PA API on cookie-less inventory

[aprokofg]

One feature that could help facilitate PA API adoption is support to enable PA API only on cookie-less traffic where it could be valuable for the publishers.

The pseudo code for SSPs ad tag javascript could look something like this:

if (publisher_config.use_paapi) {
  if (publisher_config.only_use_paapi_on_cookieless) {
    return chrome.paapi_enabled && crome.igs_available && chrome.cookieless;
  } else {
    return chrome.paapi_enabled && crome.igs_available;
  }
}

There are 3 pieces of information that are need to implement this functionality:

• Detecting whether PA API is enabled
  • This part is already available and described here: https://github.com/WICG/turtledove/blob/main/PA_Feature_Detecting.md
• Detecting whether IGs are available for use (exclude Incognito mode)
  • There was some discussion in https://github.com/WICG/turtledove/issues/1213#issuecomment-2343978699 but it seems not be a great foundation to build on for the long term due to
    • This is not intended use of an API
    • Latency issues with retrieving large B&A blob on each ad request
  • One possible workaround for latency problem of retrieving B&A blob is caching
    • Call the B&A blob API to find out the zero-or-nonzero bit, store it in 1p local storage, refresh if the stored value is more than an hour old.
    • Then at each auction you just look at the previously-stored value and pretend that's the current status.
• Detecting whether user has opted out of 3P cookie
  • This seems to be a missing part.

The ask for Chrome is to a) provide an API to detect cookie-less inventory and b) provide a proper mechanism to detect whether IGs are available for use.

[johannhof]

While it's not a literal "user has opted out of 3PC" signal, note that the Storage Access API allows 3P embeds / subresources to understand whether they have access to third-party cookies or not. document.hasStorageAccess() is already supported across different browsers, while a header-only variant called Storage Access Headers is currently being proposed in Privacy CG and trialed in Chrome. This feature sends an HTTP header that signals access to cross-site cookies and storage, e.g. Sec-Fetch-Storage-Access: none if there is no access.

Does that help with your third requirement?

[dmdabbs]

PA might be GA, but where GAM is in use and GAM would be the PA top-level seller, its policy determines whether a PA auction is run, assuming the publisher has enabled PA.

[aprokofg]

While it's not a literal "user has opted out of 3PC" signal, note that the Storage Access API allows 3P embeds / subresources to understand whether they have access to third-party cookies or not. document.hasStorageAccess() is already supported across different browsers, while a header-only variant called Storage Access Headers is currently being proposed in Privacy CG and trialed in Chrome. This feature sends an HTTP header that signals access to cross-site cookies and storage, e.g. Sec-Fetch-Storage-Access: none if there is no access.

Does that help with your third requirement?

This might help it. Can anyone familiar with prebid.js validate if this is something that could be called from within the prebid code?

[aprokofg]

PA might be GA, but where GAM is in use and GAM would be the PA top-level seller, its policy determines whether a PA auction is run, assuming the publisher has enabled PA.

I think this is a different problem to solve. Here we're trying to explore ways on how to enable PA API across all publishers that can bring value to them. We should probably use the other thread to discuss GAM coordination questions.

[dmdabbs]

Can anyone familiar with prebid.js validate if this is something that could be called from within the prebid code?

Here are Prebid's PA config support docs. Prebid is open source and welcomes useful PRs.