Protected Audience API: developer guide

Developer guide for on-device ad auctions to serve remarketing and custom audiences, without cross-site third-party tracking.

Published on Updated on


FLEDGE has been renamed to Protected Audience API. To learn more about the name change, see the blog post.


The Privacy Sandbox Relevance and Measurement origin trial ended September 20, 2023 and the APIs are now available for 99% of Chrome users, and origin trial enrollment is now closed. To keep abreast of the percentage of users each API is enabled for, refer to the Chrome status graphs.

For those new to the Protected Audience API, read the Protected Audience API overview for a high-level explanation of the API.

This post is written for developers as a technical reference for the most recent iteration of the experimental Protected Audience API. A demo of a basic Protected Audience API deployment is available, as are API references for ad buyers and sellers.

Implementation status

To be notified of status changes in the API, join the mailing list for developers.

What is the Protected Audience API?

The Protected Audience API is a Privacy Sandbox API designed to serve remarketing and custom audience use cases, designed so that it cannot be used by third parties to track user browsing behavior across sites. The API enables on-device auctions by the browser, to choose relevant ads for websites the user has previously visited.

The Protected Audience API is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals.

Try the Protected Audience API

Available API reference

This document serves as an overview of the Protected Audience API. If you're looking for specific API methods and parameters:

You can also read Protected Audience API ad auction latency best practices.

Protected Audience API demo

A walk-through of a basic Protected Audience API deployment across advertiser and publisher sites is available at

Watch this end-to-end deployment to learn how the Protected Audience API demo code works and how to use Chrome DevTools for debugging.

Test with chrome://flags or feature flags

You can test the Protected Audience API for a single user in Chrome Beta 101.0.4951.26 and above on desktop:

Render ads in iframes or fenced frames

Ads can be rendered in an <iframe> or a <fencedframe>, depending on which flags are set.

To use <fencedframe> to render ads:


To use <iframe> to render ads:

--enable-features=InterestGroupStorage,AdInterestGroupAPI,Fledge,AllowURNsInIframes --disable-features=FencedFrames

Include the BiddingAndScoringDebugReportingAPI flag to enable temporary debug loss/win reporting methods.

This is an in-progress version of the Protected Audience API for early testing. It shouldn't be considered complete or indicative of the final implementation. Protected Audience API progress and status are discussed in the regular WICG meetings.

The Privacy Sandbox timeline provides implementation timelines for Protected Audience API and other Privacy Sandbox APIs.

Supported features

Protected Audience API behind feature flags in Chromium is a first experiment to test the following features of the Protected Audience API:

  • Interest groups: stored by the browser, with associated metadata to configure ad bidding and rendering.
  • On-device bidding by buyers (DSP or advertiser): based on stored interest groups and signals from the seller.
  • On-device ad selection by the seller (SSP or publisher): based on auction bids and metadata from buyers.
  • Ad rendering in a temporarily relaxed version of Fenced Frames: with network access and logging allowed for ad rendering.

Read more about feature support and constraints in the Protected Audience API explainer.

Interest group permissions

The default for the current implementation of the Protected Audience API is to allow calling joinAdInterestGroup() from anywhere in a page, even from cross-domain iframes.

In the future, once site owners have had time to update their cross-domain iframe permissions policies, the plan is to disallow calls from cross-domain iframes.

Key/Value service

To support the Protected Audience API ad auction, the browser can access a key/value service to retrieve real-time information which supports the Protected Audience API ad auction. This information could be used in a number ways:

  • Buyers may want to calculate the remaining budget in an ad campaign.
  • Sellers may be required to check ad creatives against publisher policies.

The Protected Audience API key/value service code is now available. Check out the announcement blog post for the status update.

For initial testing, a "Bring Your Own Server" model was introduced. In the long-term, ad techs will need to use the open-source Protected Audience API Key/Value services running in trusted execution environments.

Refer to the Protected Audience API services blog post for timeline updates. We'll provide substantial notice for developers to begin testing and adoption before this transition takes place.

Detect feature support

Before using the API, check if it's supported by the browser and available in the document:

'joinAdInterestGroup' in navigator &&
document.featurePolicy.allowsFeature('join-ad-interest-group') &&
document.featurePolicy.allowsFeature('run-ad-auction') ?
console.log('navigator.joinAdInterestGroup() is supported on this page') :
console.log('navigator.joinAdInterestGroup() is not supported on this page');

Feature support on the current page isn't a guarantee that an API is usable. The user may have disabled the API via browser settings, or they may have other settings that prevent the API from being used. In order to protect user privacy, there is no way to check for this programmatically.

How does the Protected Audience API work?

In this example, a user browses the website of a custom bike maker, then later visits a news website and is shown an ad for a new bike from the bike maker.


Not all features described in this post have been implemented (or fully implemented) in the version of the Protected Audience API currently being tested in Chrome. Test with feature flags explains what Protected Audience API features are currently available for testing in Chrome run from the command line.

Features of the Protected Audience API will be added over time as work on implementation progresses.

1. A user visits an advertiser site

A person visiting a custom bike manufacturer site in a browser on their laptop.

Imagine that a user visits the website of a custom bike maker (the advertiser) in this example) and spends some time on the product page for a handmade steel bike. This provides the bike maker with a remarketing opportunity.

2. The user's browser is asked to add an interest group

A user opens a browser on their laptop and visits a site. JavaScript   code for joining ad interest groups is running in the browser.

The advertiser's demand-side platform (DSP) (or the advertiser itself) calls navigator.joinAdInterestGroup() to ask the browser to add an interest group to the list of groups the browser is a member of.

In this example, the group is named custom-bikes, and the owner is dsp.example. The interest group owner (in this case, the DSP) will be a buyer in the Protected Audience API ad auction. Interest group membership is stored by the browser, on the user's device, and is not shared with the browser vendor or anyone else.

The origin of the calling context for joinAdInterestGroup() must match the interest group owner's origin.

joinAdInterestGroup() must be called from an iframe owned by the interest group owner (for example, from a DSP). If the origin of the current document is the same as the interest group owner (for example, a website with its own interest groups), no iframe is needed.

Specify ads for an interest group

ads and adComponents objects include a URL for an ad creative and, optionally, arbitrary metadata that can be used at bidding time. For example:

renderUrl: 'https://cdn.example/.../bikeAd1.html',
metadata: bikeAd1metadata // optional

How do buyers make bids?

generateBid() is called for each interest group that the browser is a member of—if the interest group's owner is invited to bid.

Read the generatedBid() developer documentation.

3. The user visits a site that sells ad space

A person visits a news website in a browser on their laptop. The site   has an empty ad slot.

Later, the user visits a site that sells ads space, in this example a news website. The site has ad inventory, which it sells programmatically with real-time bidding.

4. A ad auction is run in the browser

A person views a news website in a browser on their laptop. A Protected Audience API ad auction is run to pick an ad for the available ad space.

The ad auction is likely to be run by the publisher's supply-side provider (SSP), or the publisher itself. The purpose of the auction is to select the most appropriate ad for a single available ad slot on the current page. The auction takes into account the interest groups the browser is a member of, along with data from ad-space buyers and the sellers from the Key/Value services.

5. The seller and participating buyers request real-time data from the Key/Value service

The user views a news website in a browser on their laptop. An ad   auction using the Protected Audience API is taking place, with a participant getting data from the Key/Value service.

During an ad auction, the seller can request real-time data about specific ad creatives by making a request to their Key/Value service. The seller can request this information during runAdAuction() by the trustedScoringSignalsUrl property, along with the keys from the renderUrl properties of all entries in the ads and adComponents fields of all interest groups in the auction.

A buyer can request real-time data from their Key/Value service using the trustedBiddingSignalsUrl and trustedBiddingSignalsKeys properties of the interest group argument passed to navigator.joinAdInterestGroup().

When runAdAuction() is called, the browser makes a request to each ad buyer's trusted server. The URL for the request might look like this:

  • The base URL comes from trustedBiddingSignalsUrl.
  • The hostname is provided by the browser.
  • The keys value is taken from trustedBiddingSignalsKeys.

The response to this request is a JSON object providing values for each of the keys.


While in the initial experimental phase of testing the Protected Audience API, trustedBiddingSignalsUrl must have the same origin as the interest group owner. Learn more in Bring Your Own Server.

6. The winning ad is displayed

A person views a news website in a browser on their laptop. An ad   for 20% off a bike is displayed in a secure fenced frame.

The promise returned by runAdAuction() resolves to a fenced frame config object (FencedFrameConfig) when theresolveToConfig flag is set to true in the auction config. The frame config is used by a fenced frame to navigate the frame to the winning ad, but the URL of the ad is not visible to the frame embedder.

The FencedFrameConfig object is returned only when the flag resolveToConfig is set to true in the auction config. If the flag is not set, or is false, an opaque URN will be returned which can only be rendered in an iframe.

Fenced frame config object is available starting from M114. For more on the FencedFrameConfig object, see the Chrome blog article.

7. The auction result is reported

The long-term plan is to allow the browser to report auction results for the seller and buyers using the Private Aggregation APIs.

As a temporary event-level reporting mechanism, the code implementing reportResult() for the seller, and reportWin() for the winning bidder, can call the sendReportTo() function. This takes a single argument: a string representing a URL that is fetched after the auction completes, which encodes event-level information to be reported.

8. An ad click is reported

A person clicks on an ad for a bike, embedded with a fenced frame, on a news website. The report data is sent to seller and buyers.

A click on an ad rendered in a fenced frame is reported. To learn more about how this might work, see Fenced Frames Ads Reporting.

An overview of each stage of a Protected Audience API ad auction
This diagram outlines each stage of a Protected Audience API auction. View a larger version.

What is the difference between the Protected Audience API and TURTLEDOVE?

The Protected Audience API is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals.

The Protected Audience API follows TURTLEDOVE's high-level principles. Some online advertising has been based on showing an ad to a potentially-interested person who has previously interacted with the advertiser or ad network. Historically this has worked by the advertiser recognizing a specific person as they browse across web sites, a core privacy concern with today's web.

The TURTLEDOVE effort is about offering a new API to address this use case while offering some key privacy advances:

  • The browser, not the advertiser, holds the information about what the advertiser thinks a person is interested in.
  • Advertisers can serve ads based on an interest, but cannot combine that interest with other information about a person—in particular, who they are or what page they are visiting.

The Protected Audience API grew out of TURTLEDOVE and a collection of related proposals for modifications to better served the developers who would be using the API:

  • In SPARROW: Criteo proposed the addition of a ("Gatekeeper") service model running in a trusted execution environment (TEE). The Protected Audience API includes a more limited use of TEEs, for real-time data lookup and aggregated reporting.
  • NextRoll's TERN and Magnite's PARRROT proposals described the different roles that buyers and sellers had in the on-device auction. The Protected Audience API's ad bidding/scoring flow is based on this work.
  • RTB House's Outcome-based and Product-level TURTLEDOVE modifications improved the anonymity model and personalization capabilities of the on-device auction
  • PARAKEET is Microsoft's proposal for a TURTLEDOVE-like ad service that relies on a proxy server running in a TEE between the browser and the ad tech providers, to anonymize ad requests and enforce privacy properties. The Protected Audience API has not adopted this proxying model. We are bringing the JavaScript APIs for PARAKEET and the Protected Audience API into alignment, in support of future work to further combine the best features of both proposals.

The Protected Audience API does not yet prevent a website's ad network from learning which ads a person sees. We expect to modify the API to become more private over time.

Can the Topics API be used with the Protected Audience API?

Yes. An observed topic for the current user, provided by the [Topics API](/docs/privacy-sandbox/topics/), could be used as contextual information by a seller or bidder. A topic could be included in the following properties:
  • auctionSignals, a property of the auction configuration object passed to navigator.runAdAuction()
  • userBiddingSignals, a property of the interest group configuration object passed to navigator.joinAdInterestGroup()

Available browser configuration

Users can adjust their participation for Privacy Sandbox trials in Chrome by enabling or disabling the top-level setting in chrome://settings/privacySandbox.

During initial testing, people will be able to use this high-level Privacy Sandbox setting to opt-out of the Protected Audience API. Chrome plans to allow users to see and manage the list of interest groups that they have been added to across the web sites they have visited. As with the Privacy Sandbox technologies themselves, user settings may evolve with feedback from users, regulators and others.

We'll continue to update the available settings in Chrome based on tests and feedback. In the future, we plan to offer more granular settings to manage the Protected Audience API and associated data.

API callers can't access group membership when users browse in Incognito mode, and membership is removed when users clear their site data.

Engage and share feedback

Get support

To ask a questions and get support with your implementation, the demo, or the documentation:

For more general questions about meeting your needs with the Protected Audience API, file an issue on the API repository. You can also discuss industry use cases in the W3C's Improving Web Advertising Business Group.

Use the Privacy Sandbox feedback form to share feedback privately with the Chrome team outside of public forums.


Want to opt-out of the Protected Audience API? Learn how to block access to the Protected Audience API, as a site owner or an individual user.

Get updates

Updated on Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.