Voulez-vous chercher dans toutes les catégories ou cette catégorie ?
Accueil
Toutes les catégories
Documentation technique
Javascript API
Enable identity verification

Enable identity verification

Écrit par Remi Delhaye
Dernière mise à jour :  jeudi 02 janvier 2025

Identity Verification helps ensure that your users are who they claim to be. This prevents third parties from seeing your users’ conversations or impersonating another user. We strongly encourage all Polaria customers with registered users to set up and enable Identity Verification.

If your app only interacts with anonymous visitors and doesn’t rely on user data, you can skip this step.

To set up Identity Verification with Basic JavaScript, you’ll need to generate an HMAC on your server.

Everywhere you load user data (_polaria.identify) and have a _polaria.init code snippet, add a new attribute called user_hash and assign your HMAC code to it. This HMAC should be generated using your user_token and your widget secret key (that you can find at the bottom of the  "Integrations" page of your Polaria admin panel). Here is an example in PHP:

Your code to generate an HMAC for your app is:

OpenSSL::HMAC.hexdigest(  'sha256', # hash function  'YOUR_WIDGET_SECRET_KEY', # secret key (keep safe!)  current_user.id # user's id)

Everywhere you load user data (_polaria.identify) and have a _polaria.init code snippet, add a new attribute called user_hash and assign your HMAC code to it

_polaria.init("xxxxxxxxxxxxxxxxxxxx", {   user_token: "<%= current_user.id %>",   user_hash: "<%=    OpenSSL::HMAC.hexdigest(      'sha256',      'YOUR_WIDGET_SECRET_KEY',      current_user.id    )  %>" // HMAC using SHA-256});

Your code to generate an HMAC for your app is:

import hmacimport hashlibhmac.new(  'YOUR_WIDGET_SECRET_KEY', # secret key (keep safe!)  request.user.id, # user's id  digestmod=hashlib.sha256 # hash function).hexdigest()

Everywhere you load user data _polaria.identify) and have a _polaria.init code snippet, add a new attribute called user_hash and assign your HMAC code to it

_polaria.init("xxxxxxxxxxxxxxxxxxxx", {   user_token: "{{ request.user.id|escapejs }}",   user_hash: "{{    hmac.new(      'YOUR_WIDGET_SECRET_KEY',      request.user.id,      digestmod=hashlib.sha256    ).hexdigest()  }}" // HMAC using SHA-256});

Your code to generate an HMAC for your app is:

hash_hmac(  'sha256', // hash function  $user->id, // user's id  'YOUR_WIDGET_SECRET_KEY' // secret key (keep safe!));

Everywhere you load user data (_polaria.identify) and have a _polaria.init code snippet, add a new attribute called user_hash and assign your HMAC code to it

_polaria.init("xxxxxxxxxxxxxxxxxxxx", {   user_token: "<?php echo $current_user->id ?>",   user_hash: "<?php    echo hash_hmac(      'sha256',      $user->id,      'YOUR_WIDGET_SECRET_KEY'    );  ?>" // HMAC using SHA-256});

View this guide and find your server-side language or framework to generate your HMAC. Replace ‘Message’ with your user’s user_id and ‘secret’ with your app’s secret key.

To verify your Identity Verification setup, log in to your website or app as a user and refresh any page with the Messenger installed.

Once you ship your changes to production, Polaria will not accept any requests for a logged-in user without a valid user hash.

 

Javascript API

12 articles dans cette catégorie.
Écrit par Remi Delhaye.