This document outlines the requirements and process for onboarding new clients to Ktrl via AppsFlyer Data Locker. Data Locker is a cloud-based solution provided by the AppsFlyer MMP that allows advertisers to access granular data directly in their own cloud storage environments.
Integration Overview
The onboarding process is determined by two primary factors: the granularity of data the client can share and the cloud storage provider they utilise.
Before you start
A few things to confirm before beginning. These can block onboarding if missed:
Data Locker must already be enabled in AppsFlyer. Historical data is only available from the activation date onward. If you need earlier data, request a backfill from your AppsFlyer CSM before starting.
Personally Identifiable Information (PII) must be removed from user-level exports. If you're using the user-level methodology (see below), make sure all mandatory PII fields are filtered or removed from the export before Ktrl ingests it. Kohort provides a free, open-source tool for this: the Kohort S3 Sanitizer. It runs entirely inside your own AWS account (using S3 Batch Operations + Lambda), removes known PII columns from CSV or Parquet Data Locker exports, and writes sanitized copies to a separate prefix — your raw data never leaves your account. Setup instructions are in the repo's readme.
Your schema must follow AppsFlyer defaults. Custom partitioning or schema changes can break the ingestion pipeline. In particular,
app_idmust appear in the path of each file.
1. Determining Your Data Methodology
Data Locker supports two export methodologies. Your choice affects modelling depth and the specific SQL queries used for ingestion.
User-level (preferred) — Raw, event-level data that enables the most granular forecasts. However, this data often contains PII, so it must be filtered before sharing. You can use the Kohort S3 Sanitizer to remove PII columns from your exports in your own AWS account. To use this methodology, contact us directly for setup support.
Cohort Unified (default) - Pre-aggregated data that avoids PII concerns. Limited to 180 days of retention (D180). If raw data access is restricted due to PII concerns or resource constraints, we default to the "Cohort Unified" methodology.
2. Cloud Platform Selection
Kohort currently supports Amazon S3. The remaining 3 options are on the roadmap - contact us if you're interested:
Amazon S3
Google BigQuery
Google Cloud Storage (GCS)
Snowflake
3. Connect your cloud storage to Ktrl
In the Ktrl setup wizard, select AppsFlyer Data Locker and follow the instructions for your platform below.
Amazon S3
You'll need:
S3 bucket path - where your Data Locker exports are stored. Enter without the
s3://prefix.Access key ID and secret access key - we recommend creating dedicated keys for this integration so you can revoke them independently if needed.
Region - the AWS region your bucket is in.
Google BigQuery, GCS, Snowflake
Not yet supported. Contact us if you'd like to use one of these.
4. Cost Integration
You'll need a cost data source. Data Locker doesn't include cost data, so Ktrl pulls it from the AppsFlyer Free API. You'll need an API key (see guide for how to get one).
Paste your AppsFlyer Free API key into the field when prompted.

