Core concepts

Privacy firewall

The privacy firewall limits what leaves the publisher app and keeps sensitive application context out of ad-facing paths.

Controlled egress

Send only the fields needed for sponsorship decisions. Use project configuration for defaults instead of repeating sensitive values in every request.

Browser boundaries

Publishable keys require allowed origins and browser activation. Secret keys remain server-only.

Logs and redaction

Request IDs are safe to share. API keys, activation tokens, and user identifiers should be redacted from application logs.

Inference-time insertion

Proof chain

Need rollout review?

Contact the team

Start in the dashboard, choose Script Tag or Server API, and use contact only when you need rollout review, enterprise coordination, or non-standard integration help. Billing beacon rules live in the API concepts guide.