Switch blinded token requests to use new mywallet endpoint

[jsecretan]

Description

In order to better specify the privacy properties of the various ads endpoints, we want to change the hostnames to explicitly reflect the specific use according to our privacy policy:

The following endpoints should be reconfigured to go to mywallet.ads.brave.com, with the same path as current

• /v1/getstate
• /v2/confirmation/token/{paymentId}
• /v2/confirmation/payment/{paymentId}

All other endpoints on ads-serve.brave.com should instead go to anonymous.ads.brave.com

---

Anonymous (anonymous.ads.*):
GET /v1/issuers/
POST /v2/confirmation/{confirmation_id}/{credential}
GET /v2/confirmation/{confirmation_id}/paymentToken

Non anonymous (mywallet.ads.*):

PUT /v2/confirmation/payment/{payment_id}
GET /v2/confirmation/token/{payment_id}?nonce={nonce}
POST /v2/confirmation/token/{payment_id}
GET /v{n}/catalog falls back to ads-static for production environment
GET /v1/getstate falls back to ads-static for production environment

[ShivanKaul]

@jsecretan can we make sure that the new endpoints are cert-pinned? @diracdeltas

[diracdeltas]

see here for where ads-serve is currently pinned: https://github.com/brave/brave-core/blob/c215ec61bd7632a1235be014606361d4e2b32fac/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc#L460

[tmancey]

@jsecretan GET /v{n}/catalog and GET /v1/getstate will fall back to ads-static for production environment, is this still required?

[tmancey]

@evq @jsecretan if you could let me know if we should be falling back to ads-static as above, that would be great.

[evq]

@jsecretan I believe we discussed moving GET /v1/getstate to a new geo.ads.brave.com, were you also thinking we'd create a static.ads.brave.com for GET /v{n}/catalog for consistency? I assume all can point to the existing cloudfront distribution

[tmancey]

@evq is the catalog not geo based? Ok it is not by country/region but it is by country

[evq]

@tmancey I didn't think of it from that perspective, but that is a good argument to just consolidate around geo.ads.brave.com and entirely eliminate static in this new naming scheme. I'm in favor, @jsecretan does that work for you?

[jsecretan]

Sounds good to me, sorry for being slow on this, here is the new issue https://github.com/brave/devops/issues/7274

[btlechowski]

Verification passed on

Brave	1.39.87 Chromium: 101.0.4951.41 (Official Build) beta (64-bit)
Revision	93c720db8323b3ec10d056025ab95c23a31997c9-refs/branch-heads/4951@{#904}
OS	Ubuntu 18.04 LTS

Production

geo - GET geo.ads.brave.com

catalog - GET static.ads.brave.com

issuers - GET static.ads.brave.com

unblinded tokens - POST mywallet.ads.brave.com

unblinded tokens - GET mywallet.ads.brave.com

redeem unblinded tokens - PUT mywallet.ads.brave.com

confirmation - POST anonymous.ads.brave.com

confirmation - paymentToken - GET anonymous.ads.brave.com

[btlechowski]

Added QA/Blocked till problems with staging are resolved

[btlechowski]

Verification passed on

Brave	1.39.100 Chromium: 101.0.4951.61 (Official Build) beta (64-bit)
Revision	3b3633b32c491b4cba5fd7df3c7c0f628547cbcc-refs/branch-heads/4951@{#1189}
OS	Ubuntu 18.04 LTS

Staging

geo - GET geo.ads.bravesoftware.com

catalog - GET static.ads.bravesoftware.com

issuers - GET static.ads.bravesoftware.com

unblinded tokens - POST mywallet.ads.bravesoftware.com

unblinded tokens - GET mywallet.ads.bravesoftware.com

redeem unblinded tokens - PUT mywallet.ads.bravesoftware.com

confirmation - POST anonymous.ads.bravesoftware.com

confirmation - paymentToken - GET anonymous.ads.bravesoftware.com