Security & Authentication
The OrbiAds MCP server is secured by Google OAuth 2.0. Each request is authenticated via your API key linked to your Firebase UID (the same Google account you used for registration). GAM credentials are encrypted via Google KMS and stored in Firestore. No password or GAM token is ever transmitted in plain text.
Google OAuth2
Registration and login only via your Google account. Each tenant is isolated.
- Pas de mot de passe stocké
- Isolation par UID Firebase
KMS Encryption
GAM OAuth tokens are encrypted at rest via Cloud KMS. Never accessible in plain text.
// Exemple de workflow KMS
1. Réception Access Token GAM
2. Chiffrement via Cloud KMS (KeyRing OrbiAds)
3. Stockage du Blob chiffré dans Firestore
Full Audit
All operations are logged with tenant_id, jobId, timestamp, and credit cost.
Horodatage
Inclus dans chaque entrée d'audit
tenant_id
Inclus dans chaque entrée d'audit
jobId
Inclus dans chaque entrée d'audit
Coût en crédits
Inclus dans chaque entrée d'audit