Identity
Datafly Signal manages identity for vendor server-side APIs without loading vendor JavaScript on your site. This page covers the five identifier types Signal maintains, which vendors are covered, and where to configure each.
The five identifier types
Every event Signal collects is tagged with the relevant identifiers from each of these layers. You don’t configure them per event — Signal selects the right identifiers for each destination automatically based on what the vendor’s API accepts.
1. Anonymous ID (always present)
A stable first-party identifier minted on the visitor’s first event and persisted as a first-party cookie on your domain. The anonymous ID:
- Is the join key for every other identifier (vendor IDs, device ID, user ID).
- Persists across sessions on your domain — typically two years, governed by your cookie policy.
- Carries no PII; it’s a random opaque value.
- Is sent to analytics and warehouse destinations that expect a stable per-visitor identifier (Amplitude
device_id, Mixpaneldistinct_id, BigQueryanonymous_id, etc.).
2. Device ID (optional, per pipeline)
Device recognition is an opt-in capability that recognises a returning physical device even after the anonymous-ID cookie has been cleared (private browsing, manual cookie wipe, browser switch on the same machine). It uses privacy-respecting device signals — no fingerprinting, no browser-storage tricks — and is governed by the visitor’s consent state.
- Enabled per pipeline in Collector → Device recognition.
- When the device is recognised, Signal re-attaches the previous anonymous ID to the new session, restoring continuity for analytics and attribution.
- When it’s not recognised (new device, low-confidence match, consent withheld), the visitor gets a fresh anonymous ID and is treated as a new visitor.
3. Authenticated user ID
When your application calls datafly.identify(userId, traits) (web) or Datafly.identify(...) (mobile), the user ID is stitched to the anonymous ID server-side, and:
- All subsequent events for that visitor carry both the anonymous and user IDs.
- The visitor’s prior anonymous events are reattributed to the now-known user in vendors that support back-attribution (Amplitude, GA4 Enhanced Conversions, partner CDPs).
- Optional traits are SHA-256 hashed and sent to vendors that accept hashed PII for matching — email, phone, name, address. Raw PII never leaves your infrastructure. See the hashed-PII coverage table below.
4. Vendor IDs (per destination)
For ad platforms and analytics tools whose server-side APIs accept externally-provided identifiers, Signal generates and maintains the right ID in the right format for the right vendor. You don’t add vendor pixels or JavaScript SDKs to your site to make this work — see the vendor coverage matrix below.
5. Cross-domain ID
If you operate multiple domains as a single customer experience (e.g. brand-a.com + brand-b.com, or marketing.example.com + shop.example.com), Signal can carry the anonymous ID across them so a visitor isn’t seen as two separate users. The Management UI controls which domains are linked and what consent rules apply — see Cross-Domain Identity for setup.
Vendor ID coverage
Signal handles the right identifier for each vendor server-side. The table groups vendors by how identity is sourced.
Vendor IDs Signal generates and maintains server-side
Signal generates the vendor’s expected ID format on the first event, stores it as a first-party cookie on your domain, and sends it back to the vendor on every subsequent event. The vendor sees a stable identifier without their JavaScript running.
| Vendor | ID(s) maintained | Where it’s sent |
|---|---|---|
| Meta (Facebook) | fbp (browser ID), fbc (click ID) | user_data.fbp / user_data.fbc on Meta Conversions API |
| Google Analytics 4 | client_id | @root.client_id on Measurement Protocol |
| TikTok | ttp (browser ID) | user.ttp on TikTok Events API |
_pin_unauth (browser ID) | user_data.external_id on Pinterest Conversions API | |
| Snapchat | _scid (browser ID) | user_data.sc_click_id / external_id on Snap Conversions API |
liFatId (first-party click-derived) | LinkedIn Conversions API user_data | |
| X (Twitter) | twclid-derived browser ID | X Ads Conversions API |
| Microsoft Advertising | msclkid-derived ID | Microsoft UET / Offline Conversions API |
rdt_uuid (browser ID) | Reddit Conversions API user_data | |
| Amplitude | device_id (aligned with Signal’s anonymous_id) | Amplitude HTTP V2 events |
| Adobe Analytics | marketingCloudVisitorID | Adobe Data Insertion API |
| Adobe Experience Platform | ECID (via Adobe ID) | AEP Streaming Ingestion |
Vendor IDs Signal captures from the browser and forwards
For these, Signal reads existing vendor cookies that were set elsewhere (for example by a server-rendered page or by the customer’s own code) and forwards them with each event.
| Vendor | Cookie read | Notes |
|---|---|---|
| Google Ads | _ga | Aligns Signal events with the existing GA4 client_id |
| Mixpanel | distinct_id | If the customer also uses Mixpanel’s JS for browser-side ID |
Click IDs captured automatically
When a visitor lands on your site from a paid ad, Signal pulls the click ID from the URL and attaches it to every subsequent event for that session:
| URL parameter | Vendor | Used by |
|---|---|---|
gclid | Google Ads | Google Ads Offline Conversions API |
gbraid, wbraid | Google Ads (iOS app/web-to-app) | Google Ads Offline Conversions API |
fbclid | Meta | Conversions API (fbc derived from this) |
ttclid | TikTok | TikTok Events API |
msclkid | Microsoft Advertising | UET / Offline Conversions API |
epik | Pinterest Conversions API | |
ScCid | Snapchat | Snap Conversions API |
li_fat_id | LinkedIn Conversions API | |
twclid | X (Twitter) | X Ads Conversions API |
rdt_cid | Reddit Conversions API | |
irclickid | Impact Radius | Impact partnership conversion tracking |
tduid | The Trade Desk | The Trade Desk first-party conversion |
kgid | Kargo | Kargo conversion attribution |
Partner enrichment
Signal can call a connected CDP server-side on every event, attach resolved profile attributes to the event, and optionally expose an allow-listed subset to the browser as window.datafly.profile.amperity (or the equivalent partner namespace) for client-side personalisation. The Profile API token never touches the browser.
| Partner | Capability | Setup page |
|---|---|---|
| Amperity | Streaming event ingest + Profile API enrichment + browser profile hydration | Amperity |
| Zeotap | Event ingest + identity-graph lookup + profile enrichment | Zeotap |
| LiveRamp | RampID-based identity resolution + Authenticated Traffic Solution | LiveRamp |
Mobile attribution platforms
For mobile apps using the Datafly mobile SDKs, Signal forwards conversion events to the major attribution networks. Each receives the IDFA/AAID (when consent permits), the SDK’s anonymous ID, and the captured click/click-through identifiers.
| Vendor | ID used | Setup page |
|---|---|---|
| AppsFlyer | IDFA/AAID + appsflyer_id | AppsFlyer iOS / Android |
| Adjust | IDFA/AAID + adid | Adjust |
| Branch | IDFA/AAID + Branch identity | Branch |
| Singular | IDFA/AAID + singular_device_id | Singular |
| Kochava | IDFA/AAID + KOCHAVA_DEVICE_ID | Kochava |
Authenticated identity (hashed PII)
When you call datafly.identify(userId, traits), Signal can pass user-provided identity values to vendors that support them for matching — always SHA-256 hashed server-side before delivery. Raw PII never leaves your infrastructure.
| Trait | Hashed and sent to |
|---|---|
email | Meta CAPI, Google Ads Enhanced Conversions, TikTok, LinkedIn, Pinterest, Snapchat, Reddit, X, Microsoft, AEP, HubSpot |
phone | Meta CAPI, Google Ads Enhanced Conversions, TikTok, LinkedIn |
first_name, last_name | Meta CAPI, Google Ads Enhanced Conversions, TikTok |
address.city, address.region, address.postal_code, address.country | Meta CAPI, Google Ads Enhanced Conversions |
date_of_birth | Meta CAPI (db), Google Ads Enhanced Conversions |
gender | Meta CAPI (ge) |
Where to configure it
| What | Where in the Management UI |
|---|---|
| Which vendor IDs to generate / forward per pipeline | Integrations → select an integration → Identity |
| Device recognition (per pipeline) | Collector → Device recognition |
| Cross-domain identity linkage | Settings → Domains |
| Partner enrichment (Amperity / Zeotap / LiveRamp) | Integrations → install the partner → configure linking keys |
| PII hashing policy (per integration overrides) | Integrations → select an integration → PII Handling |
| Consent gates per ID category | Settings → Consent (canonical categories map your CMP onto Signal’s gates) |
How to verify it’s working
- Open Pipelines → your pipeline → Live Events in the Management UI.
- Trigger a test event on your site (a page view or test conversion).
- Click the event in the live feed; the destination preview shows the exact payload sent to each vendor, identifiers included.
- Cross-reference in the vendor’s own debugger:
- Meta Test Events (Events Manager)
- GA4 DebugView (Admin → DebugView)
- TikTok Events Manager Test Events
- Pinterest Conversions Health
- Snapchat Events Manager Test Events
- …and equivalent tools for each vendor.
For partner-enrichment integrations, the event’s partner_attrs.amperity (or the equivalent partner namespace) block in the live feed shows the attributes resolved on that event.
More detail
Detailed identity architecture, the full supported-vendor matrix, and the underlying mechanisms are shared with customers in the onboarding pack. Contact your account team for the identity reference document.