1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17import "google/protobuf/struct.proto";
18
19package com.android.adservices.service.proto.bidding_auction_servers;
20
21// ProtectedAuctionInput is generated and encrypted by the client,
22// passed through the untrusted Seller service, and decrypted by the
23// SellerFrontEnd service.
24// It is the wrapper for all of BuyerInput and other information required
25// for the Protected Audience auction.
26message ProtectedAuctionInput {
27  // Input per buyer.
28  // The key in the map corresponds to IGOwner (Interest Group Owner) that
29  // is the Buyer / DSP. This  string that can identify a
30  // buyer participating in the auction. The value corresponds to plaintext
31  // BuyerInput ingested by the buyer for bidding.
32  map<string, bytes> buyer_input = 1;
33
34  // Publisher website or app.
35  // This is required to construct browser signals for web.
36  // It will also be passed via GetBids to buyers for their Buyer KV lookup
37  // to fetch trusted bidding signals.
38  string publisher_name = 2;
39
40  // A boolean value which indicates if event level debug reporting should be
41  // enabled or disabled for this request.
42  bool enable_debug_reporting = 3;
43
44  // Globally unique identifier for the client request.
45  string generation_id = 4;
46
47  // Consented debugging field.
48  ConsentedDebugConfiguration consented_debug_config = 5;
49
50  // Optional.
51  // A boolean value which indicates whether temporary unlimited egress should
52  // be enabled.
53  bool enable_unlimited_egress = 6;
54}
55
56// Grouping of data pertaining to protected app signals.
57message ProtectedAppSignals {
58  // Raw and system signals from device that can help generate a relevant app
59  // install ad for user.
60  bytes app_install_signals = 1;
61
62  // Version of the encoding used for the protected app signals.
63  int32 encoding_version = 2;
64}
65
66// A BuyerInput includes data that a buyer (DSP) requires to generate bids.
67message BuyerInput {
68  // CustomAudience information passed from the client.
69  message CustomAudience {
70    reserved 7;
71
72    // Required.
73    // Name or tag of Custom Audience.
74    string name = 1;
75
76    // Required to trace back to origin of the winner ad
77    // NOTE: Corresponds to "origin" on B&A side
78    string owner = 8;
79
80    // Required to fetch real time bidding signals from buyer's key/value
81    // server.
82    repeated string bidding_signals_keys = 2;
83
84    // Optional.
85    // Ids of ad_render_urls generated by the DSP / Buyer and passed to the
86    // client. Then client passes this in CustomAudience if available.
87    // Note: If the Buyer doesn't generate the ad_render_id, then their
88    // GenerateBid() should dynamically generate the url for the bid. The
89    // winning ad render url returned back to the client will be validated with
90    // the Interest Group information on the client.
91    repeated string ad_render_ids = 3;
92
93    // Optional.
94    // Ids of ad_component_render_url(s) generated by the DSP / Buyer and passed
95    // to the client.
96    //
97    // Note: If the Buyer doesn't generate the ad_component_render_id, device
98    // will not pass ads to Bidding and Auction services to ensure payload size
99    // is small. In this case, GenerateBid() should dynamically generate the
100    // urls for component ads.The winning ad render url returned back to the
101    // client will be validated with the Interest Group information on the
102    // client.
103    repeated string component_ads = 4;
104
105    // Optional.
106    // User bidding signal that may be ingested during bidding.
107    // This is a JSON array.
108    // NOTE: If this is used by the Buyer for bidding, it is recommended to
109    // fetch this server side from Buyer Key / Value server to keep request
110    // payload size small.
111    string user_bidding_signals = 5;
112
113    // Required for bidding.
114    // Contains filtering data, like Frequency Cap.
115    oneof DeviceSignals {
116      // Information passed by Android.
117      AndroidSignals android_signals = 6;
118    }
119  }
120  // The Custom Audiences owned by the buyer.
121  repeated CustomAudience custom_audiences = 1;
122
123  // Signals from device that can help generate a relevant app install ad for
124  // users.
125  ProtectedAppSignals protected_app_signals = 2;
126}
127
128// Information passed by Android.
129message AndroidSignals {}
130
131// Protected Audience auction result returned from SellerFrontEnd to the client
132// through the Seller service. It is encrypted by the SellerFrontEnd, passed
133// through the untrusted Seller service and decrypted by the client. Note that
134// untrusted Seller service will be unable to determine if there was a
135// successful auction result, so the client must check the value of is_chaff.
136message AuctionResult {
137  // The ad that will be rendered on the end user's device.
138  string ad_render_url = 1;
139
140  // Render URLs for ads which are components of the main ad.
141  repeated string ad_component_render_urls = 2;
142
143  // Name of the Custom Audience, the remarketing ad belongs to.
144  string custom_audience_name = 3;
145
146  // Owner of the Custom Audience, the remarketing ad belongs to.
147  // NOTE: Corresponds to "origin" on B&A side
148  string custom_audience_owner = 13;
149
150  // Domain of the Buyer who owns the winner ad.
151  // Note: When compared to B&A this corresponds to interest_group_owner field.
152  string buyer = 4;
153
154  // Score of the ad determined during the auction. Any value that is zero or
155  // negative indicates that the ad cannot win the auction. The winner of the
156  // auction would be the ad that was given the highest score.
157  // The output from ScoreAd() script is desirability that implies score for an
158  // ad.
159  float score = 5;
160
161  // Bid price corresponding to an ad.
162  float bid = 6;
163
164  // Boolean to indicate that there is no remarketing winner from the auction.
165  // AuctionResult may be ignored by the client (after decryption) if this is
166  // set to true.
167  bool is_chaff = 7;
168
169  // The reporting urls registered during the execution of reportResult() and
170  // reportWin().
171  WinReportingUrls win_reporting_urls = 8;
172
173  // Debugging URLs for the Buyer. This information is populated only in case of
174  // component auctions.
175  DebugReportUrls buyer_debug_report_urls = 9;
176
177  // Debugging URLs for the Seller. This information is populated only in case
178  // of component auctions.
179  DebugReportUrls seller_debug_report_urls = 10;
180
181  // List of custom audience indices that generated bids.
182  message CustomAudienceIndex {
183    // List of indices of custom audiences. These indices are derived from the
184    // original ProtectedAudienceInput sent from the client.
185    repeated int32 index = 1;
186  }
187
188  // Map from the buyer participating origin (that participated in the auction)
189  // to custom audience indices.
190  map<string, CustomAudienceIndex> bidding_groups = 11;
191
192  // In the event of an error during the SelectAd request, an Error object will
193  // be returned as a part of the AuctionResult to indicate what went wrong.
194  message Error {
195    // Status code.
196    int32 code = 1;
197
198    // Message containing the failure reason.
199    string message = 2;
200  }
201
202  // Error thrown during the SelectAd request. If there is no error and the
203  // request completes successfully, this field will be empty.
204  Error error = 12;
205
206  // Specifies type of the ad. It can help differentiate between ads when
207  // B&A is supporting multiple ad targeting use cases concurrently.
208  enum AdType {
209    UNKNOWN = 0;
210
211    // Remarketing ad.
212    REMARKETING_AD = 1;
213
214    // An app install ad.
215    APP_INSTALL_AD = 2;
216  }
217
218  // Type of the winning ad.
219  AdType ad_type = 14;
220}
221
222// The reporting urls registered during the execution of reportResult() and
223// reportWin(). These urls will be pined from the client.
224message WinReportingUrls {
225  message ReportingUrls {
226    // The url to be pinged for reporting win to the Buyer or Seller.
227    string reporting_url = 1;
228
229    // The map of (interactionKey, URI).
230    map<string, string> interaction_reporting_urls = 2;
231  }
232
233  // The reporting urls registered during the execution of
234  // reportWin(). These urls will be pinged from client.
235  ReportingUrls buyer_reporting_urls = 1;
236
237  // The reporting urls registered during the execution of reportResult() of the
238  // seller in case of single seller auction and component seller in case of
239  // multi seller auctions. These urls will be pinged from client.
240  ReportingUrls component_seller_reporting_urls = 2;
241
242  // The reporting urls registered during the execution of reportResult() of the
243  // top level seller in case of multi seller auction. These urls will be pinged
244  // from client. This will not be set for single seller auctions.
245  ReportingUrls top_level_seller_reporting_urls = 3;
246}
247
248// Urls to support debug reporting, when auction is won and auction is lost.
249message DebugReportUrls {
250  // URL to be triggered if the interest group wins the auction.
251  // If undefined or malformed url it will be ignored.
252  string auction_debug_win_url = 1;
253
254  // URL to be triggered if the interest grou losses the auction.
255  // If undefined or malformed url it will be ignored.
256  string auction_debug_loss_url = 2;
257}
258
259// Consented debugging configuration.
260// Example:
261// The Chrome browser can set the following two fields:
262// 'consentedDebugConfig': {'isConsented': 'true', 'token': 'xxx'}
263message ConsentedDebugConfiguration {
264  // Whether the request is consented for debugging.
265  bool is_consented = 1;
266
267  // The debug token embedded in the request.
268  string token = 2;
269
270  // Whether save debug logs in response (only in non_prod)
271  bool is_debug_info_in_response = 3;
272}
273
274// Context useful for logging and debugging requests.
275message LogContext {
276  // UUID for the request (as originating from client).
277  string generation_id = 1;
278
279  // Adtech debug id that can be used for correlating the request with the
280  // adtech. This will contain `buyer_debug_id` when used in context of buyer
281  // services and `seller_debug_id` when used in context of seller services.
282  string adtech_debug_id = 2;
283}
284
285// Protected App Signals ad related data that Buyer adtechs can send via
286// contextual path to control which PAS ads participate in the auction.
287message ContextualProtectedAppSignalsData {
288  // Optional.
289  // Raw Ad ids that can be used to lookup signals from the KV server.
290  repeated string ad_render_ids = 1;
291
292  // Optional.
293  // Bool indicating whether ads should also be fetched from ads retrieval
294  // service.
295  //
296  // If true, the Bidding server will send an Ad fetch request to the
297  // Ad retrieval service and the request will contain the list of ad_render_ids
298  // as an additional parameter.
299  //
300  // If false, the ad_render_ids will be sent to the TEE K/V server to fetch
301  // the ads related metadata.
302  bool fetch_ads_from_retrieval_service = 2;
303}
304
305// PAS input per buyer.
306message ProtectedAppSignalsBuyerInput {
307  ProtectedAppSignals protected_app_signals = 1;
308
309  // Contextual data related to PAS ads.
310  ContextualProtectedAppSignalsData contextual_protected_app_signals_data = 2;
311}
312
313enum ClientType {
314  UNKNOWN = 0;
315
316  // An Android device with Google Mobile Services (GMS).
317  // Note: This covers apps on Android and browsers on Android.
318  ANDROID = 1;
319
320  // Any browser.
321  BROWSER = 2;
322}
323
324// GetBidsRequest is sent by the SellerFrontEnd Service to the BuyerFrontEnd
325// service.
326message GetBidsRequest {
327  // Unencrypted request.
328  message GetBidsRawRequest {
329    // Whether this is a fake request from SellerFrontEnd service
330    // and should be dropped.
331    // Note: SellerFrontEnd service will send chaffs to a very small set of
332    // other buyers not participating in the auction. This is required for
333    // privacy reasons to prevent seller from figuring the buyers by observing
334    // the network traffic to `BuyerFrontEnd` Services, outside TEE.
335    bool is_chaff = 1;
336
337    // Buyer Input for the Buyer that includes keys for Buyer Key Value lookup
338    // and other signals for bidding. In the case of is_chaff = true, this will
339    // be noise.
340    BuyerInput buyer_input = 2;
341
342    // Information about auction (ad format, size) derived contextually.
343    // Represents a serialized string that is deserialized to a JSON object
344    // before passing to Adtech script. Copied from contextual signals sent to
345    // SellerFrontEnd service.
346    string auction_signals = 3;
347
348    // Buyer may provide additional contextual information that could help in
349    // generating bids. This is Copied from contextual signals sent to
350    // SellerFrontEnd service.
351    // The value represents a serialized string that is deserialized to a JSON
352    // object before passing to Adtech script.
353    string buyer_signals = 4;
354
355    // Seller origin.
356    // Used to verify that a valid seller is sending the request.
357    string seller = 5;
358
359    // Publisher website or app that is part of Buyer KV lookup url.
360    string publisher_name = 6;
361
362    // A boolean value which indicates if event level debug reporting should be
363    // enabled or disabled for this request.
364    bool enable_debug_reporting = 7;
365
366    // Helpful context for logging and tracing the request.
367    LogContext log_context = 8;
368
369    // Consented debugging field.
370    ConsentedDebugConfiguration consented_debug_config = 9;
371
372    // Protected App signals buyer input.
373    ProtectedAppSignalsBuyerInput protected_app_signals_buyer_input = 10;
374
375    // Client device type. Passed to the key/value services.
376    ClientType client_type = 11;
377
378    // Top level seller passed in case of component auctions. This is forwarded
379    // to generateBid.
380    string top_level_seller = 12;
381
382    // Optional.
383    // The Id is specified by the buyer to support coordinated experiments
384    // with the buyer's Key/Value services.
385    optional int32 buyer_kv_experiment_group_id = 13;
386  }
387
388  // Encrypted GetBidsRawRequest.
389  bytes request_ciphertext = 1;
390
391  // Version of the public key used for request encryption. The service
392  // needs to use private keys corresponding to same key_id to decrypt
393  // 'request_ciphertext'.
394  string key_id = 2;
395}
396