Security and Role-Based Access Control

LtvAdx uses a granular RBAC system to control what each user can see and do across all portal types — publisher, advertiser, agency, ad network, operator, and network admin.

Account roles

Every LtvAdx account is assigned one or more roles. Roles are issued as JWT claims and enforced at the API layer. Portal views are filtered to show only data and actions permitted by the user's role.

RolePortalCapabilities
NETWORK_ADMINAdminFull platform access. User management, settings, all portals, billing, and Knowledge Base (unrestricted).
PLATFORM_SUPER_ADMINAdminAll NETWORK_ADMIN rights plus infrastructure settings and debug tools.
NETWORK_ANALYSTAdminRead-only access to all reporting, pacing, and delivery data. No configuration writes.
NETWORK_FINANCEAdminBilling, wallet management, publisher statements, advertiser invoices.
NETWORK_SUPPORTAdminRead-only access to user accounts, campaigns, and channels for support workflows.
PUBLISHERPublisher PortalManage own channels, ad breaks, floor prices, SSAI config, and view revenue reports.
ADVERTISERAdvertiser PortalCreate campaigns, line items, upload creatives, view delivery and VCR reports.
AGENCYAgency PortalManage multiple advertiser clients, create deals, view consolidated reporting.
AD_NETWORKAd Network PortalConfigure DSP seats, view RTB reports, browse deal inventory.
OPERATOROperator PortalManage addressable inventory, household segments, and linear schedules.

Knowledge Base access tiers

The Knowledge Base uses a separate four-tier system (VIEWER → OPERATOR → ANALYST → ADMIN) mapped from these roles. NETWORK_ADMIN sees all content including architecture internals, ML implementation details, and API internals. ADVERTISER, PUBLISHER, and similar roles see OPERATOR-tier content only — practical guides without sensitive implementation details.

JWT authentication

All API requests authenticate with a short-lived JWT. Tokens are issued by the LtvAdx auth service and expire after 1 hour. Refresh tokens are valid for 30 days. The JWT payload includes:

{
  "sub":       "user_abc123",
  "role":      "ADVERTISER",
  "networkId": "net_xyz",
  "tenantId":  "tenant_abc",
  "exp":        1748995200,
  "iat":        1748991600
}

Multi-context users (e.g. an agency user managing both publisher and advertiser accounts) receive a context switcher in the dashboard and can issue context-scoped tokens via POST /api/v1/auth/context/switch.

API key scoping

Long-lived API keys are available for server-to-server integrations (reporting pipelines, conversion tracking, identity resolution). Each key is scoped to a specific role and can optionally be restricted to specific IP ranges:

# Generate a scoped API key
POST https://api.ltvadx.com/api/v1/auth/api-keys
Authorization: Bearer {admin-jwt}

{
  "name":        "Reporting pipeline key",
  "role":        "NETWORK_ANALYST",
  "ipAllowlist": ["203.0.113.0/24"],
  "expiresAt":   "2027-01-01T00:00:00Z"
}

# Response
{ "apiKey": "ltv_sk_live_...", "keyId": "key_abc123" }

Data encryption

  • All data in transit is encrypted via TLS 1.3.
  • MongoDB data at rest uses AES-256 encryption.
  • HouseholdIDs and device identifiers in the serving snapshot are hashed before storage.
  • API keys are stored as bcrypt hashes — LtvAdx cannot retrieve a key after creation.
  • Serving logs are retained for 24 months; PII (raw IPs, device IDs) is purged after 90 days.

Consent and privacy controls

LtvAdx enforces consent at the serving layer:

  • TCF 2.2 — Pass the IAB TC string in the VAST request (&gdpr=1&gdpr_consent={tcString}). LtvAdx parses purpose consents and restricts targeting and identity resolution accordingly.
  • CCPA / US Privacy — Pass &us_privacy={uspString}. Opt-out signals disable data sales (RTB sharing) and limit targeting.
  • GPP (Global Privacy Platform) — Pass &gpp={gppString}&gpp_sid={sectionId} for multi-state US compliance.
  • LMT (Limit Ad Tracking) — Pass &lmt=1 to disable household-level targeting and frequency capping. Contextual-only mode applies.

Audit logging

All configuration changes made in the dashboard are written to an immutable audit log with user ID, timestamp, action, and before/after state. Audit logs are retained for 1 year and accessible via Dashboard → Admin → Activity Log (NETWORK_ADMIN only) or via the Activity Log API:

GET https://api.ltvadx.com/api/v1/admin/audit-log
    ?from=2026-06-01
    &actorId=user_abc123
    &action=line_item.status_changed

# Response
[
  {
    "id":        "evt_audit_123",
    "actor":     { "userId": "user_abc", "role": "NETWORK_ADMIN" },
    "action":    "line_item.status_changed",
    "entityId":  "li_xyz789",
    "before":    { "status": "ACTIVE" },
    "after":     { "status": "PAUSED" },
    "timestamp": "2026-06-03T14:22:00Z",
    "ipAddress": "203.0.113.45"
  }
]