How the EUID Token Is Created
This article describes how the EUID token that the publisher sends in the bidstream is created.
When a publisher sends a user's personal data—hashed or unhashed email addresses or phone numbers—to the EUID Operator, and in return receives an EUID token to use for targeted advertising, there is a very specific sequence of processing steps that occurs along the way.
Some preliminary steps are taken by the publisher, but most of the processing steps are done by the EUID Operator.
It's very important that the publisher steps are performed in the correct sequence:
- When steps are performed in sequence, the resulting value can be recognized as related to other EUID identifiers generated from online activity by the same individual: the underlying raw EUID matches the raw EUIDs generated by other EUID participants from the same personal data, and therefore the token is suitable for targeted advertising.
- If steps are taken out of sequence, the resulting value cannot be related to other EUID identifiers generated from online activity by the same individual, and therefore the token is not suitable for targeted advertising.
For a summary, see Steps to Create an EUID Token. For an example in diagram form, see Creating an EUID Token—Example.
Steps to Create an EUID Token
The following table shows the steps for creating an EUID token from personal data, the sequence, and who performs each step.
For an example with sample values, see Creating an EUID Token—Example.
| Step | Action | Who Does It? | Documentation |
|---|---|---|---|
| 1 | Normalize. | Email: Publisher or EUID Operator Phone number: Publisher must normalize | Email Address Normalization Phone Number Normalization |
| 2 | Apply SHA-256 hashing to the normalized email address. | Publisher or EUID Operator | Email Address Hash Encoding Phone Number Hash Encoding |
| 3 | Apply Base64 encoding to the SHA-256 hash. | Publisher or EUID Operator | Email Address Hash Encoding Phone Number Hash Encoding |
| 4 | Send value to EUID Operator via the POST /token/generate endpoint, an SDK, Prebid.js, or another supported integration. | Publisher | Various: for a summary, see Implementation Resources |
| 5 | Perform multiple steps including hashing and adding the secret salt value to create a raw EUID. | EUID Operator | Not applicable: these steps are all performed by the EUID Operator. |
| 6 | Encrypt the raw EUID to create an EUID token. | EUID Operator | Not applicable: performed by the EUID Operator. |
Creating an EUID Token—Example
The following diagram shows the high-level steps for creating a raw EUID (first column, second column) and then an EUID token (third column).
The publisher can send a request to the POST /token/generate endpoint or use one of the other integration options, such as an SDK or Prebid. Whatever the integration option, the result is an EUID token—an encrypted value that the publisher can send in the bidstream for targeted advertising.
