See Real Time Bidding API Components for more information on the Real Time Bidding API
API calls happen over a REST-like Interface using the HTTP GET or POST request and response mechanism.
Bid requests will be sent to Demand Partner as URL parameters and POST data. The data that a Demand Partner elects to receive in the request will dictate if POST data will be used.
Sample API request format with details of the impression:
Sample API Response Format
The following are GDPR-specific parameters.
Example of Google EB Request
GDPR Parameters Format
|gdpr||No||Integer||Possible values: 0 or 1 to indicate whether or not the impression is GDPR-regulated.|
|consent||No||String||If the Regs.ext.gdpr flag is 1 then this string gives consent information of various vendors.|
|consented_providers||No||Array of Integers|
Set of IDs corresponding to providers for whom the publisher has told Google that its EEA (European Economic Area) users have consented to the use of their personal data for ad personalization.
Note: Only applicable to Google EB requests.
API Request Parameters
From PubMatic to Ad Network in HTTP URL parameters.
|requestId||Yes||No||A unique request ID is generated by PubMatic. It should be returned back in response for correlating and verification purpose. Limited to 40 bytes.|
|uid||No||No||Unique ID is generated by PubMatic for the user|
Limited to 40 bytes
|ip||No||No||The public IP address of the user.|
Limited to 16 bytes.
X-Forwarded-For HTTP header as received by PubMatic
|adWidth||Yes||No||Width of the ad unit. Limited to 4 bytes.|
|adHeight||Yes||No||Height of the ad unit. Limited to 4 bytes.|
|pubId||No||No||ID of Publisher as identified by PubMatic.|
|siteId||No||No||ID of Site as identified by PubMatic.|
|adId||No||No||ID of Ad Tag as identified by PubMatic.|
Limited to 12 bytes.
|adPosition||No||No||Absolute Position of the ad in the page.|
Represented in LeftxTop. Limited to 10 bytes.
If we are unable to find the position, value would be -1x-1.
User defined Fold position of the ad slot.
System detected Fold position of the ad slot.
|freq||No||No||The number of times the user was delivered an ad from a Demand Partner in the last 24 hours, starting from the time when the user first saw the ad from this Demand Partner. This would be passed only if there is a frequency cap set. Limited to 4 bytes.|
|bidCurrency||Yes||No||Currency of the bid/deal floor values being passed in the RTB request.|
|timezone||No||No||The local time zone of the user browsing the page. Time zone is represented in hourly offset relative to GMT. Limited to 6 bytes.|
Example: 5.5 (represents IST)
Example: -8 (represents PST)
|inIframe||No||No||Flag identifying whether the Impression is coming from inside an Iframe or not. Valid values: 0/1.|
0-not in Iframe, 1-in Iframe
|inMultipleNestedIframes||No||No||Flag identifying whether the Impression is coming from more than one nested Iframes or not. Valid values: 0/1.|
0-not in nested Iframe, 1-in nested Iframe
|screenResolution||No||No||Resolution of the user screen.|
Represented in widthxheight. Limited to 10 bytes.
|language||No||No||Language settings of the user. Details received through HTTP Accept-Language header. URL encoded string. Limited to 64 bytes.|
|browser||No||No||Browser details of the user. Details received through HTTP User-Agent header. URL encoded string. Limited to 128 bytes.|
Any cookie parameters that the Demand Partner has set via PubMatic (via PubMaticäó»s user sync service and the piggyback cookie mechanism).
|pageurl||Yes||No||The URL of the page that contains the impression (not an Iframe). URL encoded string. Limited to 512 bytes.|
|siteurl||Yes||No||The base URL of the site as configured in PubMatic. URL encoded string. Limited to 512 bytes.|
Referring URL, if the referring URL was retrieved.
|pmpEnable||No||No||If PMP has been enabled for a site, the flag is set to 1.|
|secure||No||No||If the page from which ad request originates is äóěhttpsäóť, then the value is 1. It is expected that the partners will respond with an äóěhttpsäóť creative URL. The bid will not be considered for auction if creativeURL in RTB response is äóěhttpäóť and secure flag is 1.|
If the user has opted out of the PubMatic system, this parameter will get passed with value as 1; otherwise its value will be 0.
ID of the content category that PubMatic has assigned to the publisheräó»s Web site.
The United States Federal Trade Commission has changed the compliance rules for the Childrenäó»s Online Privacy Protection Act (äóěCOPPAäóť), effective July 1, 2013. The proposal effects websites and applications that have been identified as: (1) directed to users under 13 years of age; or (2) collecting information from users actually known to be under 13 (collectively äóěChildrenäó»s Sitesäóť).
Type of platform on which the impression will be displayed. This parameter indicates the primary platform of the property. Possible values are:
API Response Parameters
From Ad Network to PubMatic in HTTP response.
|id||Yes||No||Ad Networkäó»s ID for this bid transaction, used for logging and can be passed as a parameter in the creative call, which helps the Demand Partner to correlate the bid value with the impression.|
Limited to 128 bytes.
|bid||Yes||No||Demand Partneräó»s bid value (eCPM). The bid should be in an approved bidCurrency and is a decimal number (float value) with maximum 4 digits allowed after the decimal point.Example:1.5024|
The bid value has to be 0 if not interested in bidding.
Demand Partneräó»s bid value (eCPM), encrypted using the encryption & authentication keys chosen by Demand Partner. The bid should be encrypted to a string of 38 bytes using hmac-sha2 algorithm conveyed to Demand Partner. This value when decrypted, will be considered to be specified in an approved bid currency and is a decimal number (float value). This is optional & may be used when demand partners chooses to send their bid values encrypted. Please see section on äóěBid Value / Second Price Encryptionäóť for more details.
|buyer||Yes||No||ID of Buyer (Trading Desk/Agency) on DSP end.|
Reference list of Buyer ID äóń details mapping can be done offline. Limited to 16 Bytes.
|bidCurrency||Yes||No||Currency of the bid or ebid value. (Default value: USD)|
URL for returning Java Script code for serving the creative.
URL for returning Html code for serving the creative. This URL should contain variable (MACRO) for replacing with Click Tracking URL during the ad call. Limited to 2048 bytes.
|creativeId||Yes||No||Unique Identifier of the creative. This can be used as reference to report creative violations and by publishers for creative control.|
Limited to 256 bytes. Example: c-1234-36759
|landingPageURL ||Yes||No||Landing Page URL of the Creative to be used for Creative Control äóń URL Block List.|
Limited to 2048 bytes.
Note: This parameter is mandatory if landingPageTLD is not specified. If both äóělandingPageURLäóť and äóělandingPageTLDäóť are absent in bid response, the bid will not be considered for auction.
The domain name of the advertiser whose creative will be served in the ad tag (for example www.advertiser.com or www.advertiser.co.uk). This is used to enforce advertiser block lists.
|creativeAttribute||Yes for RTB Bid Response Transparency||No||Attributes of the creative.|
If the creative to be served is rich media, then it is mandatory to send this parameter in the response. For more details, refer the Creative Attributes table in the reference section of this document. Example: 1
Note: This value should be sent as an integer for a multi-bid response.
|rmt||No||No||Rich media technology of the creative.|
For more details, refer the Rich Media Technologies table in the reference section of this document. Example: pr
Note: This value should be sent as a string for a multi-bid response.
Request ID sent by PubMatic in the request for correlation and verification of the bid.
|campaignI||Yes for RTB Bid Response Transparency||No||Campaign ID or similar that appears within the ad markup.|
|iURL||Yes for RTB Bid Response Transparency||No||Sample Image URL (without cache busting) for content checking.|
|dnbr||No||No||Reason for not bidding on a Private Marketplace deal’s impression. In such cases, Demand Partners are requested to send this value in the response.|
For more details, refer the Deal - No Bid Reason table in the reference section of this document.
Ad Serving when the Demand Partner Wins the Auction
A demand partner can specify a creativeHTMLURL or a creativeJSURL in the bid response to be called to draw down the winning ad tag code.
Specifying HTML URL in response to the bidding API call
Demand Partner can specify the URL of an HTML file to display the ad as the output of the bidding call request made to them along with transaction ID and click tracking URL parameters.
When the Demand Partner wins the auction, PubMatic will then display the ad by returning the HTML code containing an Iframe with the height and width of the ad and the source (src) parameter set to the HTML URL returned by the Demand Partner.
Specifying Creative-Tag in response to the bidding API call
Demand Partner can send creative-tag to display the ad as the output of the bidding call request made to them along with PubMatic macro variables like second_price, click_tracking_url etc.
When the Demand Partner wins the auction, PubMatic will then display the ad by returning the creative-tag to browser. PubMatic Macro variables in the tag will be replaced with corresponding values; otherwise the code will not be modified.
Bid Value / Second Price Encryption
Bid Value Encryption
Demand Partner can opt to send bid value in RTB response to PubMatic in encrypted form. Below given section (“Encryption/Decryption Algorithm”) describes the algorithm in detail.
The process of opting in for sending encrypted bid price in RTB response is as follows:
- An encryption key and an integrity key specified by either Demand Partner or by PubMatic is shared with other party. This key is entered in PubMatic’s system. This is done offline (via email).
- Demand Partner then sends encrypted values as challenge to PubMatic. PubMatic uses its algorithm to decrypt these values to verify interoperability of algorithm implementations. This is also done offline (via email).
- After successful completion of step 2, rtb-support team will do local sandbox testing to ensure correctness across RTB request-response cycle.
- Once confirmed, Demand Partner can send encrypted bid values in live RTB responses.
Second Price Encryption
Demand Partner can opt to receive second price value (substituted in creative URL/ Tag) in encrypted form. Below given section (“Encryption/Decryption Algorithm”) describes the algorithm in detail.
- The process of opting in for encrypted second price in creative URL/Tag is as follows:
- An encryption key and an integrity key specified by either Demand Partner or by PubMatic are shared with other party. This key is entered in PubMatic’s system. This is done offline (via email).
PubMatic then sends encrypted values as challenge to Demand Partner. Demand Partner uses its algorithm to decrypt these values to verify interoperability of algorithm implementations. This is also done offline (via email).
- After successful completion of step 2, RTB-support team will do local sandbox testing to ensure correctness across RTB request-response and Demand Partner creative serving cycle.
Once confirmed, Demand Partner can get encrypted second price values in production environment.
Note Demand Partner can choose to have same authentication and integrity keys for both “Bid Value Encryption” as well as “Second Price Encryption”. Encrypted RTB bid value must be sent in “ebid” parameter in RTB response. Same Second Price Macro will be used to substitute encrypted second price value.
Algorithm for Encryption
- The algorithm we use is symmetric key algorithm. It uses encryption key for encrypting & decrypting the values and integrity key for authenticating the received data.
- Generate a 16 byte string called initial vector, first 8 byte of which contains timestamp & remaining 8 bytes contain random number. Represent 8 byte double values as 8 byte plain_text.
- encoded_text(8 bytes) = plain_text(8 bytes) ^ HMAC-SHA256(initialization_vector(16 bytes), encryption key).
- signature(4 bytes) = HMAC-SHA256(initialization_vector(16 bytes) + plain_text(8 bytes), integrity key).
- final_text(38 bytes)= convert_into_web_safe_base64 _string[initialization_vector(16 bytes) + encoded_text(8 bytes) + signature(4 bytes) ].
- This final_text is then sent as final encrypted value. Web_safe_base64 doesn’t have padding and replaces “+” by “-” and “/” by “_”.
Algorithm for Decryption
- encrypted_text(28 bytes) = decode_web_safe_base64_string(final_text(38 bytes)).
- Segregate encrypted_text (28 bytes) into initialization_vector(16 bytes), encoded_text(8 bytes) & signature(4 bytes).
- plain_text(8 bytes) = encoded_text(8 bytes) ^ HMAC-SHA256(initialization_vector(16 bytes), encryption_key).
- Integrity_hash(4 bytes) = HMAC-SHA256(initialization_vector(16 bytes) + plain_text(8 bytes), integrity_key).
- Verify integrity of received data by comparing integrity_hash & signature.
API - Inline List Sharing Mechanism
Demand Partners can opt to receive optional data parameters in the bid request. Due to the size of some of this data, PubMatic will send these requests as an HTTP POST with the additional data in the POST body formatted as JSON.
Only available data will be added into the JSON Structure. If there is no POST data to be sent, the resulting bid request will be sent as a GET.