Optionalaccount?: {Unique identifier for this account
Human-readable account name (e.g., 'Acme', 'Acme c/o Pinnacle')
Optionaladvertiser?: stringThe advertiser whose rates apply to this account
Optionalbilling_proxy?: stringOptional intermediary who receives invoices on behalf of the advertiser (e.g., agency)
Optionalbrand?: {Domain where /.well-known/brand.json is hosted, or the brand's operating domain
Optionalbrand_id?: stringOptionalindustries?: string[]Inline override for the brand's industries. Useful when the caller cannot modify the brand's canonical brand.json but needs to declare industries for governance (e.g., Annex III vertical detection). brand.json remains the canonical source; when omitted here, governance agents SHOULD resolve from brand.json.
Optionaldata_subject_contestation?: { url?: string; email?: string; languages?: string[] }Inline override for the brand's contestation contact point. Useful when the operator does not control brand.json but needs to discharge Art 22(3) for this plan. brand.json is canonical; when omitted, governance agents resolve brand → house → missing.
Optionalurl?: stringOptionalemail?: stringOptionallanguages?: string[]Optionalbrand_kit_override?: {Inline override for brand-kit fields normally resolved from /.well-known/brand.json on domain (logo, colors, voice, tagline). Use when brand.json is missing, stale, or inappropriate for this specific call — e.g., a campaign-scoped tagline, a co-branded creative, a freshly-rebranded color palette the brand.json hasn't shipped yet. Same inline-override pattern as industries and data_subject_contestation above: brand.json is canonical, the override is per-call. Adopters needing to override fields outside this subset (voice_attributes, prohibited_terms, etc.) MUST publish a different brand.json and reference it via a different domain — the inline override is intentionally narrow to a small high-traffic subset.
Merge semantics (normative). The merge is field-level, not whole-object replacement. Each field within brand_kit_override (logo, colors, voice, tagline) is evaluated independently — when a field is present on the override the override value applies; when a field is absent the brand.json value applies (or is absent if brand.json doesn't carry one either). For composite fields (colors.primary, colors.secondary, colors.accent), the merge is one level deeper: each color slot is evaluated independently — a producer can override colors.primary while still inheriting colors.secondary from brand.json. SDKs MUST NOT treat a present brand_kit_override.colors as wiping the brand.json colors block entirely; only the per-slot fields present in the override take precedence. Without this rule, a partial-override semantics would diverge across SDKs and produce inconsistent rendering for the same payload.
Optionallogo?: {Discriminator identifying this as an image asset. See /schemas/creative/asset-types for the registry.
URL to the image asset
Width in pixels
Height in pixels
Optionalformat?: stringImage file format (jpg, png, gif, webp, etc.)
Optionalalt_text?: stringAlternative text for accessibility
Optionalprovenance?: {Optionaldigital_source_type?: ...Optionalai_tool?: ...AI system used to generate or modify this content. Aligns with IPTC 2025.1 AI metadata fields and C2PA claim_generator.
Optionalhuman_oversight?: ...Level of human involvement in the AI-assisted creation process. Independent of disclosure.required — the protocol does not derive disclosure obligations from oversight level. Some regulations include carve-outs for human-edited or human-directed AI output, but those carve-outs have factual prerequisites the schema cannot evaluate. Asserting edited or directed does not by itself justify disclosure.required: false.
Optionaldeclared_by?: ...Party declaring this provenance. Identifies who attached the provenance claim, enabling receiving parties to assess trust.
Optionaldeclared_at?: ...When this provenance claim was made (ISO 8601). Distinct from created_time, which records when the content itself was produced. A provenance claim may be attached well after content creation, for example when retroactively declaring AI involvement for regulatory compliance.
Optionalcreated_time?: ...When this content was created or generated (ISO 8601)
Optionalc2pa?: ...C2PA sidecar manifest reference. Links to a detached cryptographic provenance manifest for this content. Note: file-level C2PA bindings break when ad servers transcode, resize, or re-encode assets. For pipelines with intermediaries, consider embedded_provenance as the primary provenance mechanism.
Optionalembedded_provenance?: ...Provenance metadata embedded within the content stream. Each entry declares one embedding layer: structured provenance data carried inside the content itself, as distinct from sidecar references (c2pa.manifest_url). Embedded provenance survives operations that break sidecar and file-level bindings: ad-server transcoding, CMS ingestion, copy-paste, reformatting, and CDN re-encoding. For ad-tech pipelines where content passes through multiple intermediaries, embedded provenance is the reliable path for provenance that persists from declaration through delivery. This is a declaration by the embedding party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in creative_policy.accepted_verifiers).
Optionalwatermarks?: ...Content watermarks applied to this asset. Each entry declares one watermarking layer: a content modification that encodes an identifier or fingerprint within the asset. Watermarks differ from embedded provenance: a watermark encodes an identifier (who generated it, who owns it), while embedded provenance carries or references a structured provenance record (the full chain of custody). A single asset may carry both. Aligns with C2PA action taxonomy: c2pa.watermarked.bound (watermark linked to a C2PA manifest) and c2pa.watermarked.unbound (watermark independent of any manifest). This is a declaration by the watermarking party. The receiving party (the seller) is the verifier-of-record: it confirms the claim by calling a governance agent it trusts (typically one published in creative_policy.accepted_verifiers).
Optionaldisclosure?: ...Regulatory disclosure requirements for this content. Indicates whether AI disclosure is required and under which jurisdictions.
Optionalverification?: ...Third-party verification or detection results for this content. Multiple services may independently evaluate the same content. Provenance is a claim — verification results attached by the declaring party are supplementary. The enforcing party (e.g., seller/publisher) should run its own verification via get_creative_features or calibrate_content.
Optionalext?: ...Optionalcolors?: { primary?: string; secondary?: string; accent?: string }Override brand colors (hex strings).
Optionalprimary?: stringOptionalsecondary?: stringOptionalaccent?: stringOptionalvoice?: stringOverride brand-voice description for surface-composed text/audio output.
Optionaltagline?: stringOverride tagline.
Optionaloperator?: stringDomain of the entity operating this account. When the brand operates directly, this is the brand's domain.
Optionalbilling?: BillingPartyOptionalbilling_entity?: Omit<Optionalrate_card?: stringIdentifier for the rate card applied to this account
Optionalpayment_terms?: PaymentTermsOptionalcredit_limit?: { amount: number; currency: string }Maximum outstanding balance allowed
Optionalsetup?: { url?: string; message: string; expires_at?: string }Present when status is 'pending_approval'. Contains next steps for completing account activation.
Optionalurl?: stringURL where the human can complete the required action (credit application, legal agreement, add funds).
Human-readable description of what's needed.
Optionalexpires_at?: stringWhen this setup link expires.
Optionalaccount_scope?: AccountScopeOptionalgovernance_agents?: { url: string }[]Governance agent endpoint registered on this account. Exactly one entry per sync_governance's one-agent-per-account invariant. The array shape is preserved for wire compatibility with 3.0; maxItems: 1 is load-bearing and mirrors the singular governance_context on the protocol envelope. Authentication credentials are write-only and not included in responses — use sync_governance to set or update credentials.
Optionalreporting_bucket?: {Cloud storage bucket where the seller delivers offline reporting files for this account. Seller provisions a dedicated bucket or a per-account prefix within a shared bucket, and grants the buyer read access out-of-band. Access MUST be scoped at the IAM layer so each account can only read its own prefix — bucket-wide grants are non-compliant even with per-account prefixes. Seller MUST revoke access when the account's status transitions to inactive, suspended, or closed. See security considerations for offline delivery in docs/media-buy/media-buys/optimization-reporting. Only present when the seller supports offline delivery (reporting_delivery_methods includes 'offline' in capabilities).
Bucket or container name
Optionalprefix?: stringPath prefix within the bucket. Seller appends date-based partitioning beneath this prefix.
Optionalregion?: stringCloud region for the bucket
Optionalformat?: "jsonl" | "csv" | "parquet" | "avro" | "orc"File format for delivered files. Parquet, Avro, and ORC use internal compression (the top-level compression field is ignored for these formats).
Optionalcompression?: "gzip" | "none"Compression applied to delivered files
How long reporting files are retained in the bucket before deletion. Buyers must read files within this window. Minimum recommended: 14 days.
Optionalsetup_instructions?: stringURL to documentation for configuring buyer read access to this bucket (IAM role, service account, etc.). Operator-facing documentation — buyer agents MUST NOT auto-fetch this URL; surface it to a human operator. If an implementation fetches it (for preview), apply webhook URL SSRF validation and do not pass the fetched content into an LLM context without indirect-prompt-injection guarding. See docs/media-buy/media-buys/optimization-reporting#security-considerations-for-offline-delivery.
Optionalsandbox?: booleanWhen true, this is a sandbox account — no real platform calls, no real spend. For account-id namespaces, sandbox accounts are pre-existing test accounts on the platform discovered via list_accounts or supplied out-of-band. For buyer-declared accounts, sandbox is part of the natural key: the same brand/operator pair can have both a production and sandbox account.
Optionalnotification_configs?: (Account-level webhook subscriptions for notifications whose lifecycle outlives any single media buy (e.g., creative.status_changed, creative.purged, wholesale feed change payloads). This is an account-scoped delivery surface, not an account-object lifecycle event stream; account status changes are observed through list_accounts polling or the one-shot sync_accounts.push_notification_config async result channel. Distinct from push_notification_config on individual operations, which anchors at a per-resource scope. Buyers register and update entries via sync_accounts; sellers echo the applied state here on list_accounts reads so buyers can verify what's active. The set is keyed by account-scoped subscriber_id; re-registering the same subscriber_id replaces that subscriber's config. authentication.credentials is write-only — sellers MUST NOT echo legacy auth credentials in this response. When two or more entries register the same event_types, each receives an independent fire — see #3009 multi-subscriber composition.
Optionalext?: Omit<Omit<{}, "bank">, "authentication"> & { authentication?: unknown }Optionalinvoice_recipient?: Omit<Optionalmedia_buy_status?: MediaBuyStatusOptionalstatus?: MediaBuyStatusOptionalconfirmed_at?: string | nullISO 8601 timestamp when this media buy was committed by the seller. Stable after it is set; do not update on later pause/resume/status/reporting transitions. May be null in deferred or manual-approval flows until seller commitment occurs.
Optionalcreative_deadline?: stringISO 8601 timestamp for creative upload deadline
Optionalrevision?: numberInitial revision number for this media buy. Use in subsequent update_media_buy requests intended to change state for optimistic concurrency.
Optionalcurrency?: stringISO 4217 currency code (e.g., USD, EUR, GBP) for monetary values at this media buy level. total_budget is denominated in this currency. Package-level fields may override with package.currency. In proposal mode the seller derives this from the request's total_budget object (total_budget.currency); in manual mode it is present when all packages share a currency. Matches the currency field in subsequent get_media_buys responses.
Optionaltotal_budget?: numberTotal budget amount across all packages, denominated in currency. Note: the create_media_buy request encodes total_budget as an object {amount, currency} (proposal mode only); this response field is the flattened scalar amount, with currency promoted to the sibling currency field. Present when the seller can compute a deterministic aggregate — always in proposal mode, conditionally in manual mode when all packages share a currency. Matches the total_budget field in subsequent get_media_buys responses.
Optionalvalid_actions?: MediaBuyValidAction[]Flat-vocabulary actions the buyer can perform on this media buy after creation. Saves a round-trip to get_media_buys. Deprecated in favor of available_actions[], which carries mode, optional SLA, and optional terms_ref. Sellers SHOULD populate both during the 3.x deprecation window; consumers MUST prefer available_actions[] when both are present. Removed in 4.0.
Optionalavailable_actions?: {Structured per-buy resolution of actions available immediately after creation. Authoritative — see get-media-buys-response.json for full semantics.
Array of created packages with complete state information
Optionalplanned_delivery?: {Optionalgeo?: { countries?: string[]; regions?: string[] }Geographic targeting the seller will apply.
Optionalcountries?: string[]ISO 3166-1 alpha-2 country codes where ads will deliver.
Optionalregions?: string[]ISO 3166-2 subdivision codes where ads will deliver.
Optionalchannels?: MediaChannel[]Channels the seller will deliver on.
Optionalstart_time?: stringActual flight start the seller will use.
Optionalend_time?: stringActual flight end the seller will use.
Optionalfrequency_cap?: {Optionalsuppress?: {Cooldown period between consecutive exposures to the same entity. Prevents back-to-back ad delivery (e.g. {"interval": 60, "unit": "minutes"} for a 1-hour cooldown). Preferred over suppress_minutes.
Number of time units. Must be 1 when unit is 'campaign'.
Time unit. 'seconds' for sub-minute precision. 'campaign' spans the full campaign flight.
Optionalsuppress_minutes?: numberDeprecated — use suppress instead. Cooldown period in minutes between consecutive exposures to the same entity (e.g. 60 for a 1-hour cooldown).
Optionalmax_impressions?: numberMaximum number of impressions per entity per window. For duration windows, implementations typically use a rolling window; 'campaign' applies a fixed cap across the full flight.
Optionalper?: ReachUnitEntity granularity for impression counting. Required when max_impressions is set.
Optionalwindow?: {Time window for the max_impressions cap (e.g. {"interval": 7, "unit": "days"} or {"interval": 1, "unit": "campaign"} for the full flight). Required when max_impressions is set.
Number of time units. Must be 1 when unit is 'campaign'.
Time unit. 'seconds' for sub-minute precision. 'campaign' spans the full campaign flight.
Optionalaudience_summary?: stringHuman-readable summary of the audience the seller will target.
Optionalaudience_targeting?: (Structured audience targeting the seller will activate. Each entry is either a signal reference or a descriptive criterion. When present, governance agents MUST use this for bias/fairness validation and SHOULD ignore audience_summary for validation purposes. The audience_summary field is a human-readable rendering of this array, not an independent declaration.
Optionaltotal_budget?: numberTotal budget the seller will deliver against.
Optionalcurrency?: stringISO 4217 currency code for the budget.
Optionalenforced_policies?: string[]Registry policy IDs the seller will enforce for this delivery.
Optionalext?: Omit<Omit<{}, "bank">, "authentication"> & { authentication?: unknown }Optionalsandbox?: booleanWhen true, this response contains simulated data from sandbox mode.
Optionalcontext?: Omit<Omit<{}, "bank">, "authentication"> & { authentication?: unknown }Optionalext?: Omit<Omit<{}, "bank">, "authentication"> & { authentication?: unknown }Optionalsummary: string
Seller's unique identifier for the created media buy