Integration Guide

Sam Tingleff edited this page Oct 24, 2018 · 55 revisions


DigiTrust is designed to provide an anonymous, persistent and secure identifier for publishers and trusted third parties on all browser platforms.

IDs are produced in the browser using Web Crypto API to generate 64 bits of random data, which is base-64 encoded:


See the ID encryption page for more details about how IDs are produced and shared.

Publisher Integration

The (current) reference version of the tag is available at

The javascript tag is added to the page as a <script> element directly, using a CMS/tag manager, or programmatically in javascript. This should execute before any ad serving, allowing for ad tech platforms to access the DigiTrust ID via API.

 <script src=""></script>
 <script type="text/javascript">
       member: "nQjyizbdyF",
       site: "FL6whbX1IW",
       redirects: true

Or programmatically added to the DOM

<script type="text/javascript">
(function() {
  var s, r, t;
  r = false;
  s = document.createElement('script');
  s.type = 'text/javascript';
  s.src = '';
  s.onload = s.onreadystatechange = function() {
    if ( !r && (!this.readyState || this.readyState == 'complete') )
      r = true;
      DigiTrust.initialize( {
        member: 'nQjyizbdyF',
        site: 'FL6whbX1IW',
        redirects: true
  t = document.getElementsByTagName('script')[0];
  t.parentNode.insertBefore(s, t);

Semantic Versioning and Subresource Integrity

Note that the recommended integration via <script> tag points to a "major release" version at /prod/1/digitrust.min.js. This path is subject to (non-breaking) changes as DigiTrust fixes bugs, adds minor features, etc.

Alternatively publishers and platforms can link to a specific minor release at a path like /prod/1.5.15/digitrust.min.js (the contents of which will not change), and may also include SRI attributes. SRI provides the guarantee (on browsers which support SRI) that the browser will not execute the resource if the contents (file hash) have changed. This is intended to allow DigiTrust members to test and deploy a specific version with confidence that it will not change.

A tool like SRI hash generator may be used to generate the appropriate hash value for the integrity attribute in an SRI deployment:

 <script src=""

The cost of linking to a specific minor version is that from time to time we may ask (possibly very urgently) that you upgrade to a new version for specific bug fixes.

Critical: note that in order to use SRI you must link to a specific minor version (/prod/1.5.15/digitrust.min.js as in the example immediately above) rather than to a major version (such as /prod/1/digitrust.min.js) as the major version release is subject to change.

API Behaviors

Behavior is exposed in the DigiTrust.initialize method:

DigiTrust.initialize = function (options, callback) {


Name Description Type Required Default Example(s)
member Unique member identifier string yes n/a "nQjyizbdyF"
site A unique site identifier, such as the domain or an ad server ID string yes n/a "FL6whbX1IW"
redirects Whether or not link-rewriting behavior should be enabled to acquire a first party context (and write a cookie) boolean no false true
sample Random sample rate at which behavior(s) should be enabled float value between 0 and 1 no 1 0.25

Third Party Integration

DigiTrust.getUser = function (options, callback) {


Name Description Type Required Default Example(s)
member Unique member identifier string yes n/a h89wWpG06u

Return Value

The return value is an IdentityResponse object. An Identity object is included if one can be read from publisher cookies.



var identityResponse = DigiTrust.getUser( );

In this model, no callback function is provided, and if an identity is available via low-latency/synchronous methods, it is returned within the Identity Response object.


DigiTrust.getUser( { }, function(identityResponse) {

In this example a callback function is provided. The behavior is to provide an Identity Response object to the callback after communicating with the hosted invisible iframe.



An Identity object is the primary container for attributes persisted within the browser.


Name Description Type Always Provided Example(s)
id Unique device identifier 64 bits of crypto-quality random data, base-64 encoded, encrypted via RSA and base-64 encoded (again) (string) no Vb0YJIxTMJV4W0GHRdJ3MwyiOVYJjYEgc2QYdBSG+48eThEDnz45f9/d3oVw3l4PvucuLvgSsZbTCYIIUas635/ORnpentSP6eNt/aPCg/0366FjICCj8Q/zNI+GmhFvl0IB12t2+s+rOxxoSi+XuItLUyPHpw7oUz30JJHUMTH7qylDXdRQEG2a1ofFzEaxd4SBmKyQwXaSm3HC4lmFdsXJjJhkQItGJhybdHGVggd74mll63USLrTOnGJWGyynTNdnr9dYUXRIys3pSiLFam6HjbSpyy9YCf5O0D2b2ViJ3Or72mlV2i0bQFN2uGI+ZBDrYn9GjB1jNHCwbhwppw==
keyv Key version used to encrypt the id integer yes 4
version ID version (see notes below) integer no (assume v1 if not present) 2
privacy Device privacy settings Privacy object yes See the Privacy object below


 "keyv": 1,
 "version": 2,
   "optout": false

ID Values

The id field is produced in the browser approximately with

var buffer = new Uint8Array(8);
return arrayBufferToBase64String(buffer);

Note that

  • this is intended to provide 64 bits of entropy
  • values may exceed Long.MAX_VALUE in java (it is unsigned) or similar constructs in other languages
  • this value is RSA-encrypted at all times outside of the cookie space

In un-encrypted form this can be represented as a byte array

[86, 74, 43, 84, 106, 114, 106, 104, 110, 118, 85, 61]

Or a 64 bit integer


However the canonical form of the ID is the base-64 encoded version.


ID Versions

The version field is intended to allow for changes in ID size and encodings. The following versions have been in production in some form or another.

  • 1: did not see production usage.
  • 2: 64 bits of random data, base-64 encoded.


The Privacy object includes all privacy related settings attached to a given device.


Name Description Type Always Provided Example(s)
optout whether or not the user has opted out boolean yes false,true


 "optout": false

Identity Response

An identity response object is provided in the initialize() callback.


Name Description Type Always Provided Example(s)
success Indicator of success or failure boolean yes true, false
identity The persisted device identity Identity object no See below
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.