Data Locker—data delivery connector

At a glance: Data Locker writes raw data to a cloud repository in near-real-time (with a lag of about 6 hours). Data can be written to an AppsFlyer AWS bucket, or to either your AWS or GCS bucket

DataLockerBuckets.png

Data Locker

Data Locker main features

  • Apps: supports multiple apps which added automatically
  • Reliability: data is stored in a cloud repository (bucket) of your choice
  • Flexibility: choose what data to include
  • Granularity: data is segmented into report types, days, and hours
  • Accessibility: pull data when required
  • Data freshness: 6-hour lag using or daily depending on the report type. The lag-time is the same (6 hours) irrespective of the app-specific time zone. 
  • Bucket ownership:
    • Get the data via an AWS bucket owned by AppsFlyer. Data retention: 30 days.
    • Get the data via a cloud service provider in a repository owned by you (AWS, GCS). Data retention: Controlled by you. 
  • Changing buckets: If you change buckets, data is sent to both buckets for a transition period of 7 days allowing you to align your data consumption process. 

Reports available in Data Locker

Core attribution reports—UA and retargeting
Category Report type (topic) Data freshness* Organic/Non-organic Unique to Data Locker
User acquisition Clicks 6-hour lag N/A
Retargeting Clicks 6-hour lag N/A
User acquisition Impressions 6-hour lag N/A
Retargeting Impressions 6-hour lag N/A
User acquisition Installs 6-hour lag Both  
User acquisition In-app events  6-hour lag Both  
User acquisition Attributed ad revenue Daily+2 Non-organic  
User acquisition Organic ad revenue Daily+2 Organic  
Retargeting Retargeting ad revenue Daily+2 Non-organic  
Retargeting Conversions 6-hour lag Non-organic  
Retargeting In-app events 6-hour lag Non-organic  
Retargeting Sessions 6-hour lag Both
User acquisition Sessions 6-hour lag Both
User acquisition Uninstalls Daily-uninstall Non-organic  
User acquisition Organic uninstalls Daily-uninstall Organic  
Reinstalls Reinstalls 6-hour lag Non-organic  
Reinstalls Organic reinstalls 6-hour lag Organic  
Protect360
Report type (topic) Data freshness*
Blocked installs 6-hour lag
Blocked in-app events 6-hour lag
Blocked clicks 6-hour lag
[AG*] Post-attribution installs Daily
SKAdNetwork
Data freshness: Daily 
Report type (topic)
[FF*] Postbacks
[FF*] Installs
[FF*] Redownloads
[FF*] In-app events
People-Based Attribution
Data freshness: Daily
Report type (topic)
[FF*] Website visits
[FF*] Website events
[FF*] Website-assisted installs
[FF*] Conversion Paths
Key to abbreviations

* Key to abbreviations

[FF] Report fields are fixed by AppsFlyer. They are not related to the fields selected for inclusion in reports.

[AG] Agency transparency not supported.

6-hour lag: Data is separated into arrival hour folders. That is the hour that the event was deposited to Data Locker. Some data Locker folders are written about six hours after the actual event time for real-time events. There are 24 folders for each hour of the day, from 0 to 23, and an additional folder for data that arriving late. The lag time is the same irrespective of the app-specific timezone.

Daily: Reports are written to the h=23 folder. These reports are typically available by 10:00-12:00 UTC in the h=23 folder of the preceding day. For example, the report for data generated during Monday is in the Monday H=23 folder. The data is available after 10:00 UTC on Tuesday. 

Daily-uninstall: These reports are prepared daily are usually available by 10:00-12:00 UTC and most often written to the h=2 folder. Meaning the h=2 folder contains uninstalls reported on the previous day. However, the data can be written to a later folder. As such your import process should read the data of all folders h1-h=24 and h=late in the uninstall topic.  For example, the report for data generated during Monday is in the Tuesday h=2 folder. The data is available after 10:00 UTC on Tuesday. 

Daily+2: Ad revenue data is available after 2 days, meaning that data generated during Monday, becomes available in the Monday H=23 folder after 06:00 UTC on Wednesday.

Data Locker architecture

In your data repository (bucket), data is organized by report type. The data for a given report is stored in its folder divided into the writing data and hour as depicted in the figure that follows. 

DataLockerFileStructure.png

The Data Locker folder structure is: <cloud service repository>/data-locker-hourly/t=<report type>/dt=<date YYYY-MM-DD>/h=<Hour h where:

  • <cloud service repository> is the name of your <bucket> and <folder>. 
    • In an AppsFlyer repository, the bucket is ext-reports and the folder is set per account and displays on the configuration page. 
    • In the case of your  bucket, the repository is af-datalocker-your folder name. 
  • <t=report type> The type of report contained in the folder
  • <dt= folder date> The date the data was written having format yyyy-mm-dd.
  • <h=hours> The time (hour) the data was written. There can be up to 25 hourly folders. These folders represent the arrival hour of the event, not the event hour of the event itself. The folders are named h=0, h=1, h=2, and so on, up to h=23, and h=late. For example, the folder h=0 contains the events that arrive between 00:00 UTC and 01:00 UTC similarly, the folder h=20 contains the events that arrive between 20:00 and 21:00. For reports written daily only the h=23 folder exists. 
  • In each folder:

    • Data is split into multiple files to avoid large files. File names are: part-00000, part-00001, part-00002, and so on. There can be up to 1000 files. We may increase this maximum number in the future without advance notice.

    • The last file to be written is an empty file named _SUCCESS. This file is a flag indicating that no further data will be written to the folder. As such, do not read data in a folder before verifying that the _SUCCESS file exists. Note: The _SUCCESS flag is also written in cases where there is no data to be written to the folder.

  • Late folder

    • The late folder contains events of the preceding day that arrived after midnight (in other words, events that arrive between 00:00–02:00 UTC of the following day). For example, if a user installs an app on Monday at 08:00 and the event arrives on Tuesday at 01:00, the event is recorded in Monday's late folder. 

    • The folder also contains the _SUCCESS flag as described in the previous section.

    • Data in the late folder is not recorded in any other folder.

    • Automated processes should look for data in the late folder in a manner similar to that of other folders. 

  • _tempoarary folder
    • In some cases, we generate a temporary folder within an h folder. Disregard the temporary folder and its subfolders.  Example: /t=impressions/dt=2021-04-11/h=18/_temporary.

File structure and format

  • Data Locker files are based on Raw Data Reports V5 (see: Raw Data Reports V5).
  • The actual data file is in CSV format but it has no file extension.
  • The report files are zipped in .gz format.
  • Each file has a header row.
  • Values that have a comma in them are contained between double quotes `"`, for example, `"iPhone6,1"`.

Using reports as data sources

You can use the data from the reports and add it to your own databases. To extract the data and add it to your databases you must know the report format. Data Locker reports are based on Raw Data Reports. However, the final report format depends on the fields that you choose to include.

Some fields are populated with null or are empty. This means that in the context of a given report there is no data to report. Typically null means this field is not populated in the context of a given report and app type. Blank "" means the field is relevant in its context but no data was found to populate it with. 

Timezone and currency

App-specific timezone and currency settings don't have an effect on data in Data Locker.

  • Timezone: Data Locker reports use the UTC timezone
  • Currency: The field event_revenue_usd is in USD. 

AppsFlyer bucket vs. Customer Bucket (AWS or GCS)

 Caution!

If you are using the Customer bucket solution: 

  • Ensure that you comply with data privacy regulations like GDPR and ad network/SRN data retention policies.
  • Don't use the Customer bucket solution to send data to third parties. 
  • Data is written to a bucket owner of your choice as follows:
    • AppsFlyer bucket
    • Customer  bucket—AWS or GCS
  • You can change the bucket selection at any time.
  • If you change the bucket the following happens:
    • We start writing to the newly selected bucket within one hour.
    • We continue writing to the existing bucket during a transition period of 7 days. The transition period expiry time displays in the user interface. Use the transition period to update your data loading processes. 
  AppsFlyer bucket (AWS)  Customer bucket (AWS) Customer bucket (GCS)
Bucket name Set by AppsFlyer

Set by you. Must have the prefix af-datalocker-.

Example: af-datalocker-your-bucket-name

No restriction

Bucket ownership AppsFlyer Customer Customer
Storage platform supported AWS AWS  GCS
Credentials to access data by you Available in the Data Locker user interface to the Admin Not known to AppsFlyer. Use your AWS credentials. Not known to AppsFlyer. Use your GCS credentials.
Data retention Data is deleted after 30 days Your responsibility Your responsibility
Data deletion requests AppsFlyer responsibility Your responsibility Your responsibility
Security AppsFlyer controls the bucket. The customer has read access. The customer controls the bucket. AppsFlyer requires GetObject, ListBucket, DeleteObject, PutObject permission to the bucket. The bucket should be dedicated to AppsFlyer use. Don't use it for other purposes. The customer controls the bucket. AppsFlyer requires permissions as specified in the GCS configuration article. The bucket should be dedicated to AppsFlyer use. Don't use it for other purposes.
Storage space Managed by AppsFlyer Managed by you Managed by you
Access control using VPC endpoints with bucket policies Not Applicable [Optional] If you implement VPC endpoint security at the bucket level in AWS then you must allowlist AppsFlyer servers.  N/A

Procedures

Set up Data Locker

Use this procedure to set up Data Locker. Changes to Data Locker settings, and subsequent changes, take up to 3 hours to take effect. 

Prerequisite for setting up a Customer bucket:

If you are setting up Data Locker using your bucket, meaning a bucket owned by you, complete the relevant procedure before continuing.

When you migrate from one bucket to another, we'll keep sending data to the existing bucket for a transition period of 7 days. Note! You must update your data consumption processes before the expiry of the transition period. The transition period can be reset to 7 days (extended) by reverting the bucket type, saving, and then selecting your bucket again. 

Use one of the following procedures according to the cloud service provider: 

AppsFlyerAdmin_us-en.png To set up Data Locker:

  1. The admin needs to perform the setup. 
  2. In Appsflyer, go to Integration > Data Locker. 
  3. Choose the Amazon S3 integration method. Select one of the following
    • AppsFlyer AWS bucket. Continue to step 4. 
    • Customer AWS bucket.
      1. Enter your AWS bucket name. Don't enter the prefix af-datalocker-
      2. Click Test.
      3. Verify that no error message displays indicating that the bucket path is invalid.
  4. Select one or more or all apps. Select all to automatically include apps you add in the future.
  5. Click Apply
  6. [optional] Media Sources: Select one or more Media Sources to include in reports.
    • Default=All. This means that media sources added in the future are automatically added.
  7. Select one or more report types.
  8. [optional] In-app events: Select the in-app events to include. If you have more than 100 in-app event types, you can't search for them. Enter their names exactly to select them. 
    • Default=All. This means that in-app events added in the future are automatically added.
  9. Click Apply
  10. [optional] Fields (default=All): Select the fields to include in the reports. Note: We add fields from time to time take this into account in your data import process.
  11. Click Save Configuration. One of the following occurs:
    • If you selected AppsFlyer AWS bucket:
      • A dedicated AWS bucket is created. The bucket credentials display.
      • The bucket is accessible using the credentials. The credentials provide you with read-only access to the bucket.
    • If you selected Customer AWS bucket:
      • Data will start being written to your AWS bucket within 3 hours.

Setup Data Locker—Your AWS S3 bucket

The procedure in this section must be performed by your AWS admin.

You can delete files from Data Locker 25 or more hours after they were written. Please don't delete them before. 

Background information for the AWS admin: 

  • AppsFlyer writes your data to an S3 bucket owned by you. To do so, the following are required:
    • Create a bucket having the name af-datalocker-mybucket. The prefix af-datalocker- is mandatory . The suffix is free text.
  • We suggest af-datalocker-yyyy-mm-dd-hh-mm-free-text. Where yyyy-mm-dd-hh-mm is the current date and time, and you add any other text you want as depicted in the figure that follows.
    User interface ins AWS console

    MyBucket.jpg

  • Having created the bucket, grant AppsFlyer permissions using the procedure that follows. 

To create a bucket and grant AppsFlyer permissions: 

  1. Sign in to the AWS console.
  2. Go to the S3 service.
  3. To create the bucket:
    1. Click Create bucket.
    2. Complete the Bucket name as follows: Start with af-datalocker- and then add any other text as described previously.
    3. Click Create bucket.
  4. To grant AppsFlyer permissions:
    1. Select the bucket. 
    2. Go to the Permissions tab. 
    3. In the Bucket policy section, click Edit. 
      The Bucket policy window opens.
    4. Paste the following snippet into the window.
      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Sid": "AF_DataLocker_Direct",
            "Effect": "Allow",
            "Principal": {
              "AWS": "arn:aws:iam::195229424603:user/product=datalocker__envtype=prod__ns=default"
            },
            "Action": [
              "s3:GetObject",
              "s3:ListBucket",
              "s3:DeleteObject",
              "s3:PutObject"
            ],
            "Resource": [
              "arn:aws:s3:::af-datalocker-my-bucket",
              "arn:aws:s3:::af-datalocker-my-bucket/*"
            ]
          }
        ]
      }
      
  5. In the snippet, replace af-data-locker-my-bucket with the bucket name you created.

  6. Click Save changes.

  7. Complete the Setup Data Locker procedure.

Reset credentials

The admin can reset the AppsFlyer bucket credentials at any time. Note! If you reset the credentials you must update your data import scripts with the updated credentials.

AppsFlyerAdmin_us-en.png To reset the credentials:

  1. In Appsflyer, go to Integration > Data Locker. 
  2. In the Credentials section, click Reset credentials.
    A confirmation window displays.
  3. Click Reset.
  4. Wait (about 20 seconds) until the Credentials successfully reset message displays.
    The updated credentials are available.

Data retrieval

Use your preferred S3 data retrieval tool, AWS CLI, or one of the tools described in the sections that follow.

AWS CLI

Before you begin:

  • Install the AWS CLI on your computer.
  • In AppsFlyer, go to Data Locker, retrieve the information contained in the credentials panel as it is needed to perform this procedure. 

To use AWS CLI:

  1. Open the terminal. To do so in Windows, <Windows>+<R>, click OK.
    The command line window opens.
  2. Enter aws configure
  3. Enter the AWS Access Key as it appears in the credentials panel.
  4. Enter your AWS Secret Key as it appears in the credentials panel.
  5. Enter eu-west-1
  6. Press Enter (None)

Use the CLI commands that follow as needed.

In the following commands, the value of {home-folder} can be found

To list folders in your bucket

aws s3 ls s3://af-ext-reports/{home-folder}/data-locker-hourly/

Listing files and folders

There are three types of folders in your Data Locker bucket:

  • Report Type t=
  • Date dt=
  • Hour h=

To list all the reports of a specific report type:

aws s3 ls s3://af-ext-reports/{home-folder}/data-locker-hourly/t=installs/

To list all the reports of a specific report type for a specific day:

aws s3 ls s3://af-ext-reports/{home-folder}/data-locker-hourly/t=installs/dt=2019-01-17

To list all the reports of a specific report, in a specific hour of a specific day:

aws s3 ls s3://af-ext-reports/{home-folder}/data-locker-hourly/t=installs/dt=2019-01-17/h=23

To download files for a specific date:

aws s3 cp s3://af-ext-reports/<home-folder>/data-locker-hourly/t=installs/dt=2020-08-01/h=9/part-00000.gz ~/Downloads/

Cyberduck

Before you begin:

  • Install the Cyberduck client.
  • In AppsFlyer, go to Data Locker, retrieve the information contained in the credentials panel. You will need this information when you configure Cyberduck. 

To configure Cyberduck:

  1. In Cyberduck, click Action.
  2. Select New Bookmark. The window opens.
  3. In the first field, (marked [1] in the screenshot that follows,) select Amazon S3.

    DataDuckSmall2.png

  4. Complete the fields as follows:
    • Nickname: free text
    • Server: s3.amazonaws.com
    • Access Key ID: copy the AWS Access Key as it appears in the credentials panel in AppsFlyer
    • Secret Access Key: copy the Bucket Secret key as it appears in the credentials panel in AppsFlyer.
    • Path: {Bucket Name}/{Home Folder} For example: af-ext-reports/1234-abc-ffffffff
  5. Close the window, to do so, use the X in the upper-right corner of the window.
  6. Select the connection.
    The data directories are displayed.

Amazon S3 browser

Before you begin:

  • Install the Amazon S3 Browser.
  • In AppsFlyer, go to Data Locker, retrieve the information contained in the credentials panel as it is needed to perform this procedure. 

To configure the Amazon S3 Browser:

  1. In the S3 browser, Click Accounts > Add New Account.
    The Add New Account window opens.

    mceclip0.png

  2. Complete the fields as follows:
    • Account Name: free text. 
    • Access Key ID: copy the AWS Access Key as it appears in the credentials panel. 
    • Secret Access Key: copy the Bucket Secret key as it appears in the credentials panel.
    • Select Encrypt Access Keys with a password and enter a password. Make a note of this password.
    • Select Use secure transfer. 
  3.  Click Save changes.
  4. Click Buckets > Add External Bucket.
    The Add External Bucket window opens.

    mceclip2.png

  5. Enter the Bucket name. The Bucket name has the following format: {Bucket Name}/{Home Folder}. The values needed for bucket name and home folder appear in the credentials window. 
  6. Click Add External bucket.
    The bucket is created and displays in the left panel of the window.
    You can now access the Data Locker files. 

Additional information

Traits and Limitations

Traits
Trait Remarks 
Ad networks Not for use by ad networks. 
Agencies Not for use by agencies
App-specific time zone Not Applicable. Data Locker folders are divided into hours using UTC. The actual events contain times in UTC. Convert the times to any other time zone as needed. Irrespective of your app time-zone the lag from event occurrence until it is recorded in Data Locker remains the same; that is 6 hours. 
App-specific currency  Not supported
Size limitations Not applicable
Data freshness Files are updated hourly with a lag of six hours from the event time.
Historical data Not supported. Event data is sent after configuring Data Locker. If you need historical data use Pull API. 
Team member access Team members cannot configure Data Locker. 
Single app/multiple app Multi app support. Data Locker is at the account level

Developer considerations

In preparing scripts for data loading into your systems consider the following:

  • Temporary folder:
    • In some cases, a temporary folder remains. You should disregard this folder. Example: /data-locker-hourly/t=inapps/dt=2020-11-13/h=2/_temporarary/0/_temporary/.
    • Consume only folders having the _SUCCESS flag in them. 
  • Sequence of columns in reports: 
    • The sequence of fields in reports is always the same. When we add new fields these are added to the right of the existing fields. The field list in the user interface is sequenced accordingly.

Troubleshooting

  • Symptom: Unable to retrieve data using AWS CLI
  • Error message: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
  • Cause: The AWS credentials being used not the correct credentials for the AppsFlyer bucket. This can be caused by having multiple or invalid credentials on your machine. 
  • Solution:
    1. Use a different method, like Cyberduck to access the bucket, meaning not the CLI. Do this to verify that the credentials you are using are working. If you are able to connect using Cyberduck, this indicates an issue with the credentials cache. 
    2. Refresh the AWS credentials cache.
      Screenshot from AWSmceclip0.png 
Was this article helpful?