Server-side AWS Elemental MediaTailor integration with Google's ad platforms

MediaTailor automatically authenticates server-to-server connections with Google Ad Manager (GAM), Google Campaign Manager (GCM), and Google Display & Video 360 (DV360) using SSL certificates issued by Google to AWS Elemental MediaTailor. When MediaTailor detects ad requests or tracking events destined for Google ad servers, it automatically establishes the required secure, authenticated connection—no additional SSL certificate setup or support ticket is required.

Prerequisite: You must have an active account with the relevant Google ad platform (Google Ad Manager, Google Campaign Manager, or Display & Video 360).

MediaTailor applies Google-issued SSL certificate authentication based on the following destination URI rules:

Google Ad Manager (GAM): server-side ad requests

This rule triggers on ad requests to serverside.doubleclick.net, including when you configure the ADS Template URL with that domain or when a redirect ad request resolves to it.
MediaTailor adds the ssss=mediatailor query parameter if it is not present, then secures the connection using a Google-issued SSL certificate.
This provides access to Authorized Buyers—Google's real-time ad sales marketplace and ad exchange.

Google Ad Manager (GAM): redirected ad requests inside VMAP

This rule triggers on pubads.g.doubleclick.net redirected ad requests when MediaTailor has previously seen VAST redirects to serverside.doubleclick.net in the current request and a previous ADS response was a VMAP response.
MediaTailor automatically changes the domain to serverside.doubleclick.net and establishes an authenticated connection using the Google-issued SSL certificate.
This enables access to Authorized Buyers for VMAP-based ad workflows.

Google Campaign Manager (GCM): ad-serving and tracking requests

This rule triggers on ad.doubleclick.net ad-serving and tracking requests when the URI contains /ddm/pfadx/ or /ddm/trackimp/ (encoded or unencoded).
MediaTailor automatically changes the domain to serverside.doubleclick.net and establishes an authenticated connection using the Google-issued SSL certificate.
This supports advertisers running campaigns on these platforms with more accurate reporting and fewer rejected impressions.

Display & Video 360 (DV360): ad requests

This rule triggers on bid.g.doubleclick.net or pagead2.googlesyndication.com ad requests when the URI contains /dbm/vast/ (encoded or unencoded).
MediaTailor automatically changes the domain to serverside.doubleclick.net and establishes an authenticated connection using the Google-issued SSL certificate.
This enables authenticated ad serving for Display & Video 360 campaigns.

All other ad requests are processed without Google-issued SSL certificate authentication.

Note

SSL certificate authentication is now automatic. If you previously submitted a support ticket to enable SSL certificates, no action is needed—your configurations continue to work.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Integrating with Google's ad platforms

Client-side integration