1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17import "google/protobuf/struct.proto"; 18 19package com.android.adservices.service.proto.bidding_auction_servers; 20 21// ProtectedAuctionInput is generated and encrypted by the client, 22// passed through the untrusted Seller service, and decrypted by the 23// SellerFrontEnd service. 24// It is the wrapper for all of BuyerInput and other information required 25// for the Protected Audience auction. 26message ProtectedAuctionInput { 27 // Input per buyer. 28 // The key in the map corresponds to IGOwner (Interest Group Owner) that 29 // is the Buyer / DSP. This string that can identify a 30 // buyer participating in the auction. The value corresponds to plaintext 31 // BuyerInput ingested by the buyer for bidding. 32 map<string, bytes> buyer_input = 1; 33 34 // Publisher website or app. 35 // This is required to construct browser signals for web. 36 // It will also be passed via GetBids to buyers for their Buyer KV lookup 37 // to fetch trusted bidding signals. 38 string publisher_name = 2; 39 40 // A boolean value which indicates if event level debug reporting should be 41 // enabled or disabled for this request. 42 bool enable_debug_reporting = 3; 43 44 // Globally unique identifier for the client request. 45 string generation_id = 4; 46 47 // Consented debugging field. 48 ConsentedDebugConfiguration consented_debug_config = 5; 49 50 // Optional. 51 // A boolean value which indicates whether temporary unlimited egress should 52 // be enabled. 53 bool enable_unlimited_egress = 6; 54 55 // Optional field (note: this will become a required field in 2025). 56 // The request timestamp represents when the SSP requests an ad auction to be run. 57 // For Android, the request timestamp will come from the system clock on the device. 58 int64 request_timestamp_ms = 7; 59 60 // Maximum number of ghost winners for K-Anonymity controlled by platform (Chrome, 61 // Android) for experimentation. 62 // By default this is set to 1 on the server side, hence client should 63 // populate the field if and only if they want to override for 64 // experimentation. 65 optional int32 num_k_anon_ghost_winners = 8; 66 67 // Clients can indicate whether K-Anonymity is enforced for the traffic. 68 // By default, this would be false, i.e. K-Anonymity is not enforced. 69 bool enforce_kanon = 9; 70 71 // Clients can indicate whether this request can be used for debug. 72 // By default, this would be false, i.e. cannot be used for debug. 73 // Currently Android request where ad-id is not zeroed out is eligible. 74 bool prod_debug = 10; 75} 76 77// Grouping of data pertaining to protected app signals. 78message ProtectedAppSignals { 79 // Raw and system signals from device that can help generate a relevant app 80 // install ad for user. 81 bytes app_install_signals = 1; 82 83 // Version of the encoding used for the protected app signals. 84 int32 encoding_version = 2; 85} 86 87// A BuyerInput includes data that a buyer (DSP) requires to generate bids. 88message BuyerInput { 89 // CustomAudience information passed from the client. 90 message CustomAudience { 91 reserved 7; 92 93 // Required. 94 // Name or tag of Custom Audience. 95 string name = 1; 96 97 // Required to trace back to origin of the winner ad 98 // NOTE: Corresponds to "origin" on B&A side 99 string owner = 8; 100 101 // Required to fetch real time bidding signals from buyer's key/value 102 // server. 103 repeated string bidding_signals_keys = 2; 104 105 // Optional. 106 // Ids of ad_render_urls generated by the DSP / Buyer and passed to the 107 // client. Then client passes this in CustomAudience if available. 108 // Note: If the Buyer doesn't generate the ad_render_id, then their 109 // GenerateBid() should dynamically generate the url for the bid. The 110 // winning ad render url returned back to the client will be validated with 111 // the Interest Group information on the client. 112 repeated string ad_render_ids = 3; 113 114 // Optional. 115 // Ids of ad_component_render_url(s) generated by the DSP / Buyer and passed 116 // to the client. 117 // 118 // Note: If the Buyer doesn't generate the ad_component_render_id, device 119 // will not pass ads to Bidding and Auction services to ensure payload size 120 // is small. In this case, GenerateBid() should dynamically generate the 121 // urls for component ads.The winning ad render url returned back to the 122 // client will be validated with the Interest Group information on the 123 // client. 124 repeated string component_ads = 4; 125 126 // Optional. 127 // User bidding signal that may be ingested during bidding. 128 // This is a JSON array. 129 // NOTE: If this is used by the Buyer for bidding, it is recommended to 130 // fetch this server side from Buyer Key / Value server to keep request 131 // payload size small. 132 string user_bidding_signals = 5; 133 134 // Required for bidding. 135 // Contains filtering data, like Frequency Cap. 136 oneof DeviceSignals { 137 // Information passed by Android. 138 AndroidSignals android_signals = 6; 139 } 140 } 141 // The Custom Audiences owned by the buyer. 142 repeated CustomAudience custom_audiences = 1; 143 144 // Signals from device that can help generate a relevant app install ad for 145 // users. 146 ProtectedAppSignals protected_app_signals = 2; 147} 148 149// Information passed by Android. 150message AndroidSignals {} 151 152// Protected Audience auction result returned from SellerFrontEnd to the client 153// through the Seller service. It is encrypted by the SellerFrontEnd, passed 154// through the untrusted Seller service and decrypted by the client. Note that 155// untrusted Seller service will be unable to determine if there was a 156// successful auction result, so the client must check the value of is_chaff. 157message AuctionResult { 158 // The ad that will be rendered on the end user's device. 159 string ad_render_url = 1; 160 161 // Render URLs for ads which are components of the main ad. 162 repeated string ad_component_render_urls = 2; 163 164 // Name of the Custom Audience, the remarketing ad belongs to. 165 string custom_audience_name = 3; 166 167 // Owner of the Custom Audience, the remarketing ad belongs to. 168 // NOTE: Corresponds to "origin" on B&A side 169 string custom_audience_owner = 13; 170 171 // Domain of the Buyer who owns the winner ad. 172 // Note: When compared to B&A this corresponds to interest_group_owner field. 173 string buyer = 4; 174 175 // Score of the ad determined during the auction. Any value that is zero or 176 // negative indicates that the ad cannot win the auction. The winner of the 177 // auction would be the ad that was given the highest score. 178 // The output from ScoreAd() script is desirability that implies score for an 179 // ad. 180 float score = 5; 181 182 // Bid price corresponding to an ad. 183 float bid = 6; 184 185 // Boolean to indicate that there is no remarketing winner from the auction. 186 // AuctionResult may be ignored by the client (after decryption) if this is 187 // set to true. 188 bool is_chaff = 7; 189 190 // The reporting urls registered during the execution of reportResult() and 191 // reportWin(). 192 WinReportingUrls win_reporting_urls = 8; 193 194 // Debugging URLs for the Buyer. This information is populated only in case of 195 // component auctions. 196 DebugReportUrls buyer_debug_report_urls = 9; 197 198 // Debugging URLs for the Seller. This information is populated only in case 199 // of component auctions. 200 DebugReportUrls seller_debug_report_urls = 10; 201 202 // List of custom audience indices that generated bids. 203 message CustomAudienceIndex { 204 // List of indices of custom audiences. These indices are derived from the 205 // original ProtectedAudienceInput sent from the client. 206 repeated int32 index = 1; 207 } 208 209 // Map from the buyer participating origin (that participated in the auction) 210 // to custom audience indices. 211 map<string, CustomAudienceIndex> bidding_groups = 11; 212 213 // In the event of an error during the SelectAd request, an Error object will 214 // be returned as a part of the AuctionResult to indicate what went wrong. 215 message Error { 216 // Status code. 217 int32 code = 1; 218 219 // Message containing the failure reason. 220 string message = 2; 221 } 222 223 // Error thrown during the SelectAd request. If there is no error and the 224 // request completes successfully, this field will be empty. 225 Error error = 12; 226 227 // Specifies type of the ad. It can help differentiate between ads when 228 // B&A is supporting multiple ad targeting use cases concurrently. 229 enum AdType { 230 UNKNOWN = 0; 231 232 // Remarketing ad. 233 REMARKETING_AD = 1; 234 235 // An app install ad. 236 APP_INSTALL_AD = 2; 237 } 238 239 // Type of the winning ad. 240 AdType ad_type = 14; 241 242 message AuctionParams { 243 // Component Seller domain. 244 // This field is used to tie the auction result to a specific component 245 // seller. This field is returned in server orchestrated 246 // component and top level auctions. 247 // 1. This is returned from a server orchestrated component auction and passed 248 // by the top level seller as part of component_auction_results in the top level 249 // auction. The top level seller's scoreAd function then receives this as input. 250 // 2. This is returned from top level auction conducted using server orchestrated 251 // component_auction_results. This is then passed to the device (Android) which 252 // uses the field to deduce the winning seller for the SDK. 253 string component_seller = 2; 254 } 255 256 // This is populated for multi seller auctions. 257 AuctionParams auction_params = 18; 258} 259 260// The reporting urls registered during the execution of reportResult() and 261// reportWin(). These urls will be pined from the client. 262message WinReportingUrls { 263 message ReportingUrls { 264 // The url to be pinged for reporting win to the Buyer or Seller. 265 string reporting_url = 1; 266 267 // The map of (interactionKey, URI). 268 map<string, string> interaction_reporting_urls = 2; 269 } 270 271 // The reporting urls registered during the execution of 272 // reportWin(). These urls will be pinged from client. 273 ReportingUrls buyer_reporting_urls = 1; 274 275 // The reporting urls registered during the execution of reportResult() of the 276 // seller in case of single seller auction and component seller in case of 277 // multi seller auctions. These urls will be pinged from client. 278 ReportingUrls component_seller_reporting_urls = 2; 279 280 // The reporting urls registered during the execution of reportResult() of the 281 // top level seller in case of multi seller auction. These urls will be pinged 282 // from client. This will not be set for single seller auctions. 283 ReportingUrls top_level_seller_reporting_urls = 3; 284} 285 286// Urls to support debug reporting, when auction is won and auction is lost. 287message DebugReportUrls { 288 // URL to be triggered if the interest group wins the auction. 289 // If undefined or malformed url it will be ignored. 290 string auction_debug_win_url = 1; 291 292 // URL to be triggered if the interest grou losses the auction. 293 // If undefined or malformed url it will be ignored. 294 string auction_debug_loss_url = 2; 295} 296 297// Consented debugging configuration. 298// Example: 299// The Chrome browser can set the following two fields: 300// 'consentedDebugConfig': {'isConsented': 'true', 'token': 'xxx'} 301message ConsentedDebugConfiguration { 302 // Whether the request is consented for debugging. 303 bool is_consented = 1; 304 305 // The debug token embedded in the request. 306 string token = 2; 307 308 // Whether save debug logs in response (only in non_prod) 309 bool is_debug_info_in_response = 3; 310} 311 312// Context useful for logging and debugging requests. 313message LogContext { 314 // UUID for the request (as originating from client). 315 string generation_id = 1; 316 317 // Adtech debug id that can be used for correlating the request with the 318 // adtech. This will contain `buyer_debug_id` when used in context of buyer 319 // services and `seller_debug_id` when used in context of seller services. 320 string adtech_debug_id = 2; 321} 322 323// Protected App Signals ad related data that Buyer adtechs can send via 324// contextual path to control which PAS ads participate in the auction. 325message ContextualProtectedAppSignalsData { 326 // Optional. 327 // Raw Ad ids that can be used to lookup signals from the KV server. 328 repeated string ad_render_ids = 1; 329 330 // Optional. 331 // Bool indicating whether ads should also be fetched from ads retrieval 332 // service. 333 // 334 // If true, the Bidding server will send an Ad fetch request to the 335 // Ad retrieval service and the request will contain the list of ad_render_ids 336 // as an additional parameter. 337 // 338 // If false, the ad_render_ids will be sent to the TEE K/V server to fetch 339 // the ads related metadata. 340 bool fetch_ads_from_retrieval_service = 2; 341} 342 343// PAS input per buyer. 344message ProtectedAppSignalsBuyerInput { 345 ProtectedAppSignals protected_app_signals = 1; 346 347 // Contextual data related to PAS ads. 348 ContextualProtectedAppSignalsData contextual_protected_app_signals_data = 2; 349} 350 351enum ClientType { 352 UNKNOWN = 0; 353 354 // An Android device with Google Mobile Services (GMS). 355 // Note: This covers apps on Android and browsers on Android. 356 ANDROID = 1; 357 358 // Any browser. 359 BROWSER = 2; 360} 361 362// GetBidsRequest is sent by the SellerFrontEnd Service to the BuyerFrontEnd 363// service. 364message GetBidsRequest { 365 // Unencrypted request. 366 message GetBidsRawRequest { 367 // Whether this is a fake request from SellerFrontEnd service 368 // and should be dropped. 369 // Note: SellerFrontEnd service will send chaffs to a very small set of 370 // other buyers not participating in the auction. This is required for 371 // privacy reasons to prevent seller from figuring the buyers by observing 372 // the network traffic to `BuyerFrontEnd` Services, outside TEE. 373 bool is_chaff = 1; 374 375 // Buyer Input for the Buyer that includes keys for Buyer Key Value lookup 376 // and other signals for bidding. In the case of is_chaff = true, this will 377 // be noise. 378 BuyerInput buyer_input = 2; 379 380 // Information about auction (ad format, size) derived contextually. 381 // Represents a serialized string that is deserialized to a JSON object 382 // before passing to Adtech script. Copied from contextual signals sent to 383 // SellerFrontEnd service. 384 string auction_signals = 3; 385 386 // Buyer may provide additional contextual information that could help in 387 // generating bids. This is Copied from contextual signals sent to 388 // SellerFrontEnd service. 389 // The value represents a serialized string that is deserialized to a JSON 390 // object before passing to Adtech script. 391 string buyer_signals = 4; 392 393 // Seller origin. 394 // Used to verify that a valid seller is sending the request. 395 string seller = 5; 396 397 // Publisher website or app that is part of Buyer KV lookup url. 398 string publisher_name = 6; 399 400 // A boolean value which indicates if event level debug reporting should be 401 // enabled or disabled for this request. 402 bool enable_debug_reporting = 7; 403 404 // Helpful context for logging and tracing the request. 405 LogContext log_context = 8; 406 407 // Consented debugging field. 408 ConsentedDebugConfiguration consented_debug_config = 9; 409 410 // Protected App signals buyer input. 411 ProtectedAppSignalsBuyerInput protected_app_signals_buyer_input = 10; 412 413 // Client device type. Passed to the key/value services. 414 ClientType client_type = 11; 415 416 // Top level seller passed in case of component auctions. This is forwarded 417 // to generateBid. 418 string top_level_seller = 12; 419 420 // Optional. 421 // The Id is specified by the buyer to support coordinated experiments 422 // with the buyer's Key/Value services. 423 optional int32 buyer_kv_experiment_group_id = 13; 424 425 // Optional. 426 // A boolean value which indicates whether temporary unlimited egress should 427 // be enabled. 428 bool enable_unlimited_egress = 14; 429 430 // A limit enforced by sellers on number of bids returned by each 431 // generateBid() execution. 432 // 433 // With K-Anonymity integration, each generateBid() can return multiple 434 // bids instead of one, this is referred to as multi-bid generation. This 435 // limit is required to enforce a limit with multi-bid generation. 436 // 437 // For Protected Audience, the limit would be enforced on generateBid() 438 // execution per Interest Group. 439 // For Protected App Signals (PAS), the limit would be enforced per buyer 440 // generateBid() execution. 441 // 442 // If the seller doesn't set the limit, a default would be set by the 443 // Bidding server. 444 int32 multi_bid_limit = 15; 445 446 // Clients can indicate whether K-Anonymity is enforced for the traffic. 447 // By default, this would be false, i.e. K-Anonymity is not enforced. 448 bool enforce_kanon = 16; 449 450 // A boolean value which indicates whether this request can be used for debugging. 451 // current eligible request: Android request with ad-id 452 bool is_debug_eligible = 17; 453 454 // Optional. 455 // Represents a serialized JSON map containing priority signal entries used to 456 // construct the priority signals vector. 457 string priority_signals = 18; 458 } 459 460 // Encrypted GetBidsRawRequest. 461 bytes request_ciphertext = 1; 462 463 // Version of the public key used for request encryption. The service 464 // needs to use private keys corresponding to same key_id to decrypt 465 // 'request_ciphertext'. 466 string key_id = 2; 467} 468