OpenAP eCAPI — Partner Integration Documentation¶
Audience: advertisers, MTAs, CDPs, and agency trade desks integrating with the OpenAP eCAPI receiver.
Spec basis: IAB Tech Lab ECAPI 1.0 (January 2026), as implemented by OpenAP.
Status: Draft — the API contract below is stable; a data_set_id and HMAC signing credentials are issued by OpenAP during onboarding. Contact your OpenAP representative for access.
What this is¶
The OpenAP eCAPI receiver is an IAB ECAPI 1.0-conformant HTTP endpoint that lets you deliver full-funnel marketing events (purchases, leads, sign-ups, page views, and more) into OpenAP for measurement, attribution, and outcome-based audience activation against the OpenAP cross-publisher TV graph.
You send events as JSON over HTTPS. OpenAP authenticates the request, validates each event against the ECAPI 1.0 schema, applies privacy policy, and durably accepts the event. Once an event is accepted with a success response, OpenAP guarantees it is queued for processing — downstream identity normalization and analytics happen asynchronously and do not affect your request.
The receiver accepts the full ECAPI 1.0 core Event Object without modification.
How integration works¶
- Onboard. OpenAP issues you a
data_set_id(your destination namespace) and HMAC signing credentials (a key ID and shared secret). See Getting provisioned. - Send events.
POSTsingle events or batches to the events endpoint, signing each request with your shared secret. See API reference. - Handle the response. A
200means every event in the request was accepted. A207means a batch was partially accepted — inspect the body for the per-event errors. Other codes indicate the request was rejected. - Hash PII before sending. Personal identifiers (email, phone, name, street address, postal code, customer ID, gender) must be normalized and SHA256-hashed by you before they leave your systems. OpenAP never receives plaintext PII. See Hashing, consent, and privacy.
Documentation¶
| Page | Contents |
|---|---|
| Getting provisioned | Onboarding with OpenAP: what you receive, what OpenAP needs from you, and the integration checklist. |
| Authentication | HMAC body signing — signature construction and headers. |
| Expected load questionnaire | Tell OpenAP your average/peak volume and planned spikes so infrastructure is sized ahead of your traffic. |
| API reference | Endpoints, request format, limits, response codes, error reference, rate limits, and retry guidance. |
| The Event Object | Complete field-by-field payload reference, including every enum and the vertical-specific properties fields. |
| Hashing, consent, and privacy | Identity normalization and hashing rules, GPP consent, event merging/deduplication, and OpenAP's data-handling commitments. |
Quick example¶
KEY_ID="your-key-id"
SHARED_SECRET="..." # issued by OpenAP
BODY='{
"data_set_id": "12345678AA",
"id": "order-12ab123456c1234",
"timestamp": 1746558464,
"event_type": "purchase",
"value": 22.00,
"currency_code": "USD",
"source": "website",
"user_data": {
"email_address": ["b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514"]
},
"properties": {
"transaction_id": "AAA123456789A",
"items": [
{ "id": "SKU-123", "name": "Example product", "price": 22.00, "quantity": 1 }
]
}
}'
SIGNATURE=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$SHARED_SECRET" | awk '{print $NF}')
curl -X POST https://ecapi.openap.tv/v1/events \
-H "X-OpenAP-Key-Id: $KEY_ID" \
-H "X-OpenAP-Signature: $SIGNATURE" \
-H "X-OpenAP-Data-Set: 12345678AA" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d "$BODY"
Response:
Support¶
Onboarding, credentials, data_set_id provisioning, rate-limit overrides, and base-URL confirmation are handled by your OpenAP representative. Reach out to them to begin integration or if you need higher limits.