Implementation process

All the In-App implementation requires consultation with your Account Manager and QA process before going live.

Implementation code

<div class="OUTBRAIN" 
<script type="text/javascript" async="async" 

Google Ad Manager format with macros

Please consult with your Sales Engineer or Partner Manager before using

GAM macros

The logic to dynamically populate data-src, data-ob-user-id and data-consent-string need to use GAM macros.

<div class="OUTBRAIN" 
<script type="text/javascript" async="async" 


Attribute Name Requirement Description Example value
data-src Required The crawlable web URL of the current content of the App “”
data-widget-id Required The widget id that you received from your Account Manager “AR_1”
data-ob-user-id Required The Advertising ID(IDFA/AAID) assigned by the device or operating environment “EA7583CD-A667-48BC-B806-42ECB2B48606”
data-ob-installation-key Required The partner key that you received from your Account Manager “DEMOP1MN24J3E1MGLQ92067LH”
data-ob-app-id Optional The App’s unique identifier iOS: Bundle ID, Android: Application ID/Package Name “com.king.candycrushsaga”
data-ob-app-ver Optional A version number of the App “1.0.0”
data-external-id Optional A unique key for report breakdowns. See Engage External Id Report API for details “123abcXYZ”
data-external-secondary-id Optional A secondary key for Engage External Id Report breakdowns as same as external-id. “456defABC”
data-consent-string Optional: Only if TCF API is not available Base64-encoded consent string, as defined by the IAB for TCF v2.0 “CO4SiGQO4SiGQAGABBENAzCgAP…(omitted)…YAAAAAAAAAAA”
data-consent-version Optional Version of TCF consent string “2”
data-ccpa-string Optional: Only if US API is not available. Four digit US privacy string, as defined by IAB for CCPA compatibility. See about IAB CCPA Compliance Framework here “1YNN”
data-click-url Optional An image pixel URL for tracking clicks on paid recommendations “”
data-dark-mode Optional A boolean flag for activating dark mode settings on the widget. Set to true if instructed by Outbrain to show widget in dark mode design. Dark Mode setting need to be set by Outbrain on the widget first. This is not a dynamic state – widget needs reloaded to take effect. “true”

Parameters in detail

Advertising ID

It is mandatory to pass the Advertising ID for Outbrain installations in mobile apps, according to Google and Apple guidelines and developer agreements. In compliance with Google and Apple guidelines, if the user is opted out of ad tracking, please pass the value null (case sensitive) as a value

Consent / US privacy String

Our JS Widget is fully compliant to TCF v2.0 and CCPA. It will automatically fetch consent/US privacy string from CMPs, so there’s no need to pass consent string manually. However, if the WebView does not support TCF API or US API, it’s possible to pass consent/US privacy string directly to widgets by using the data-consent-string or data-ccpa-string attribute.

Navigate to Paid Recommendations

Use SFSafariViewController(iOS)/ChromeCustomTab(Android) or Safari/Chrome browsers for all paid recommendations. Please make sure to open the Outbrain redirect URL ( directly without any URL manipulation.

Mandatory setup for Android App: Charles Proxy Support

In order to verify that your app is working according to our guidelines, we use a software called Charles Proxy to monitor the networking coming in and out of the app.

For Android 7.0 or newer, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app.

This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

      <!-- Trust user added CAs while debuggable only -->
      <certificates src="user" /> 

Then add a reference to this file in your app’s manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >