PBC config updates (#5909)

* PBC config updates * Update pbs-endpoints-pbc.md
prebid · Feb 21, 2025 · 9aaacf6 · 9aaacf6
1 parent ed1b0a1
commit 9aaacf6
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/prebid-server/endpoints/pbs-endpoints-pbc.md b/prebid-server/endpoints/pbs-endpoints-pbc.md
@@ -2,7 +2,6 @@
 layout: page_v2
 sidebarType: 5
 title: Prebid Cache Endpoints
-
 ---
 
 # Prebid Cache Endpoints
@@ -151,6 +150,11 @@ These entries in the PBC application.yaml file define storage-related params:
 
 - `api.storage-path` - path of the storage POST/GET endpoints. Defaults to '/storage'.
 - `api.api-key` - api key to secure storage POST endpoint. Host companies may not want everyone on the internet to be able to store stuff in their cache. The value of this key is set by the PBS host company in the PBC config and in the PBS config. (See [Storage PBC configuration](https://github.com/prebid/prebid-cache-java/blob/master/docs/config.md#storage) for details about where to set this.)
+- `cache.allow-external-UUID` - if 'false' then incoming writes cannot contain UUID key even if there's an API header. This is a master switch for accepting externally-defined keys. Default is 'false'.
+- `api.external-UUID-secured` - (PBC-Java 2.4+) if 'true', adds an additional security API check on top of the `cache.allow-external-UUID` property. It means that writes that contain a key can be only enabled for requests that carry a special header. Default is 'false'.
+- `api.cache-write-secured` - (PBC-Java 2.4+) when 'true' will only allow cache writes for requests that carry a special header. Default is 'false'.
+
+Prebid Server can be configured to pass the `x-pbc-api-key` special header containing the value of `api.api-key`. Both servers are configured with the same key. PBS sends the key on this header and PBC expects it to be there.
 
 The storage feature supports different `applications` and storage providers are configured per `application`. For now, only [Redis](https://redis.io/) is supported for storage. To configure Redis storage for particular application, configure the `storage.redis.{application-name}` property.
 If no `applications` are needed, set `storage.redis` to `{}` in application.yaml like so:
@@ -163,8 +167,13 @@ storage:
 Utilizing all the properties above, sample storage configuration:
 
 ```yaml
-api.storage-path: /storage
-api.api-key: API_KEY
+api:
+  storage-path: /storage
+  api-key: API_KEY
+  external-UUID-secured: true
+  cache-write-secured: false
+cache:
+  allow-external-UUID: true
 storage:
   redis:
     id-data: