BuySellAdsAdvertising Platform

Identifier

The BuySellAds Optimize platform includes support for the PubProvided ID sub-module of the Prebid User ID module. This feature enables publishers to set and transmit a first-party user identifier within the bid stream.

Email Matching

On the website or page that has Optimize enabled you can set a window optimizeIdentityHashes variable like window.optimizeIdentityHashes to an array of objects that contain various hashes.

Each object must include at least one of the following keys: sha1, sha256, or md5. The structure of the object is as follows:

{
  "sha1": "hashInHere",
  "sha256": "hashInHere",
  "md5": "hashInHere"
}

You do not need to provide all three hashed identifiers. You can use any one of the following: sha1, sha256, or md5. However, we recommend using sha1 or sha256 for better security, as they are more secure than md5.

Bringing all of that together we end up with something that looks like the following:

<script>
  window.optimizeIdentityHashes = [
    {
      sha1: '32d6256fb4a4006c22d0010438388728de4fefe0',
      sha256:
        '9f021107f9eeea061014d7f7b1e39f7881c9ff4e4a3666c942d8ab11ed49788e',
      md5: 'cf72e71d9d1bbabbc2e44d175fb1b465',
    },
  ]
</script>

The following script is also valid:

<script>
  window.optimizeIdentityHashes = [{md5:"cf72e71d9d1bbabbc2e44d175fb1b465"}]
</script>

Important: Hash all email addresses and user identifiers on your end before sending them. Only pass the hashed identifiers to ensure security.

You can use <script> tags to do this or embed it within your own javascript files. This will work as long as the window.optimizeIdentityHashes gets set to an array of objects that contains the hashes.

More details about the PubProvided ID sub-module here.

Step 1: Collect User Emails

Begin by gathering and securely storing email addresses. This documentation assumes you have completed this step. If not, now is the ideal time to start.

Step 2: Hash the Email Address

Once you have collected the email addresses, hash each one before storing or sending it. Refer to the example below for guidance.

Step 3: Send the Hashed Email to Optimize

After hashing the email address, use the window.optimizeIdentityHashes variable to send it to Optimize. Follow the instructions below:

<script>
  window.optimizeIdentityHashes = [
    {
      sha1: '32d6256fb4a4006c22d0010438388728de4fefe0',
      sha256:
        '9f021107f9eeea061014d7f7b1e39f7881c9ff4e4a3666c942d8ab11ed49788e',
      md5: 'cf72e71d9d1bbabbc2e44d175fb1b465',
    },
  ]
</script>

In this example:

  • The hashed email values are set in the window.optimizeIdentityHashes JavaScript variable.
  • This script can either be embedded directly in the HTML page or dynamically injected from server-side code, depending on how you've collected and hashed the user's email.

This way, the hashed identifiers are passed into the bid stream for programmatic advertising, as required by the PubProvided ID sub-module.

Email Matching Examples

1. Hashing in WordPress (PHP Example)

If you're working with WordPress and already have the user's email addresses stored in the wp_users table, you can retrieve the email and hash it server-side using PHP. Here's an example:

<?php
if (is_user_logged_in()) {
  // Get the current user's ID
  $user_id = get_current_user_id();
  // Retrieve user information using the user ID
  $user_info = get_userdata($user_id);
  // Extract the user's email address
  $email = $user_info->user_email;

  // Hash the email using different algorithms
  $sha1Hash = sha1($email); // Hash the email using SHA1
  $sha256Hash = hash('sha256', $email); // Hash the email using SHA256
  $md5Hash = md5($email); // Hash the email using MD5

  // Pass the hashed values to the frontend by embedding them in a script tag
  echo '<script>
    window.optimizeIdentityHashes = [{
      sha1: "' . $sha1Hash . '",
      sha256: "' . $sha256Hash . '",
      md5: "' . $md5Hash . '"
    }];
  </script>';
}
?>

In this example:

  1. We first check if the user is logged in using is_user_logged_in().
  2. We retrieve the current user's ID and use it to get their email address.
  3. We hash the email using three different algorithms: SHA1, SHA256, and MD5.
  4. The hashed values are then passed to the frontend as part of the window.optimizeIdentityHashes JavaScript variable.

2. Hashing in JavaScript (Client-Side Example)

If you already have the user’s email addresses stored in your database, you can retrieve them and securely hash the email client-side using the native Web Crypto API in modern browsers.

// Assume the user is logged in and the email has been retrieved from the database
const email = 'user@example.com' // Replace with the email retrieved from the database

// Hash the email using different algorithms
async function hashEmail(email) {
  const encoder = new TextEncoder()
  const emailBytes = encoder.encode(email)

  // SHA-1
  const sha1Buffer = await crypto.subtle.digest('SHA-1', emailBytes)
  const sha1Hash = Array.from(new Uint8Array(sha1Buffer))
    .map((b) => b.toString(16).padStart(2, '0'))
    .join('')

  // SHA-256
  const sha256Buffer = await crypto.subtle.digest('SHA-256', emailBytes)
  const sha256Hash = Array.from(new Uint8Array(sha256Buffer))
    .map((b) => b.toString(16).padStart(2, '0'))
    .join('')

  // MD5 is not supported natively in the Web Crypto API
  // Consider avoiding MD5 as it is outdated and insecure

  // Store the hashes
  window.optimizeIdentityHashes = [{ sha1: sha1Hash, sha256: sha256Hash }]
  console.log(window.optimizeIdentityHashes) // Log the result to verify the hashes
}

hashEmail(email).catch((err) => console.error('Hashing failed:', err))

In this example:

  1. We assume the user is already logged in and their email has been retrieved from the database.
  2. We use Web Crypto API to hash the email using SHA1 and SHA256.
  3. The hashes are assigned to the window.optimizeIdentityHashes variable for further use.