Skip to main content

EUID Glossary

This page defines some key terms used in the EUID documentation.

A

Advertising ID
Advertising ID is another term for a raw EUID.
Advertising token
Advertising token is another term for a EUID token.
API key
Each EUID participant using a server-side implementation has an API key (client key) and also a secret value associated with the key, called the client secret (API secret). The client secret is known only to the participant and the EUID service.
For details, see EUID Credentials.
API secret
See client secret.
App name
In the context of mobile integrations, the app name is the Android application ID, the iOS app store ID, or the iOS bundle identifier.
Authorization header
The Authorization header is a way to authenticate the client to the EUID service.
For details, see 11.6.2. Authorization in RFC 9110, the HTTP specification.

B

Bearer token
A bearer token is a special string that identifies the client. For authentication, some EUID endpoints require the client key to be specified as a bearer token in the Authorization header of the request: for example, POST /token/generate.

C

Client key
See API key.
Client secret
Each EUID participant using a server-side implementation has an API key (client key) and also a secret value associated with the key, called the client secret (API secret). The client secret is known only to the participant and the EUID service.
For details, see EUID Credentials.
Closed Operator
Closed Operator is another term for a Private Operator.
Core Service
The EUID Core Service is a centralized service that manages access to salts, encryption keys, and other relevant data in the EUID ecosystem.
For an overview of all the EUID services, see Components.

D

Data provider
In the context of EUID, a data provider is any entity that provides data and measurement services relating to advertising, such as a data partner, measurement partner, or offline measurement provider.
For details, see participant (Data Providers).
Demand-side platform (DSP)
A demand-side platform (DSP) provides services to companies that want to buy digital advertising, such as advertisers, brands, and media agencies.

E

Enclave
An enclave is a secure subsection of a computing environment. The enclave has additional business logic and security measures applied to it, to prevent anyone from tampering with it.
In the context of EUID, a Private Operator must run inside an enclave or in a private environment.
In an enclave, the operator image must be a very specific, predefined version, and additional constraints are applied to ensure security.
EUID framework
The European Unified ID (EUID) framework enables deterministic identity for advertising opportunities on the open internet for many participants across the advertising ecosystem. It enables logged-in experiences from publisher websites, mobile apps, and Connected TV (CTV) apps to monetize through programmatic workflows. Built as an open-source, standalone solution with its own unique namespace, the framework focuses on transparency and privacy.
EUID identifier
There are two European Unified ID (EUID) identifier types: raw EUIDs and EUID tokens (also known as advertising tokens).
For details, see EUID Identifier Types.
EUID service
The European Unified ID (EUID) service is a set of components, API endpoints, and other types of solutions that collectively implement the EUID framework and provide clients with access to the relevant EUID functionality.
The term "EUID service" is also used to mean the EUID Operator Service.
EUID token (advertising token)
A European Unified ID (EUID) token, also called an advertising token, is an encrypted form of a raw EUID.
EUID tokens are generated from hashed or unhashed email addresses that are converted to raw EUIDs and then encrypted. The EUID token is a unique value; no two EUID tokens are the same. EUID tokens are case sensitive.
The token has a limited life, but can be refreshed in the background using the refresh token.
Publishers send EUID tokens in the bidstream.
For details, see EUID Identifier Types.
European Unified ID (EUID)
The term EUID can be used to mean the EUID framework, the EUID service, a raw EUID, or a EUID token (advertising token).

F

First-level hash
In the context of EUID, the first-level hash is the anonymized, opaque, secure value from which the raw EUID, EUID token, and refresh token are generated. Several cryptographic functions, including salting and hashing, are applied to the initial email, to create the first-level hash.

H

Hash
A hash function converts a set of data of varying/arbitrary size to a set of data of fixed size. The result of the hash function is called a hash, digest, or hash value.
Hashing is a one-way function. The same input value, hashed, always yields the same output value, but there is no corresponding function to take the output value and arrive at the input value. Hashing is a security measure.
EUID uses the SHA-256 hashing algorithm.

I

Identity
In the context of EUID, the term "identity" refers to a package of values that includes the EUID token, the refresh token, and associated values such as timestamps. This set of values is returned in the response from the POST /token/generate endpoint and also from the POST /token/refresh endpoint.

J

JSON Web Token (JWT)
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims (pieces of information) to be sent from one party to another over the web. The claims in a JWT are encoded as a JSON object that is used either as the payload of a JSON Web Signature (JWS) structure or as the plain text of a JSON Web Encryption (JWE) structure. This enables the claims to be digitally signed and/or encrypted.

N

Normalize
To normalize a data set means to bring it to a standard condition or state.
EUID includes specific normalization rules. For details, see Email Address Normalization.

O

Open Operator
Open Operator is another term for a Public Operator.
Operator
An Operator is an organization or entity that runs the EUID Operator Service. The EUID Operator is the API server in the EUID ecosystem.
Operators perform multiple functions, such as receiving encryption keys and salts from the EUID Core Service, salting and hashing personal data to return raw EUIDs, and encrypting raw EUIDs to generate EUID tokens.
A participant can also choose to become a Private Operator to access EUID APIs and to generate raw EUIDs and EUID tokens from within a private infrastructure.
For details, see participants.
Operator key
Each EUID Private Operator has an operator key that allows the private Operator Service to connect to the Core Service and Opt-Out Service and call some endpoints on it.
The operator key identifies the participant Operator to the EUID service.
Operator Service
A service that enables all functions of the Operator.
For an overview of all the EUID services, see Components.
Opt-out
An end user who participates in the EUID ecosystem can opt out at any time by going to the Transparency and Control Portal.
For details, see Components.
Opt-Out Service
The Opt-Out Service is a global EUID service that manages and stores user opt-out requests.
For an overview of all the EUID services, see Components.

P

Participant
An entity that fulfils a key role in EUID. Participants include the following: Core Administrator, Operator, DSP, data provider, advertiser, publisher, consumer.
For details, see participants.
Personal data
In general, personal data is information that relates to an identified or identifiable individual, including name, email address, or phone number.
EUID supports email address, and translates the personal data to a value that can be used for the purpose of targeted advertising but cannot by itself be traced back to the original value.
Private Operator
A Private Operator is an entity that runs a private instance of the Operator Service. The Private Operator generates and manages EUIDs for itself, using its own resources (such as hardware) in a secure environment.
Private Operator Service
A private instance of the Operator Service, run by a Private Operator.
Public key
For client-side publisher integrations, the public key is one of the two values issued to publishers as their EUID credentials. For details, see Subscription ID and Public Key.
Public Operator
A Public Operator is an entity that runs a public instance of the EUID Operator Service. For example, The Trade Desk currently serves as a Public Operator for the EUID framework, available to all participants.

R

Raw EUID
An unencrypted alphanumeric identifier created through the EUID APIs or SDKs with the user's personal data (email address) as input. To prevent re-identification of the original personal data, the input value is hashed if it was not already hashed, then salted, and then hashed again to create the raw EUID. The process that creates the raw EUID is designed to create a secure, opaque value that can be stored by advertisers, third-party data providers, and demand-side platforms (DSPs).
The raw EUID is encrypted to create an EUID token. The raw EUID is a unique value; no two raw EUIDs are the same. Raw EUIDs, and their associated EUID tokens, are case sensitive.
For details, see EUID Identifier Types.
Refresh token
A refresh token is an opaque string that is issued along with the EUID token. It is used to refresh the EUID token, which has a limited life.
When the EUID server receives the refresh token with a request for a new EUID token, it checks for user opt-out. If the user has opted out of EUID, no new EUID token is generated.
When a new EUID token is generated and returned, a new refresh token is returned along with it. However, if the user is inactive for a long period of time, the refresh token itself expires.

S

Salt
A string of characters that is used in the process of transforming an email address into a secure, opaque value that cannot by itself be traced back to the original value.
The EUID service uses salt as part of the process, along with hashing and encryption, to secure the original value. Salt is added to the input value before hashing.
Salted hash
When a salt value is added to the input string before applying the hash function, the result is a salted hash. When the input value is salted before hashing, an attacker who has the hash cannot determine the input value by trying many possible inputs to arrive at the same output.
Secret
See client secret.
SHA-256
SHA-256 is the secure hashing algorithm that EUID uses.
SHA-256 is part of the SHA-2 family of algorithms developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to succeed SHA-1. Each algorithm is named according to the number of bits in the output, so SHA-256 has 256 bits.
For details, see https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf (specification).
Subscription ID
For client-side publisher integrations, the subscription ID is one of the two values issued to publishers as their EUID credentials. For details, see Subscription ID and Public Key.

T

Transparency and Control Portal
The EUID Transparency and Control Portal is a user-facing website, https://www.transparentadvertising.eu/, that allows consumers to opt out of EUID at any time.

U

UTC
UTC is an abbreviation for Coordinated Universal Time, also called Zulu time, which is the primary time standard in general use. UTC essentially equates to Greenwich Mean Time (GMT), but is more scientifically precise.