Skip to content

OpenAP eCAPI — Partner Integration Documentation

Audience: advertisers, MTAs, CDPs, and agency trade desks integrating with the OpenAP eCAPI receiver. Spec basis: IAB Tech Lab ECAPI 1.0 (January 2026), as implemented by OpenAP. Status: Draft — the API contract below is stable; a data_set_id and HMAC signing credentials are issued by OpenAP during onboarding. Contact your OpenAP representative for access.


What this is

The OpenAP eCAPI receiver is an IAB ECAPI 1.0-conformant HTTP endpoint that lets you deliver full-funnel marketing events (purchases, leads, sign-ups, page views, and more) into OpenAP for measurement, attribution, and outcome-based audience activation against the OpenAP cross-publisher TV graph.

You send events as JSON over HTTPS. OpenAP authenticates the request, validates each event against the ECAPI 1.0 schema, applies privacy policy, and durably accepts the event. Once an event is accepted with a success response, OpenAP guarantees it is queued for processing — downstream identity normalization and analytics happen asynchronously and do not affect your request.

The receiver accepts the full ECAPI 1.0 core Event Object without modification.

How integration works

  1. Onboard. OpenAP issues you a data_set_id (your destination namespace) and HMAC signing credentials (a key ID and shared secret). See Getting provisioned.
  2. Send events. POST single events or batches to the events endpoint, signing each request with your shared secret. See API reference.
  3. Handle the response. A 200 means every event in the request was accepted. A 207 means a batch was partially accepted — inspect the body for the per-event errors. Other codes indicate the request was rejected.
  4. Hash PII before sending. Personal identifiers (email, phone, name, street address, postal code, customer ID, gender) must be normalized and SHA256-hashed by you before they leave your systems. OpenAP never receives plaintext PII. See Hashing, consent, and privacy.

Documentation

Page Contents
Getting provisioned Onboarding with OpenAP: what you receive, what OpenAP needs from you, and the integration checklist.
Authentication HMAC body signing — signature construction and headers.
Expected load questionnaire Tell OpenAP your average/peak volume and planned spikes so infrastructure is sized ahead of your traffic.
API reference Endpoints, request format, limits, response codes, error reference, rate limits, and retry guidance.
The Event Object Complete field-by-field payload reference, including every enum and the vertical-specific properties fields.
Hashing, consent, and privacy Identity normalization and hashing rules, GPP consent, event merging/deduplication, and OpenAP's data-handling commitments.

Quick example

KEY_ID="your-key-id"
SHARED_SECRET="..."   # issued by OpenAP

BODY='{
  "data_set_id": "12345678AA",
  "id": "order-12ab123456c1234",
  "timestamp": 1746558464,
  "event_type": "purchase",
  "value": 22.00,
  "currency_code": "USD",
  "source": "website",
  "user_data": {
    "email_address": ["b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514"]
  },
  "properties": {
    "transaction_id": "AAA123456789A",
    "items": [
      { "id": "SKU-123", "name": "Example product", "price": 22.00, "quantity": 1 }
    ]
  }
}'

SIGNATURE=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$SHARED_SECRET" | awk '{print $NF}')

curl -X POST https://ecapi.openap.tv/v1/events \
  -H "X-OpenAP-Key-Id: $KEY_ID" \
  -H "X-OpenAP-Signature: $SIGNATURE" \
  -H "X-OpenAP-Data-Set: 12345678AA" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d "$BODY"

Response:

{ "accepted": 1 }

Support

Onboarding, credentials, data_set_id provisioning, rate-limit overrides, and base-URL confirmation are handled by your OpenAP representative. Reach out to them to begin integration or if you need higher limits.