To enable identification and personalisation across devices the class CustomerKeyAuthentication must be implemented. Implementation examples are in NodeJS, C#, and Java. This class requires Message authentication to be implemented.
The following three cookies must be available once done.
apptus.customerKey - A SHA256 hash of the id of a signed in visitor.
apptus.token - The customerKey signed with the private key, privateKey (received from Voyado during the cloud configuration). This cookie should only be set for signed in visitors.
The reason both customerKey and token exist is that if the private key leaks or becomes public, it can be changed without losing behavior and notifications for the sites visitors.
When a visitor signs in a customer key and an authorization token is to be generated server side. The authorization token is used to validate the customer key in the Elevate Web API service.
It is recommended to use the visitor specific value and the private key during the customer key and token generation.
The customer key is to be set in the apptus.customerKey cookie.
The authorization token is to be set in the apptus.token cookie.
These cookies should live as long as the visitor is signed in, and by binding the sign out button/link to the endSession()-function in the JavaScript library they will be reset automatically.
//Example in C#.varauth=newCustomerKeyAuthentication("private-key","user-name");varcustomerKeyCookie=newHttpCookie("apptus.customerKey",auth.CustomerKey);customerKeyCookie.Expires=DateTime.Now.AddYears(1);vartokenCookie=newHttpCookie("apptus.token",auth.Token);tokenCookie.Expires=DateTime.Now.AddYears(1);Response.Cookies.Add(customerKeyCookie);Response.Cookies.Add(tokenCookie);
usingSystem;usingSystem.Linq;usingSystem.Security.Cryptography;usingSystem.Text;namespaceApptus.ESales.Connector{publicclassCustomerKeyAuthentication{/// <summary>/// Creates a new instance that contains a personal customer key and a token, that can be used for/// cross-device client-side notifications in Elevate Web API. This object should be created/// when the user has successfully logged in, and the respective values should be set in cookies./// </summary>/// <param name="privateKey">A private key that is unique for this site. This key is provided by Voyado.</param>/// <param name="user">The user name, or other user-unique value, of the customer that logged in.</param>/// <exception cref="ArgumentException">If privateKey or user is null or empty.</exception>publicCustomerKeyAuthentication(stringprivateKey,stringuser){CustomerKey=Hash(user);Token=newMessageAuthentication(privateKey).Sign(CustomerKey);}/// <summary>/// A hash based on a user specific value, such as user name./// This value should be stored in a cookie named "apptus.customerKey"./// </summary>publicstringCustomerKey{get;privateset;}/// <summary>/// The signature of this customerKey./// This value should be stored in a cookie named "apptus.token"./// </summary>publicstringToken{get;privateset;}privatestaticstringHash(stringinput){returnnewSHA256Managed().ComputeHash(Encoding.UTF8.GetBytes(input)).Aggregate(newStringBuilder(),(sb,b)=>sb.AppendFormat("{0:x2}",b)).ToString();}}}
packagecom.apptus.esales.connector;importjava.nio.charset.StandardCharsets;importjava.security.MessageDigest;importjava.security.NoSuchAlgorithmException;/** * A class that should be used for creating personal customer keys when using Elevate Web API. */publicclassCustomerKeyAuthentication{privatefinalStringcustomerKey;privatefinalStringtoken;/** * Creates a new instance that contains a personal customer key and a token, that can be used for * cross-device client-side notifications in Elevate Web API. This object should be created * when the user has successfully logged in, and the respective values should be set in cookies. * See {@link #getCustomerKey()} and {@link #getToken()}. * @param privateKey A private key that is unique for this site. This key is provided by Voyado. * @param user The user name, or other user-unique value, of the customer that logged in. * @throws IllegalArgumentException If privateKey or user is null or empty. **/publicCustomerKeyAuthentication(StringprivateKey,Stringuser){customerKey=hash(user);token=newMessageAuthentication(privateKey).sign(customerKey);}/* * @return A hash based on a user specific value, such as user name. * This value should be stored in a cookie named "apptus.customerKey". */publicStringgetCustomerKey(){returncustomerKey;}/** * @return The signature of this customerKey. * This value should be stored in a cookie named "apptus.token". */publicStringgetToken(){returntoken;}privatestaticStringhash(Stringinput){MessageDigestmd;try{md=MessageDigest.getInstance("SHA-256");}catch(NoSuchAlgorithmExceptione){//it should not happenthrownewRuntimeException(e);}md.reset();md.update(input.getBytes(StandardCharsets.UTF_8));returnMessageAuthentication.toHexString(md.digest());}}
×
Copyright
This online publication is intellectual property of Voyado Lund AB. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.
All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Voyado Lund AB nor the authors shall be held liable for possible errors or the consequences thereof.
Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Voyado Lund AB essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.