> For the complete documentation index, see [llms.txt](https://help.usejimo.com/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.usejimo.com/docs/for-developers/for-developers/sdk-guides/setup-identify-verification.md).

# Setup Identify Verification

***

### Quick Access

[How does identify verification works?](#how-does-identify-verification-works)

[Requirements of Identify Verification](#requirements-of-identify-verification)

[Setup Identify Verification](#setup-identify-verification)

1. [Get your secret key](#id-1.-get-your-secret-key)
2. [Sign identifiers](#id-2.-sign-identifiers)
3. [Pass signed identifier to the identify JavaScript SDK method](#id-3.-pass-signed-identifier-to-the-identify-javascript-sdk-method)

[Troubleshooting](#troubleshooting)

* [I'm getting an IDENTIFY\_VERIFICATION\_SIGNATURE\_SIGNIN\_FAILED error](#im-getting-a-identify_verification_signature_signin_failed-error)
* [I'm getting an IDENTIFY\_VERIFICATION\_SIGNATURE\_SIGNUP\_FAILED error](#im-getting-a-identify_verification_signature_signup_failed-error)

***

## How does identify verification works?

Identify verification is an additional step in the identify flow making sure that users has been identified by your own account system.

In fact, your web-app use our Javascript SDK method to identify users. This also means that the Javascript SDK method could be triggered by someone using a browser developer console. Let's illustrate this two situations.

#### Case 1 : John access your app

* Your web app loads, John is identified in your app as `id-c5c178f6`
* Your web app call Jimo SDK method like so `window['jimo'].push(['do', 'identify', ["id-c5c178f6"]]);`
* John is correctly identified by your app in Jimo as `id-c5c178f6`

#### Case 2 : Dev (the spoofer) access your app

* You web app loads, Dev is identified in your app as `id-0f2cf8f1`
* Your web app call Jimo SDK method like so `window['jimo'].push(['do', 'identify', ["id-0f2cf8f1"]]);`
* Dev is correctly identified by your app in Jimo as `id-0f2cf8f1`
* Dev opens the browser developer console while on your app and call Jimo SDK method like so `window['jimo'].push(['do', 'identify', ["id-c5c178f6"]]);`
* Dev is now identified in Jimo as `id-c5c178f6`

## Requirements of Identify Verification

The verification feature requires you to sign the identifier you provide to the identify JavaScript SDK method, with a secret key. As this secret key must not be know to any public user, you need to keep this on your backend code only.

Therefore, only your backend will be able to sign the identifier that will be passed to the identify Javascript SDK method. **The only requirement for using User Verification is the ability to sign the id your provide from your own backend code, with the secret key Jimo generates for you in your website settings.**

## Setup Identify Verification

### 1. Get your secret key

In order for your backend to sign the identifier, you'll need a secret key.

* Login to Jimo dashboard
* Navigate to Installation Settings
* Enable the "Identify Verification"
* Copy the secret key

<figure><img src="/files/gM6zdo2d3EtObTGxuuOk" alt=""><figcaption><p>Identify Verification section in Installation Settings</p></figcaption></figure>

### 2. Sign identifiers

Once your have your secret key, you can use it to sign identifiers.

{% hint style="info" %}
Quick reminder : We recommend to use unguessable identifier when setting up the identify in Jimo to increase the security of your integration. Please check [our Identify users notice](/docs/for-developers/for-developers/sdk-guides/identify-users.md) for more information.&#x20;
{% endhint %}

Here's how to sign the identifier from your backend using Nodejs (make sure to adapt according to the technology your are using for your backend).

```typescript
const crypto = require("crypto");

// Put you secret key here (keep it private!)
// Notice: the one below is an example, yours will be different
const secretKey = "a6c93e058a4ab236449bd321002352483a85138489d2ee4fb2eaa4cfd3ab2ba8";
const now = Math.floor(Date.now() / 1000);

// This method signs an id, using your global 'secretKey'
function signIdentifier(id) {
  return [crypto.createHmac("sha256", secretKey).update(`${id}-${now}`).digest("hex"), now].join('-');
}

// Sign your identifier
// Notice: the id below is an example, yours will be sourced from the authenticated user
const signedIdentifier = signIdentifier("id-c5c178f6");

console.log("Your signed identifier is:", signedIdentifier);
```

{% hint style="warning" %}
Make sure you generate signatures with the `HMAC-SHA256` algorithm. Any other HMAC digest is not accepted and will be refused by Jimo when provided.
{% endhint %}

**Example based on the snippet provided above**

```typescript
const secretKey = "a6c93e058a4ab236449bd321002352483a85138489d2ee4fb2eaa4cfd3ab2ba8"

signIdentifier("id-c5c178f6") // 6a403a1fcfcc866b8917e6e208a553004c54c73846bc4f3f686757e2a5ad588e-1741761604
```

### 3. Pass signed identifier to the identify Javascript SDK method

Once your signed identifiers is generated, make sure to pass it every time you call the Identify Javascript SDK method like so&#x20;

```javascript
window['jimo'].push(['do', 'identify', [identifier, null, signedIdentifier]]);
```

**Example (from above)**

```javascript
window['jimo'].push(['do', 'identify', ["john.doe@company.com", null, "6a403a1fcfcc866b8917e6e208a553004c54c73846bc4f3f686757e2a5ad588e-1741761604"]]);
```

## Troubleshooting

### I'm getting a IDENTIFY\_VERIFICATION\_SIGNATURE\_SIGNIN\_FAILED error

Please make sure that&#x20;

* You have passed the signed identifiers as the 3rd parameters of the Identify Javascript SDK method
* You have correctly signed the identifiers using your secret key

### I'm getting a IDENTIFY\_VERIFICATION\_SIGNATURE\_SIGNUP\_FAILED error

Please make sure that&#x20;

* You have passed the signed identifiers as the 3rd parameters of the Identify Javascript SDK method
* You have correctly signed the identifiers using your secret key


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.usejimo.com/docs/for-developers/for-developers/sdk-guides/setup-identify-verification.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.