Implement secure signals without GPT, GMA, or IMA SDKs

Google Ad Manager uses the GPT SDK to collect and send secure signals for web ad requests. For mobile apps and video inventory, an adapter from the secure signal provider or Google Ad Manager is typically required to integrate with the GMA and IMA* SDKs, respectively.

However, when publishers need to manage and build their own ad requests for mobile apps or video, particularly for CTV, they are also responsible for collecting and including these secure signals in those requests.

Requirements

1. Structure your signals in a JSON object
2. Encode the JSON object
3. Append the encoded signal to your ad request URL
4. (Optional) Implement a caching mechanism
5. Configure signal sharing in Google Ad Manager

When a publisher constructs their own ad request, the following steps must be performed in order to collect and include their desired secure signals:

1. Structure your signals in a JSON object

First, you need to collect the secure signal data and format it into a JSON object. This JSON should represent all the signals you want to send. A secure signal can be either:

• Third-party generated: Signals defined by an external provider. In the JSON, you'll specify the source (the provider's ID), the data (the output from their library), and set isPubCreated to false.
• Publisher-created (custom): Signals defined by the publisher. For these, the source is your Google Ad Manager network code, the data is your custom signal, and isPubCreated is true.

Here's an example of what this JSON object would look like:

Signal "source": "SOURCE1" is a third-party generated signal

• source is the third-party's source_id (as shared by the provider during registration – for example: "liveramp.com", "uidapi.com", "pubcid.org")
• data is output of the signal provider's library and the core payload of the signal.
• isPubCreated is set to false

Signal "source": "123" is a publisher created Custom Secure signals

• source is the publisher's network code
• data is the publisher created signal that a bidder should be able to decode. The signal must be obfuscated before being sent to Google.
• isPubCreated is set to true

There are a number of methods publishers can take to convert an object to a string, depending on their needs and capabilities. One popular method is JSON.stringify(), which is the function specifically designed to serialize a JavaScript object into a JSON string. This string is a precise, text-based representation of your data, ready for transmission.

After JSON.stringify()
{"signals":[{"source":"SOURCE1","data":"DATA1","isPubCreated":false},{"source":"123","data":"DATA2","isPubCreated":true}]}

2. Encode the JSON object

Once you have your json string, you must convert it into Base 64 Encoding with URL and Filename Safe Alphabet that can be safely appended to an ad request URL for transmission.

eyJzaWduYWxzIjpbeyJzb3VyY2UiOiJTT1VSQ0UxIiwiZGF0YSI6IkRBVEExIiwiaXNQdWJDcmVhdGVkIjpmYWxzZX0seyJzb3VyY2UiOiIxMjMiLCJkYXRhIjoiREFUQTIiLCJpc1B1YkNyZWF0ZWQiOnRydWV9XX0

3. Append the Encoded signal to your ad request URL

Finally, you will construct your ad request URL and include the encoded string as the value for the ssj parameter. The ssj parameter is specifically designed for carrying this publisher-created, secure signal JSON object.

The final URL would look similar to this:

https://pubads.g.doubleclick.net/gampad/ads?iu=/12345678/video&description_url=...&ssj=your_Base64_encoded_string

4. (Optional) Implement a caching mechanism

For server-side secure signal implementations, implementing a caching mechanic can mitigate against latency. While not required, the responsibility for implementing and managing this caching falls to the publisher. Your implementation would require the following steps:

1. Generate a signal: Create your secure signal JSON object.
2. Store the signal: Implement a mechanism to store the encoded signal string (for example, in a server-side cache, database, or a local cache on the client device). The choice of storage method sits with the publisher.
3. Set an expiration time: Decide on a reasonable duration for which the signal remains valid. This duration should be long enough to cover multiple ad requests but short enough to ensure the signal doesn't become outdated.
4. Retrieve and use: When a new ad request is needed, your system would first check the cache. If a valid, non-expired signal exists, it's retrieved and appended to the ad request URL. If the signal is expired or doesn't exist, a new one is generated, used, and then cached for future use.

5. Configure signal sharing in Google Ad Manager

Finally, in Google Ad Manager you will need to ensure your secure signals can be shared with bidders and curation partners, which you can do so following the summary steps below.

1. Sign in to Google Ad Manager.
2. Navigate to Admin , then Global Settings, then Ad Exchange account settings.
3. Click the toggle to accept terms and conditions for "Secure signal sharing".
4. Navigate to Inventory, then Secure signals.

   Ensure the deployment method currently located in the "Web integration deployment" column is set to "Publisher deploy" for the relevant signal(s).

   Note: If you also use the Prebid UserID module to send the same signals on web GPT-based requests, this method will continue to function as expected.
5. Navigate to Delivery, then Demand channel settings.

   Ensure secure signals are allowed to be sent to all or selected Authorized Buyers and Open Bidding partners.

For details, refer to Share secure signals with bidders and curation partners.