Tech Stack · Standards and Specs

app-ads.txt and sellers.json for CTV: How They Work and Why They Matter

Updated April 2026 7 min read

app-ads.txt and sellers.json are IAB Tech Lab standards that make the CTV supply chain transparent. Together they allow buyers to verify that an ad impression is being sold by an authorised seller — not by a fraudulent intermediary claiming to represent an app they have no relationship with. For India CTV buyers, enforcing both standards is the primary technical defence against app spoofing, which is the dominant form of invalid traffic in the CTV ecosystem.

The app spoofing problem

CTV fraud primarily takes the form of app spoofing: a fraudulent inventory source sends a bid request to an SSP with a fabricated app.bundle field claiming to be a premium publisher (e.g., com.jiohotstar). The SSP passes this fraudulent signal to the buyer's DSP. If the buyer is not enforcing supply chain verification, their DSP bids on the impression as if it were real JioHotstar inventory and pays a premium CPM. The ad serves to nobody — or to a bot farm — while the fraudster collects the revenue.

App spoofing works in CTV because the app bundle identifier in an OpenRTB bid request is a simple string — easily faked. There is no browser equivalent of SSL certificate verification to confirm the app is what it claims to be. app-ads.txt and sellers.json fill this gap by creating a verifiable chain of authorised relationships.

What is app-ads.txt

app-ads.txt (Authorised App Sellers) is a text file that app developers publish on their developer domain listing which ad systems are authorised to sell their inventory. It extends ads.txt (which applies to websites) to mobile and CTV apps.

An app-ads.txt entry looks like:

google.com, pub-1234567890, DIRECT, f08c47fec0942fa0
magnite.com, 12345, RESELLER, 85ac85a30c93de31

Each line declares: the SSP domain, the publisher account ID on that SSP, whether it is a DIRECT or RESELLER relationship, and the SSP's TAG-ID (a verified identifier from the IAB's Trustworthy Accountability Group).

The buyer's DSP cross-references the app.bundle in the bid request against the app developer's app-ads.txt file. If the SSP sending the bid request is not listed in the app-ads.txt for that bundle ID, the impression is unauthorised and should not be bid on.

For app-ads.txt to work, the app developer must publish the file at their registered developer domain (the developer website associated with the app store listing) at a specific URL path. DSPs and verification vendors crawl these files periodically.

What is sellers.json

sellers.json is the complementary standard, published by SSPs rather than publishers. It declares who the SSP is reselling inventory for — providing the buyer-side view of the supply chain from the SSP's perspective.

A sellers.json entry for a publisher might show:

{
  "seller_id": "12345",
  "seller_type": "PUBLISHER",
  "name": "SonyLIV",
  "domain": "sonyliv.com",
  "is_confidential": 0
}

Combined with app-ads.txt, sellers.json creates a two-sided verification chain:

  1. The publisher's app-ads.txt says: "I authorise SSP X to sell my inventory under account 12345"
  2. The SSP's sellers.json says: "Account 12345 is SonyLIV (sonyliv.com)"
  3. The buyer can verify: the SSP in the bid request → sellers.json → publisher ID → app-ads.txt → app bundle. If all links match, the supply chain is authorised.

The SupplyChain object (OpenRTB schain) passes these relationships in the bid request itself, allowing automated real-time verification rather than periodic crawling.

How buyers enforce these standards

DSP enforcement varies:

  • DV360: Enforces app-ads.txt by default on display inventory. For CTV, app-ads.txt filtering is available and should be confirmed in campaign settings. The default "Authorised Sellers Only" setting filters unauthorised inventory automatically.
  • The Trade Desk: TTD enforces authorised sellers by default. The Supply Path Optimization (SPO) feature further filters supply chains to those with the most direct paths (fewer reseller hops) which inherently improves verification quality.
  • Third-party verification (IAS, DoubleVerify): Run alongside the DSP to independently verify the supply chain. These vendors check schain objects and app-ads.txt compliance in real time and can block or flag non-compliant impressions. Required for any India CTV campaign with a significant brand safety mandate.

India CTV adoption

The major India CTV publishers have implemented app-ads.txt:

  • JioHotstar: app-ads.txt published at the Hotstar developer domain. GAM (Google Ad Manager) listed as DIRECT; major SSPs as RESELLER. Buyers using DV360 benefit from Google's own verification of its publisher relationship.
  • SonyLIV: app-ads.txt implemented. SpringServe and Magnite listed. Verified supply chain available for programmatic buyers.
  • Zee5: app-ads.txt implemented. PubMatic listed as primary SSP. Programmatic buyers should verify via DoubleVerify or IAS for campaigns with brand safety requirements.
  • Smaller publishers and FAST channels: Adoption is mixed. Regional OTT apps and smaller FAST channel operators may not have app-ads.txt implemented — particularly newer entrants. This is the primary IVT risk vector for India CTV: smaller, newer apps that have not yet been verified.

Noncompliant inventory on India CTV is concentrated in the long tail of the programmatic supply chain — obscure app bundles claiming premium publisher identities, or new apps that have not yet implemented app-ads.txt. The major publishers are largely clean. The risk is in open programmatic buys that don't filter to known-good publisher allow lists.

How to check compliance

Before including a publisher in an India CTV programmatic buy:

  1. Look up the publisher's app on the relevant app store (Google Play for Android TV, Apple App Store for Apple TV) and find the developer domain.
  2. Check https://[developer-domain]/app-ads.txt for the file. Absence means no authorised seller declaration — flag as unverified.
  3. Verify the SSP you are buying through is listed as DIRECT or RESELLER in the file.
  4. Check the SSP's sellers.json at https://[ssp-domain]/sellers.json to confirm the publisher's account ID is listed and not marked confidential.
  5. In the DSP, apply the publisher to an allow list rather than discovering it through open auction — allow-listed inventory is pre-verified, open auction inventory requires real-time verification to catch spoofing.

The IAB Tech Lab maintains a public validator tool for ads.txt/app-ads.txt verification. Third-party vendors (Pixalate, DoubleVerify, IAS) also maintain India CTV inventory quality databases that aggregate compliance status across known publishers.