The IAB the pubvendors.json tech spec is intended to:
- Provide a standard for publishers to publicly declare the vendors that they work with, and their respective data rights/configuration
- Allow vendors to verify publishers’ GDPR settings and verify/audit Consent Management Provider (CMP) consent strings
- Establish a standard way for publishers to white-list vendors
- Enable publishers to limit purposes and features (consistent with the Framework) on a per-vendor basis
Sourcepoint provides the ability to create a pubvendors.json file for you that is based on a vendor list in the Sourcepoint platform. The API will return the list of vendors from the vendor list associated with the ID at the end of the URL. For example, the URL below will return the pubvendors.json file for the vendor list with the id of 5c5331655e25533ae59a6671.
You can retrieve the vendor list ID for a particular list by opening up the vendor list and copying the vendor list ID from the page URL (see screenshot below).
Sites can then amend the file to further restrict the vendors and vendor purposes as the deem necessary. Once the publisher finishes editing the file it is ready for hosting. Similar to the ads.txt and robots.txt files on a publisher's site, a publisher would place the file, "pubvendors.json", in a ".well-known path" of their domain. From there, vendors can crawl the publisher's site and read the file and determine if they have permissions to utilize user data on that site and for what purposes.
For more information on the IAB pubvendors.json spec, please visit the IAB's github repository here.