feat: Add Advertiser IDSync search on user identification

When a kit setting `advertiserIdSyncApiKey` is provided, the kit calls
mParticle.Identity.searchAdvertiser(apiKey, { email }, callback) from
onUserIdentified. On a 200 response the kit sets the local user
attribute `userIdentifiedInAdvertiser = true` so downstream placement
selection can target users whose identity is matched in the advertiser
workspace.

The setting is a string (the advertiser workspace's API key) rather
than a boolean — this lets a single SDK send searches against an
arbitrary advertiser workspace without needing the SDK's own workspace
to be reconfigured.

Missing key, missing/invalid email, and a missing
mParticle.Identity.searchAdvertiser implementation are all silently
inert (no network call, no attribute set).

Pairs with the corresponding mParticle Web SDK change that exposes
mParticle.Identity.searchAdvertiser. Note: a Fastly CORS allow-list
update is required separately for the x-mp-key header on /v1/search.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: rmi22186

src/Rokt-Kit.ts

@@ -30,6 +30,7 @@ interface RoktKitSettings {
   loggingUrl?: string;
   errorUrl?: string;
   isLoggingEnabled?: string | boolean;
+  advertiserIdSyncApiKey?: string;
 }
 
 interface EventAttributeCondition {
@@ -87,6 +88,23 @@ interface FilteredUser extends IMParticleUser {
   getUserIdentities?: () => { userIdentities: Record<string, string> };
 }
 
+interface AdvertiserIdSyncResult {
+  httpCode: number;
+  body?: {
+    context?: string | null;
+    mpid?: string;
+    matched_identities?: Record<string, string>;
+    is_ephemeral?: boolean;
+    is_logged_in?: boolean;
+  };
+}
+
+type AdvertiserIdSyncSearcher = (
+  apiKey: string,
+  knownIdentities: { email: string },
+  callback: (result: AdvertiserIdSyncResult) => void,
+) => void;
+
 interface KitFilters {
   userAttributeFilters?: string[];
   filterUserAttributes?: (attributes: Record<string, unknown>, filters?: string[]) => Record<string, unknown>;
@@ -134,6 +152,7 @@ interface MParticleExtended {
   loggedEvents?: Array<Record<string, unknown>>;
   _registerErrorReportingService?(service: ErrorReportingService): void;
   _registerLoggingService?(service: LoggingService): void;
+  Identity?: { searchAdvertiser?: AdvertiserIdSyncSearcher };
 }
 
 interface TestHelpers {
@@ -217,6 +236,7 @@ const ROKT_IDENTITY_EVENT_TYPE = {
 const ROKT_THANK_YOU_JOURNEY_EXTENSION = 'ThankYouJourney';
 const ROKT_INTEGRATION_SCRIPT_ID = 'rokt-launcher';
 const ROKT_THANK_YOU_ELEMENT_SCRIPT_ID = 'rokt-thank-you-element';
+const USER_IDENTIFIED_IN_ADVERTISER_KEY = 'userIdentifiedInAdvertiser';
 
 type RoktIdentityEventType = (typeof ROKT_IDENTITY_EVENT_TYPE)[keyof typeof ROKT_IDENTITY_EVENT_TYPE];
 
@@ -679,6 +699,7 @@ class RoktKit implements KitInterface {
   // Private fields
   private _mappedEmailSha256Key?: string;
   private _onboardingExpProvider?: string;
+  private _advertiserIdSyncApiKey?: string;
 
   // ---- Private helpers ----
 
@@ -1029,6 +1050,10 @@ class RoktKit implements KitInterface {
       this._mappedEmailSha256Key = kitSettings.hashedEmailUserIdentityType.toLowerCase();
     }
 
+    this._advertiserIdSyncApiKey = isString(kitSettings.advertiserIdSyncApiKey)
+      ? kitSettings.advertiserIdSyncApiKey
+      : undefined;
+
     const domain = mp().Rokt?.domain;
     const { roktExtensionsQueryParams, legacyRoktExtensions, loadThankYouElement } = extractRoktExtensionConfig(
       kitSettings.roktExtensions,
@@ -1170,10 +1195,37 @@ class RoktKit implements KitInterface {
   }
 
   public onUserIdentified(user: IMParticleUser): string {
-    this.filters.filteredUser = user as FilteredUser;
+    const filteredUser = user as FilteredUser;
+    this.filters.filteredUser = filteredUser;
+    this.searchAdvertiser(filteredUser);
     return this.handleIdentityComplete(user, ROKT_IDENTITY_EVENT_TYPE.IDENTIFY, 'onUserIdentified');
   }
 
+  private searchAdvertiser(filteredUser: FilteredUser): void {
+    const apiKey = this._advertiserIdSyncApiKey;
+    if (!apiKey) {
+      return;
+    }
+    const searchAdvertiser = mp().Identity?.searchAdvertiser;
+    if (typeof searchAdvertiser !== 'function') {
+      return;
+    }
+    const userIdentities = filteredUser.getUserIdentities ? filteredUser.getUserIdentities().userIdentities : null;
+    const email = userIdentities?.email;
+    if (!email || !isString(email)) {
+      return;
+    }
+    try {
+      searchAdvertiser(apiKey, { email }, (result: AdvertiserIdSyncResult) => {
+        if (result?.httpCode === 200) {
+          this.userAttributes[USER_IDENTIFIED_IN_ADVERTISER_KEY] = true;
+        }
+      });
+    } catch (err) {
+      console.error('Rokt Kit: Advertiser IDSync search failed', err);
+    }
+  }
+
   public onLoginComplete(user: IMParticleUser, _filteredIdentityRequest: unknown): string {
     return this.handleIdentityComplete(user, ROKT_IDENTITY_EVENT_TYPE.LOGIN, 'onLoginComplete');
   }

test/src/tests.spec.ts

@@ -2972,6 +2972,176 @@ describe('Rokt Forwarder', () => {
     });
   });
 
+  describe('#advertiserIdSync', () => {
+    const ADVERTISER_API_KEY = 'advertiser-key-abc123';
+
+    function makeUser(overrides: any = {}) {
+      return {
+        getAllUserAttributes: () => ({}),
+        getMPID: () => '123',
+        getUserIdentities: () => ({ userIdentities: { email: 'test@example.com' } }),
+        ...overrides,
+      };
+    }
+
+    let originalIdentity: any;
+
+    beforeEach(() => {
+      originalIdentity = (window as any).mParticle.Identity;
+    });
+
+    afterEach(() => {
+      (window as any).mParticle.Identity = originalIdentity;
+      (window as any).mParticle.forwarder.userAttributes = {};
+    });
+
+    it('should call Identity.searchAdvertiser with the configured api key and set userIdentifiedInAdvertiser when 200 returned', async () => {
+      let receivedApiKey: any = null;
+      let receivedKnownIdentities: any = null;
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: (apiKey: any, knownIdentities: any, cb: any) => {
+          receivedApiKey = apiKey;
+          receivedKnownIdentities = knownIdentities;
+          cb({ httpCode: 200, body: { mpid: '999' } });
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: ADVERTISER_API_KEY },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+
+      expect(receivedApiKey).toBe(ADVERTISER_API_KEY);
+      expect(receivedKnownIdentities).toEqual({ email: 'test@example.com' });
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBe(true);
+    });
+
+    it('should not set userIdentifiedInAdvertiser when search returns 404', async () => {
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: (_apiKey: any, _knownIdentities: any, cb: any) => {
+          cb({ httpCode: 404 });
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: ADVERTISER_API_KEY },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+
+    it('should not call searchAdvertiser when advertiserIdSyncApiKey is missing', async () => {
+      let searchCalled = false;
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: () => {
+          searchCalled = true;
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init({ accountId: '123456' }, reportService.cb, true, null, {});
+
+      (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+
+      expect(searchCalled).toBe(false);
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+
+    it('should not call searchAdvertiser when advertiserIdSyncApiKey is an empty string', async () => {
+      let searchCalled = false;
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: () => {
+          searchCalled = true;
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: '' },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+
+      expect(searchCalled).toBe(false);
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+
+    it('should not call searchAdvertiser when the user has no plain email identity', async () => {
+      let searchCalled = false;
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: () => {
+          searchCalled = true;
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: ADVERTISER_API_KEY },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      (window as any).mParticle.forwarder.onUserIdentified(
+        makeUser({ getUserIdentities: () => ({ userIdentities: {} }) }),
+      );
+
+      expect(searchCalled).toBe(false);
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+
+    it('should not throw when Identity.searchAdvertiser is unavailable', async () => {
+      (window as any).mParticle.Identity = {};
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: ADVERTISER_API_KEY },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      expect(() => {
+        (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+      }).not.toThrow();
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+
+    it('should swallow errors thrown by searchAdvertiser', async () => {
+      (window as any).mParticle.Identity = {
+        searchAdvertiser: () => {
+          throw new Error('boom');
+        },
+      };
+
+      await (window as any).mParticle.forwarder.init(
+        { accountId: '123456', advertiserIdSyncApiKey: ADVERTISER_API_KEY },
+        reportService.cb,
+        true,
+        null,
+        {},
+      );
+
+      expect(() => {
+        (window as any).mParticle.forwarder.onUserIdentified(makeUser());
+      }).not.toThrow();
+      expect((window as any).mParticle.forwarder.userAttributes.userIdentifiedInAdvertiser).toBeUndefined();
+    });
+  });
+
   describe('#onLoginComplete', () => {
     it('should update userAttributes from the filtered user', () => {
       (window as any).mParticle.forwarder.onLoginComplete({