Ads.txt and App-ads.txt

Ads.txt and its mobile sibling app-ads.txt are two of the cheapest, highest-leverage trust mechanisms in programmatic advertising. Both are plain text files that a publisher hosts in a predictable place, and both answer one blunt question for every buyer: "Is the company offering this impression actually allowed to sell it?" If the answer is no, the bid should be ignored. That simple yes/no check, applied across billions of daily requests, is what keeps a large slice of domain and app spoofing out of the open auction.

What the files actually contain

An ads.txt file lives at yourdomain.com/ads.txt. Each line names a selling system (an exchange or SSP's canonical domain), the publisher's seller account ID on that system, a relationship type of DIRECT or RESELLER, and an optional certification authority ID. App-ads.txt works the same way but is built for mobile apps and connected TV, where there is no website to crawl. Instead, the app store listing points to a developer domain, and the crawler looks for developerdomain.com/app-ads.txt. The format is intentionally boring: no JSON, no API, just lines a machine can parse and a human can read.

When an exchange receives a bid request claiming to represent a publisher, it can match the seller account in the request against the publisher's declared file. A request from an account that is not listed is, by definition, unauthorized, and reputable buyers filter it out. This is why the standard pairs naturally with the broader plumbing of the ad exchange and the SSP — the files only matter because those systems read and enforce them.

Why publishers and buyers both care

For publishers, the file protects revenue. Before ads.txt, a fraudster could claim to sell impressions on a premium news domain, undercut the real publisher's price, and capture spend that should never have left the legitimate supply chain. Declaring authorized sellers makes that arbitrage detectable. For buyers, the files are a foundation for cleaner buying: they make it possible to map every dollar back to an approved seller and to prune indirect paths that add fees without adding value — the exact goal of supply-path optimization.

The standard also interacts with how demand is collected. In a header bidding setup a publisher may work with a dozen partners simultaneously, and each of those partners — plus any reseller they route through — must appear in the file or that demand quietly disappears. Completeness, not just correctness, is what keeps fill rates intact.

Getting it right

The most common failure is an incomplete file. Every direct partner and every reseller in the chain needs a line, and exchanges publish official entries you should copy verbatim rather than typing from memory. The second most common failure is hosting app-ads.txt on a domain that does not match the one declared in the app store listing, which makes crawlers ignore it entirely. Treat the file as living infrastructure: update it the same day you add or drop a partner, and re-validate it so a stray typo does not silently kill legitimate demand.

If you are building out a programmatic stack, walk the full programmatic path so authorized-seller files sit alongside the exchanges, SSPs, and verification tools they depend on.

FAQ

Do ads.txt and app-ads.txt stop all ad fraud? No. They specifically target unauthorized reselling and domain or app spoofing. They do nothing about invalid traffic, bots, or viewability problems, which need separate verification tools.

How often should I update the files? Whenever your sales partners change, and audit them at least quarterly. Stale entries for partners you have dropped widen your supply path unnecessarily.

Where exactly does app-ads.txt go? On the developer domain listed in your app store entry, at /app-ads.txt — not on a marketing microsite or a URL the store listing does not reference.