Overview
Identity Verification helps to make sure that conversations between you and your users are kept private and that one user can't impersonate another. This prevents unauthorized access and enhances security for your users.
By implementing identity verification, you can:
- Secure API interactions by confirming user authenticity.
- Prevent impersonation and unauthorized data access.
- Improve trust in your Eucera Tracking Code integration.
How It Works
Eucera Tracking Code uses HMAC (Hash-based Message Authentication Code) for identity verification. When making requests, you generate a hash using your secret key and compare it against the hash Eucera expects.
Steps:
- Generate a signature: Use your secret key to create an HMAC-SHA256 signature.
- Send the signed request: Attach the generated signature to your API request.
- Eucera verifies the signature: If the computed signature matches, the request is authenticated.
Implementing Identity Verification
Step 1: Retrieve Your Secret Key
Your secret key is available in your Eucera Tracking Code dashboard under Settings > Identity Verification. Keep this key secure and do not share it publicly.
Step 2: Generate a Signature
Use HMAC-SHA256 to generate a signature using your secret key and the user's unique ID.
Step 3: Pass the userHash in the identify call
const context = {
user: {
id: 'user-12345', // mandatory
userHash:'THE HASHCODE GENERATED WITH THE SECRET KEY',
email: '[email protected]',
name: 'John Doe',
role: 'admin',
image: 'https://example.com/images/user12345.jpg',
phone: '+1234567890',
timezone: 'America/New_York',
signUpDate: 1707164462000,
location: {
country: "USA",
region: "Northeast",
state: "New York",
city: "New York City",
postalCode: "10001"
}
// add custom attributes here after creating them in your subscription
},
subscription: {
id: 'subscription-12345' // mandatory
// add custom attributes here after creating them in your subscription
}
}
eucera('when', 'ready', () => {
eucera.identify(context);
});