Ad Measurement Setup: Quick Guide

A complete guide to secure and privacy-preserving ad measurement computations between ad publishers and advertisers

Get Started on AWS
Step 1

Subscribe via AWS Marketplace

Launch the AMI in minutes, no engineering effort required.

Step 2

Upload Pre-processed Data

Follow the 2025 TikTok Attribution Data Schema for formatting.

Your S3 bucket name will look like #{your-stack-name}-mpcfilesbucket-#{random-postfix}. Place your file in the inputs folder so the URI resembles:

s3://{bucket_name}/inputs/{input_file_name}.csv

Keep this URI for later use.

Step 3

Get API Gateway URL

In the AWS Console, go to API Gateway → APIs → PrivacyGoAdMeasurementInterface → Stages → Prod. Copy the Invoke URL shown on the right. It will look like:

https://{api_id}.execute-api.{region}.amazonaws.com/prod/
Primary Endpoint:
/measure/triggerMPCExecution — starts an MPC execution (requires both parties).
Show other available endpoints
  • /measure/listMPCResources — lists running MPC executions and tasks.
  • /measure/describeMPCExecution — returns details of a specific execution.
  • /measure/stopMPCExecution — stops a running execution.
  • /measure/cleanUpMPCResources — cleans up all running executions and tasks.
Step 4

Set Up Run Permissions

The deployment creates an IAM policy named InvokePrivacyGoAdMeasurementInterfacePolicy-{api_id}. Attach it to the user who will call the API:

  1. Open IAMUsers[Your User]Add permissionsAttach policies directly.
  2. Select InvokePrivacyGoAdMeasurementInterfacePolicy-{api_id}Add permissions.

If you have awscurl, you can directly call the API using this user's credentials. If you don't have awscurl, set up AWS Access Key ID and Secret Access Key in Postman, then follow the optional substeps below.

Optional Programmatic access via Postman (no awscurl)
  1. Create access keys: IAMUsers[Your User]Security credentialsCreate access key. Store keys securely.
  2. In Postman, set Authorization to AWS Signature, then enter Access Key ID, Secret Access Key, Region, and Service execute-api.
Optional Smoke test: list resources

POST an empty JSON body to confirm access. A healthy setup returns empty lists.

This is a good way to test that your IAM permissions and API Gateway endpoint are set up correctly before trying a full computation.

POST https://{api_id}.execute-api.{region}.amazonaws.com/prod/measure/listMPCResources
Content-Type: application/json

{}
Tip: Subscribe to PrivacyGoAdMeasurementResultNotificationTopic in Amazon SNS to receive completion/failure alerts.
Step 5

Invoke Computation via HTTP request

Use Postman or awscurl to send a POST request to trigger the execution:

POST https://{api_id}.execute-api.{region}.amazonaws.com/prod/measure/triggerMPCExecution

With the following JSON body:

{
  "configFilePath": "core/receiver.json",
  "targetAccountId": "xxxx", /*int, 12-digit AWS account ID of the counter-party*/
  "inputFilePath": "s3://privacygoadmeasurementservice-mpcfilesbucket-xxx/xxx.csv",
  /* string, S3 path of the input file in Step 2 */
  "idsNum": "4", /*int, number of IDs to match, >0 */
  "timeWindow": "604800"
}
Step 6

View Results

If subscribed to SNS, you will receive a status update upon completion. You can view the final measurement results in CloudWatchLog groupsPrivacyGoAdMeasurementLogGroup.

Results include the match rate by PII type, total conversion and the number of converters per event.

© PrivacyGo Tutorial for AWS Marketplace