1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17import "google/protobuf/struct.proto";
18
19package com.android.adservices.service.proto.bidding_auction_servers;
20
21// ProtectedAuctionInput is generated and encrypted by the client,
22// passed through the untrusted Seller service, and decrypted by the
23// SellerFrontEnd service.
24// It is the wrapper for all of BuyerInput and other information required
25// for the Protected Audience auction.
26message ProtectedAuctionInput {
27  // Input per buyer.
28  // The key in the map corresponds to IGOwner (Interest Group Owner) that
29  // is the Buyer / DSP. This  string that can identify a
30  // buyer participating in the auction. The value corresponds to plaintext
31  // BuyerInput ingested by the buyer for bidding.
32  map<string, bytes> buyer_input = 1;
33
34  // Publisher website or app.
35  // This is required to construct browser signals for web.
36  // It will also be passed via GetBids to buyers for their Buyer KV lookup
37  // to fetch trusted bidding signals.
38  string publisher_name = 2;
39
40  // A boolean value which indicates if event level debug reporting should be
41  // enabled or disabled for this request.
42  bool enable_debug_reporting = 3;
43
44  // Globally unique identifier for the client request.
45  string generation_id = 4;
46
47  // Consented debugging field.
48  ConsentedDebugConfiguration consented_debug_config = 5;
49
50  // Optional.
51  // A boolean value which indicates whether temporary unlimited egress should
52  // be enabled.
53  bool enable_unlimited_egress = 6;
54
55  // Optional field (note: this will become a required field in 2025).
56  // The request timestamp represents when the SSP requests an ad auction to be run.
57  // For Android, the request timestamp will come from the system clock on the device.
58  int64 request_timestamp_ms = 7;
59
60  // Maximum number of ghost winners for K-Anonymity controlled by platform (Chrome,
61  // Android) for experimentation.
62  // By default this is set to 1 on the server side, hence client should
63  // populate the field if and only if they want to override for
64  // experimentation.
65  optional int32 num_k_anon_ghost_winners = 8;
66
67  // Clients can indicate whether K-Anonymity is enforced for the traffic.
68  // By default, this would be false, i.e. K-Anonymity is not enforced.
69  bool enforce_kanon = 9;
70
71  // Clients can indicate whether this request can be used for debug.
72  // By default, this would be false, i.e. cannot be used for debug.
73  // Currently Android request where ad-id is not zeroed out is eligible.
74  bool prod_debug = 10;
75}
76
77// Grouping of data pertaining to protected app signals.
78message ProtectedAppSignals {
79  // Raw and system signals from device that can help generate a relevant app
80  // install ad for user.
81  bytes app_install_signals = 1;
82
83  // Version of the encoding used for the protected app signals.
84  int32 encoding_version = 2;
85}
86
87// A BuyerInput includes data that a buyer (DSP) requires to generate bids.
88message BuyerInput {
89  // CustomAudience information passed from the client.
90  message CustomAudience {
91    reserved 7;
92
93    // Required.
94    // Name or tag of Custom Audience.
95    string name = 1;
96
97    // Required to trace back to origin of the winner ad
98    // NOTE: Corresponds to "origin" on B&A side
99    string owner = 8;
100
101    // Required to fetch real time bidding signals from buyer's key/value
102    // server.
103    repeated string bidding_signals_keys = 2;
104
105    // Optional.
106    // Ids of ad_render_urls generated by the DSP / Buyer and passed to the
107    // client. Then client passes this in CustomAudience if available.
108    // Note: If the Buyer doesn't generate the ad_render_id, then their
109    // GenerateBid() should dynamically generate the url for the bid. The
110    // winning ad render url returned back to the client will be validated with
111    // the Interest Group information on the client.
112    repeated string ad_render_ids = 3;
113
114    // Optional.
115    // Ids of ad_component_render_url(s) generated by the DSP / Buyer and passed
116    // to the client.
117    //
118    // Note: If the Buyer doesn't generate the ad_component_render_id, device
119    // will not pass ads to Bidding and Auction services to ensure payload size
120    // is small. In this case, GenerateBid() should dynamically generate the
121    // urls for component ads.The winning ad render url returned back to the
122    // client will be validated with the Interest Group information on the
123    // client.
124    repeated string component_ads = 4;
125
126    // Optional.
127    // User bidding signal that may be ingested during bidding.
128    // This is a JSON array.
129    // NOTE: If this is used by the Buyer for bidding, it is recommended to
130    // fetch this server side from Buyer Key / Value server to keep request
131    // payload size small.
132    string user_bidding_signals = 5;
133
134    // Required for bidding.
135    // Contains filtering data, like Frequency Cap.
136    oneof DeviceSignals {
137      // Information passed by Android.
138      AndroidSignals android_signals = 6;
139    }
140  }
141  // The Custom Audiences owned by the buyer.
142  repeated CustomAudience custom_audiences = 1;
143
144  // Signals from device that can help generate a relevant app install ad for
145  // users.
146  ProtectedAppSignals protected_app_signals = 2;
147}
148
149// Information passed by Android.
150message AndroidSignals {}
151
152// Protected Audience auction result returned from SellerFrontEnd to the client
153// through the Seller service. It is encrypted by the SellerFrontEnd, passed
154// through the untrusted Seller service and decrypted by the client. Note that
155// untrusted Seller service will be unable to determine if there was a
156// successful auction result, so the client must check the value of is_chaff.
157message AuctionResult {
158  // The ad that will be rendered on the end user's device.
159  string ad_render_url = 1;
160
161  // Render URLs for ads which are components of the main ad.
162  repeated string ad_component_render_urls = 2;
163
164  // Name of the Custom Audience, the remarketing ad belongs to.
165  string custom_audience_name = 3;
166
167  // Owner of the Custom Audience, the remarketing ad belongs to.
168  // NOTE: Corresponds to "origin" on B&A side
169  string custom_audience_owner = 13;
170
171  // Domain of the Buyer who owns the winner ad.
172  // Note: When compared to B&A this corresponds to interest_group_owner field.
173  string buyer = 4;
174
175  // Score of the ad determined during the auction. Any value that is zero or
176  // negative indicates that the ad cannot win the auction. The winner of the
177  // auction would be the ad that was given the highest score.
178  // The output from ScoreAd() script is desirability that implies score for an
179  // ad.
180  float score = 5;
181
182  // Bid price corresponding to an ad.
183  float bid = 6;
184
185  // Boolean to indicate that there is no remarketing winner from the auction.
186  // AuctionResult may be ignored by the client (after decryption) if this is
187  // set to true.
188  bool is_chaff = 7;
189
190  // The reporting urls registered during the execution of reportResult() and
191  // reportWin().
192  WinReportingUrls win_reporting_urls = 8;
193
194  // Debugging URLs for the Buyer. This information is populated only in case of
195  // component auctions.
196  DebugReportUrls buyer_debug_report_urls = 9;
197
198  // Debugging URLs for the Seller. This information is populated only in case
199  // of component auctions.
200  DebugReportUrls seller_debug_report_urls = 10;
201
202  // List of custom audience indices that generated bids.
203  message CustomAudienceIndex {
204    // List of indices of custom audiences. These indices are derived from the
205    // original ProtectedAudienceInput sent from the client.
206    repeated int32 index = 1;
207  }
208
209  // Map from the buyer participating origin (that participated in the auction)
210  // to custom audience indices.
211  map<string, CustomAudienceIndex> bidding_groups = 11;
212
213  // In the event of an error during the SelectAd request, an Error object will
214  // be returned as a part of the AuctionResult to indicate what went wrong.
215  message Error {
216    // Status code.
217    int32 code = 1;
218
219    // Message containing the failure reason.
220    string message = 2;
221  }
222
223  // Error thrown during the SelectAd request. If there is no error and the
224  // request completes successfully, this field will be empty.
225  Error error = 12;
226
227  // Specifies type of the ad. It can help differentiate between ads when
228  // B&A is supporting multiple ad targeting use cases concurrently.
229  enum AdType {
230    UNKNOWN = 0;
231
232    // Remarketing ad.
233    REMARKETING_AD = 1;
234
235    // An app install ad.
236    APP_INSTALL_AD = 2;
237  }
238
239  // Type of the winning ad.
240  AdType ad_type = 14;
241
242  // This is etld+1 of the seller that has won the auction. For single seller auction, this will the
243  // etld+1 of that seller. In case of multi seller, it will be etld+1 of the component seller that
244  // that won the auction.
245  string winning_seller = 27;
246}
247
248// The reporting urls registered during the execution of reportResult() and
249// reportWin(). These urls will be pined from the client.
250message WinReportingUrls {
251  message ReportingUrls {
252    // The url to be pinged for reporting win to the Buyer or Seller.
253    string reporting_url = 1;
254
255    // The map of (interactionKey, URI).
256    map<string, string> interaction_reporting_urls = 2;
257  }
258
259  // The reporting urls registered during the execution of
260  // reportWin(). These urls will be pinged from client.
261  ReportingUrls buyer_reporting_urls = 1;
262
263  // The reporting urls registered during the execution of reportResult() of the
264  // seller in case of single seller auction and component seller in case of
265  // multi seller auctions. These urls will be pinged from client.
266  ReportingUrls component_seller_reporting_urls = 2;
267
268  // The reporting urls registered during the execution of reportResult() of the
269  // top level seller in case of multi seller auction. These urls will be pinged
270  // from client. This will not be set for single seller auctions.
271  ReportingUrls top_level_seller_reporting_urls = 3;
272}
273
274// Urls to support debug reporting, when auction is won and auction is lost.
275message DebugReportUrls {
276  // URL to be triggered if the interest group wins the auction.
277  // If undefined or malformed url it will be ignored.
278  string auction_debug_win_url = 1;
279
280  // URL to be triggered if the interest grou losses the auction.
281  // If undefined or malformed url it will be ignored.
282  string auction_debug_loss_url = 2;
283}
284
285// Consented debugging configuration.
286// Example:
287// The Chrome browser can set the following two fields:
288// 'consentedDebugConfig': {'isConsented': 'true', 'token': 'xxx'}
289message ConsentedDebugConfiguration {
290  // Whether the request is consented for debugging.
291  bool is_consented = 1;
292
293  // The debug token embedded in the request.
294  string token = 2;
295
296  // Whether save debug logs in response (only in non_prod)
297  bool is_debug_info_in_response = 3;
298}
299
300// Context useful for logging and debugging requests.
301message LogContext {
302  // UUID for the request (as originating from client).
303  string generation_id = 1;
304
305  // Adtech debug id that can be used for correlating the request with the
306  // adtech. This will contain `buyer_debug_id` when used in context of buyer
307  // services and `seller_debug_id` when used in context of seller services.
308  string adtech_debug_id = 2;
309}
310
311// Protected App Signals ad related data that Buyer adtechs can send via
312// contextual path to control which PAS ads participate in the auction.
313message ContextualProtectedAppSignalsData {
314  // Optional.
315  // Raw Ad ids that can be used to lookup signals from the KV server.
316  repeated string ad_render_ids = 1;
317
318  // Optional.
319  // Bool indicating whether ads should also be fetched from ads retrieval
320  // service.
321  //
322  // If true, the Bidding server will send an Ad fetch request to the
323  // Ad retrieval service and the request will contain the list of ad_render_ids
324  // as an additional parameter.
325  //
326  // If false, the ad_render_ids will be sent to the TEE K/V server to fetch
327  // the ads related metadata.
328  bool fetch_ads_from_retrieval_service = 2;
329}
330
331// PAS input per buyer.
332message ProtectedAppSignalsBuyerInput {
333  ProtectedAppSignals protected_app_signals = 1;
334
335  // Contextual data related to PAS ads.
336  ContextualProtectedAppSignalsData contextual_protected_app_signals_data = 2;
337}
338
339enum ClientType {
340  UNKNOWN = 0;
341
342  // An Android device with Google Mobile Services (GMS).
343  // Note: This covers apps on Android and browsers on Android.
344  ANDROID = 1;
345
346  // Any browser.
347  BROWSER = 2;
348}
349
350// GetBidsRequest is sent by the SellerFrontEnd Service to the BuyerFrontEnd
351// service.
352message GetBidsRequest {
353  // Unencrypted request.
354  message GetBidsRawRequest {
355    // Whether this is a fake request from SellerFrontEnd service
356    // and should be dropped.
357    // Note: SellerFrontEnd service will send chaffs to a very small set of
358    // other buyers not participating in the auction. This is required for
359    // privacy reasons to prevent seller from figuring the buyers by observing
360    // the network traffic to `BuyerFrontEnd` Services, outside TEE.
361    bool is_chaff = 1;
362
363    // Buyer Input for the Buyer that includes keys for Buyer Key Value lookup
364    // and other signals for bidding. In the case of is_chaff = true, this will
365    // be noise.
366    BuyerInput buyer_input = 2;
367
368    // Information about auction (ad format, size) derived contextually.
369    // Represents a serialized string that is deserialized to a JSON object
370    // before passing to Adtech script. Copied from contextual signals sent to
371    // SellerFrontEnd service.
372    string auction_signals = 3;
373
374    // Buyer may provide additional contextual information that could help in
375    // generating bids. This is Copied from contextual signals sent to
376    // SellerFrontEnd service.
377    // The value represents a serialized string that is deserialized to a JSON
378    // object before passing to Adtech script.
379    string buyer_signals = 4;
380
381    // Seller origin.
382    // Used to verify that a valid seller is sending the request.
383    string seller = 5;
384
385    // Publisher website or app that is part of Buyer KV lookup url.
386    string publisher_name = 6;
387
388    // A boolean value which indicates if event level debug reporting should be
389    // enabled or disabled for this request.
390    bool enable_debug_reporting = 7;
391
392    // Helpful context for logging and tracing the request.
393    LogContext log_context = 8;
394
395    // Consented debugging field.
396    ConsentedDebugConfiguration consented_debug_config = 9;
397
398    // Protected App signals buyer input.
399    ProtectedAppSignalsBuyerInput protected_app_signals_buyer_input = 10;
400
401    // Client device type. Passed to the key/value services.
402    ClientType client_type = 11;
403
404    // Top level seller passed in case of component auctions. This is forwarded
405    // to generateBid.
406    string top_level_seller = 12;
407
408    // Optional.
409    // The Id is specified by the buyer to support coordinated experiments
410    // with the buyer's Key/Value services.
411    optional int32 buyer_kv_experiment_group_id = 13;
412
413    // Optional.
414    // A boolean value which indicates whether temporary unlimited egress should
415    // be enabled.
416    bool enable_unlimited_egress = 14;
417
418    // A limit enforced by sellers on number of bids returned by each
419    // generateBid() execution.
420    //
421    // With K-Anonymity integration, each generateBid() can return multiple
422    // bids instead of one, this is referred to as multi-bid generation. This
423    // limit is required to enforce a limit with multi-bid generation.
424    //
425    // For Protected Audience, the limit would be enforced on generateBid()
426    // execution per Interest Group.
427    // For Protected App Signals (PAS), the limit would be enforced per buyer
428    // generateBid() execution.
429    //
430    // If the seller doesn't set the limit, a default would be set by the
431    // Bidding server.
432    int32 multi_bid_limit = 15;
433
434    // Clients can indicate whether K-Anonymity is enforced for the traffic.
435    // By default, this would be false, i.e. K-Anonymity is not enforced.
436    bool enforce_kanon = 16;
437
438    // A boolean value which indicates whether this request can be used for debugging.
439    // current eligible request: Android request with ad-id
440    bool is_debug_eligible = 17;
441
442    // Optional.
443    // Represents a serialized JSON map containing priority signal entries used to
444    // construct the priority signals vector.
445    string priority_signals = 18;
446  }
447
448  // Encrypted GetBidsRawRequest.
449  bytes request_ciphertext = 1;
450
451  // Version of the public key used for request encryption. The service
452  // needs to use private keys corresponding to same key_id to decrypt
453  // 'request_ciphertext'.
454  string key_id = 2;
455}
456