Skip to main content
Essential concepts for building AdCP clients, regardless of which protocol you’re using (MCP, A2A, or future protocols).

Task Status System

Every AdCP response includes a status field that tells you exactly what state the operation is in and what action you should take next.

Status Values

AdCP uses the same status values as the A2A protocol’s TaskState enum:

Response Structure

Every AdCP response uses a flat structure where task-specific fields are at the top level:

Client Decision Logic

Basic Status Handling

Advanced Status Patterns

1. Clarification Flow

When status is input-required, the message tells you what’s needed:
Client handling:

2. Approval Flow

Human approval is a special case of input-required:
Client handling:

3. Long-Running Operations

Async operations start with working and provide updates:
Protocol-specific polling:
  • MCP: Poll with context_id for updates
  • A2A: Subscribe to SSE stream for real-time updates

Async Operations

Operation Types

AdCP operations fall into three categories:
  1. Synchronous - Return immediately with completed or failed
    • list_creative_formats, list_authorized_properties
    • Fast operations that don’t require external systems
  2. Interactive - May return input-required before proceeding
    • get_products (when brief is vague or needs clarification)
    • Operations that need user input to proceed
  3. Asynchronous - Return working or submitted and require polling/streaming
    • create_media_buy, activate_signal, sync_creatives, get_products
    • Operations that integrate with external systems or require human approval

Timeout Handling

Set reasonable timeouts based on operation type:

Context Management

Session Continuity

The context_id maintains conversation state across requests:

Context Expiration

Contexts typically expire after 1 hour of inactivity:

Task Management & Webhooks

Task Tracking

All async operations return a task_id at the protocol level for tracking:

Push Notification Architecture

Both MCP and A2A use HTTP webhooks for async task updates. Instead of polling, you provide a webhook URL and the server POSTs status changes to you directly.

MCP Webhooks

MCP doesn’t define push notifications. AdCP fills this gap by specifying the webhook configuration (pushNotificationConfig) and payload format (mcp-webhook-payload.json).
Note: If MCP adds native push notification support in future versions, AdCP will adopt that mechanism in a future major version to maintain alignment with the protocol’s evolution.
Envelope: mcp-webhook-payload.json
Data location: result field

A2A Webhooks

A2A defines push notifications natively. Per the A2A spec, the server sends Task, TaskStatusUpdateEvent, or TaskArtifactUpdateEvent depending on what changed. Data location: status.message.parts[].data

Unified Data Schemas

The data payload uses identical AdCP schemas regardless of envelope format:
Both validate against the same schemas. For completed/failed, use the full task response schema. For other statuses, use the status-specific schemas.

When Webhooks Are Called

Webhooks are triggered when all of the following are true:
  1. Task type supports async execution (e.g., get_products, create_media_buy, sync_creatives)
  2. pushNotificationConfig is provided in the request
  3. Task requires async processing — initial response is working or submitted
If the initial response is already terminal (completed, failed, rejected), no webhook is sent — the client already has the final result. Status changes that trigger webhooks:
  • working → Progress update
  • input-required → Human input needed
  • completed → Final result available
  • failed → Error details
  • canceled → Cancellation confirmed

Push Notification Format by Protocol

MCP: HTTP Webhook POST

When an MCP async operation changes status, the publisher POSTs to your webhook URL. Envelope Schema: mcp-webhook-payload.json

A2A Webhook POST

A2A sends Task (for final states) or TaskStatusUpdateEvent (for progress updates):

Status-Specific Data Schemas

The data payload (result in MCP, status.message.parts[].data in A2A) uses status-specific schemas:

Supported Async Operations

Each async operation uses its main response schema for completed/failed statuses:

MCP Webhook URL Patterns

For MCP HTTP webhooks, structure URLs to identify the operation:
Your webhook handler can parse the URL path to route to the correct handler. Key principle: For async tasks with pushNotificationConfig, push notifications are sent for all status changes after the initial response. The data payload uses the same schema regardless of transport (MCP webhook or A2A native message).

Task State Reconciliation

Use tasks/list to recover from lost state:

Status Progression

Tasks progress through predictable states:
  • submitted: Task queued for execution, provide webhook or poll
  • working: Agent actively processing, poll frequently
  • input-required: Need user input, continue conversation
  • completed: Success, process results
  • failed: Error, handle appropriately
For detailed timing expectations and polling patterns, see Task Management.

Webhook Reliability

Delivery Semantics

AdCP webhooks use at-least-once delivery semantics with the following characteristics:
  • Not guaranteed: Webhooks may fail due to network issues, server downtime, or configuration problems
  • May be duplicated: The same event might be delivered multiple times
  • May arrive out of order: Later events could arrive before earlier ones
  • Timeout behavior: Webhook delivery has limited retry attempts and timeouts

Security

Webhook Authentication (Required)

AdCP adopts A2A’s PushNotificationConfig structure for webhook configuration. This provides a standard, flexible authentication model that supports multiple security schemes. Configuration Structure (A2A-Compatible):
Supported Authentication Schemes:
  1. Bearer Token (Simple, Recommended for Development)
  2. HMAC Signature (Enterprise, Recommended for Production)
Publisher Implementation (Bearer):
Publisher Implementation (HMAC-SHA256):
Buyer Implementation (Bearer):
Buyer Implementation (HMAC-SHA256):
Authentication Best Practices:
  • Bearer tokens: Simple, good for development and testing
  • HMAC signatures: Prevents replay attacks, recommended for production
  • Credentials exchanged out-of-band (during publisher onboarding)
  • Minimum 32 characters for all credentials
  • Store securely (environment variables, secret management)
  • Support credential rotation (accept old and new during transition)

Retry and Circuit Breaker Patterns

Publishers MUST implement retry logic with circuit breakers to handle temporary buyer endpoint failures without overwhelming systems or accumulating unbounded queues.

Retry Strategy

Publishers SHOULD use exponential backoff with jitter for webhook delivery retries:
Retry Schedule:
  • Attempt 1: Immediate
  • Attempt 2: After ~1 second (with jitter)
  • Attempt 3: After ~2 seconds (with jitter)
  • Attempt 4: After ~4 seconds (with jitter)
  • Give up after 4 total attempts

Circuit Breaker Pattern

Publishers MUST implement circuit breakers to prevent webhook queues from growing unbounded when buyer endpoints are down:
Circuit Breaker States:
  • CLOSED: Normal operation, webhooks delivered
  • OPEN: Endpoint is down, webhooks are dropped (not queued)
  • HALF_OPEN: Testing if endpoint recovered, limited webhooks sent
Why Circuit Breakers Matter: At Yahoo scale with thousands of campaigns, a single buyer endpoint being down could queue millions of webhooks. Circuit breakers prevent this by failing fast and dropping webhooks when endpoints are unreachable.

Queue Management

Publishers SHOULD implement bounded queues with overflow policies:
Best Practices:
  • Set max queue size based on available memory and recovery time
  • Monitor queue depth and dropped webhook counts
  • Alert operations when queues are consistently full
  • Use dead letter queues for manual investigation of persistent failures
  • Implement queue per buyer endpoint (not global queue)

Implementation Requirements

Idempotent Webhook Handlers

Always implement idempotent webhook handlers that can safely process the same event multiple times:

Sequence Handling

Use timestamps to ensure proper event ordering:

Polling as Backup

Use polling as a reliable backup mechanism:

Webhook Event Format

AdCP webhook events include all necessary information for processing, with task-specific data in result:

Security Considerations

Webhook Authentication

Verify webhook authenticity using the authentication method specified during webhook registration:

Replay Attack Prevention

Use timestamps and event IDs to prevent replay attacks:

Best Practices Summary

  1. Always implement polling backup - Don’t rely solely on webhooks
  2. Handle duplicates gracefully - Use idempotent processing with event IDs
  3. Check timestamps - Ignore out-of-order events based on timestamps
  4. Return 200 quickly - Acknowledge webhook receipt immediately
  5. Verify authenticity - Always validate webhook signatures
  6. Log webhook events - Keep audit trail for debugging
  7. Set reasonable timeouts - Don’t wait forever for webhook delivery
  8. Graceful degradation - Fall back to polling if webhooks consistently fail
This reliability pattern ensures your application remains responsive and consistent even when webhook delivery is unreliable or fails entirely.

Reporting Webhooks

In addition to task status webhooks, AdCP supports reporting webhooks for automated delivery performance notifications. These webhooks are configured during media buy creation and follow a scheduled delivery pattern.

Configuration

Reporting webhooks are configured via the reporting_webhook parameter in create_media_buy:

Publisher Commitment

When a reporting webhook is configured, publishers commit to sending: (campaign_duration / reporting_frequency) + 1 notifications
  • One per frequency period during the campaign
  • One final notification at campaign completion
  • Delayed notifications if data isn’t ready within expected delay window

Payload Structure

Reporting webhooks deliver the same payload as get_media_buy_delivery with additional metadata:
Notification Types:
  • scheduled: Regular periodic update
  • final: Campaign completed
  • delayed: Data not yet available (prevents missed notification detection)

Webhook Aggregation

Publishers SHOULD aggregate webhooks when multiple media buys share the same webhook URL, reporting frequency, and reporting period. This reduces webhook volume significantly for buyers with many active campaigns. Example: Buyer with 100 active campaigns receives:
  • Without aggregation: 100 webhooks per reporting period
  • With aggregation: 1 webhook containing all 100 campaigns in media_buy_deliveries array
Buyers must always handle media_buy_deliveries as an array, even when it contains a single media buy.

Timezone Handling

For daily and monthly frequencies, the publisher’s reporting timezone (from product’s reporting_capabilities.timezone) determines period boundaries:
  • Daily: Midnight to midnight in publisher’s timezone
  • Monthly: 1st to last day of month in publisher’s timezone
  • Hourly: UTC unless specified
Critical: Store publisher’s timezone when setting up webhooks to correctly interpret reporting periods.

Implementation Requirements

  1. Array Handling: Always process media_buy_deliveries as an array (may contain 1 to N media buys)
  2. Idempotent Processing: Same as task webhooks - handle duplicates safely
  3. Sequence Tracking: Use sequence_number to detect gaps or out-of-order delivery
  4. Fallback Strategy: Continue polling get_media_buy_delivery as backup
  5. Delay Handling: Treat "delayed" notifications as normal, not errors
  6. Frequency Validation: Ensure requested frequency is in product’s available_reporting_frequencies
  7. Metrics Validation: Ensure requested metrics are in product’s available_metrics
See Optimization & Reporting for complete implementation guidance.

Error Handling

Error Categories

  1. Protocol Errors - Transport/connection issues
    • Handle with retries and fallback
    • Not related to AdCP business logic
  2. Task Errors - Business logic failures
    • Returned as status: "failed" with error details
    • Should be displayed to user
  3. Validation Errors - Malformed requests
    • Fix request format and retry
    • Usually development-time issues

Error Response Format

Failed operations return status failed with error details at the top level:

Human-in-the-Loop Workflows

Design Principles

  1. Optional by default - Approvals are configured per implementation
  2. Clear messaging - Users understand what they’re approving
  3. Timeout gracefully - Don’t block forever on human input
  4. Audit trail - Track who approved what when

Approval Patterns

Protocol-Agnostic Examples

Product Discovery with Clarification

Campaign Creation with Approval

Migration Guide

From Custom Status Fields

If you’re using custom status handling: Before:
After:

Backwards Compatibility

During the transition period, responses may include both old and new fields:

Next Steps

  • MCP Integration: See MCP Guide for tool calls and context management
  • A2A Integration: See A2A Guide for artifacts and streaming
  • Protocol Comparison: See Protocol Comparison for choosing between MCP and A2A
This unified status approach ensures consistent behavior across all AdCP implementations while making client development more predictable and robust.