reverse engineered back to the original value of the personal data, but can be used to identify future requests for an EUID generated from the same personal data, which are therefore denied.
Should I use a Public Operator or a Private Operator?
For most participants, Public Operator is the simplest solution. A Public Operator integration is a much easier option than hosting your own Private Operator. Having a Private Operator instance has some advantages, but adds extra complexities and costs.
The best choice depends on your unique scenario and needs. For more information to help you arrive at a decision, refer to the following:
FAQs for Publishers
Here are some frequently asked questions for publishers using the EUID framework.
- How can I test that the personal data sent and the returned token match up?
- Do I need to decrypt tokens?
- How will I be notified of user opt-out?
- Where should I make token generation calls—from the server side or the client side?
- Can I make token refresh calls from the client side?
- If I choose to manually refresh the token, how will I know when to refresh the token?
- How can I test the refresh token workflow?
- What is the uniqueness and rotation policy for EUID tokens?
- What does an EUID token look like in the bidstream?
- Can I integrate EUID with Single Sign-On (SSO)?
How can I test that the personal data sent and the returned token match up?
You can use the POST /token/validate endpoint to check whether the personal data that you are sending through POST /token/generate is valid. POST /token/validate
is used primarily for testing purposes.
For details, see Using POST /token/validate to Test.
Do I need to decrypt tokens?
No, publishers do not need to decrypt EUID tokens.
How will I be notified of user opt-out?
If the user has opted out, the API response notifies you in either of these cases:
- When you generate the EUID token by a call to the POST /token/generate endpoint, either directly or via one of the EUID SDKs, using the required
optout_check
parameter with a value of1
. - When you refresh the EUID token by a call to the POST /token/refresh endpoint, either directly or via one of the EUID SDKs.