(no title)

At my previous job we had a dormant bid server hooked up to MoPub for months, receiving hundreds of bid requests a second that we just dropped or replied "no bid" to.

Many publishers and exchanges these days are using the OpenRTB format, which you can find e.g. here for MoPub: https://developers.mopub.com/dsps/integration/openrtb/

The call out to make are the fields device.d(p)idmd5, device.d(p)idsha1 (both now deprecated), and device.ifa, as well as the user/data/segment fields. That's where user ID's (and potentially other data) are passed around. Some exchanges pass a bunch of data, others pass less data but allow you to do a cookie or device-ID exchange/sync so that one side of the transaction can map the other's ID's to theirs, so that the bidder can look up their user profile information. (which they've either bought or accumulated somehow).

Looks like MoPub doesn't pass ID/buyerId any more (it's strikethrough'd), but they do still pass data/segment fields. Not sure what those contain though, perhaps others can chime in.

For what it's worth, getting approved as an ad network is potentially non-trivial. I don't know all the steps involved, but you do need to demonstrate that you can at least meet minimum network response latencies, among other things. Additionally, most exchanges do have some sort of bidrate/winrate monitoring that will eventually throttle you if you're not participating "in good faith" or with reasonable bids/expectations of winning (it's costing them processing power and bandwidth to send you a request even if you don't win). Most also have ToS (for whatever good that does; enforcement may or may not be strong) restricting your ability to collect and store data received from bids (you're typically only allowed to store data from the bid IF you've won the auction). I've heard anecdotes of companies trying to tap into bid flow as "passive observers" this way and ending up getting cut off.