Setup Identify Verification
If you are using our SDK in your web app to identify your users, you might want to make sure users are verified. Let's see how to do that using a signature flow.
Last updated
Was this helpful?
If you are using our SDK in your web app to identify your users, you might want to make sure users are verified. Let's see how to do that using a signature flow.
Last updated
Was this helpful?
Identify verification is an additional step in the identify flow making sure that users has been identified by your own account system.
In fact, your web-app use our Javascript SDK method to identify users. This also means that the Javascript SDK method could be triggered by someone using a browser developer console. Let's illustrate this two situations.
Your web app loads, John is identified in your app as id-c5c178f6
Your web app call Jimo SDK method like so window['jimo'].push(['do', 'identify', ["id-c5c178f6"]]);
John is correctly identified by your app in Jimo as id-c5c178f6
You web app loads, Dev is identified in your app as id-0f2cf8f1
Your web app call Jimo SDK method like so window['jimo'].push(['do', 'identify', ["id-0f2cf8f1"]]);
Dev is correctly identified by your app in Jimo as id-0f2cf8f1
Dev opens the browser developer console while on your app and call Jimo SDK method like so window['jimo'].push(['do', 'identify', ["id-c5c178f6"]]);
Dev is now identified in Jimo as id-c5c178f6
The verification feature requires you to sign the identifier you provide to the identify JavaScript SDK method, with a secret key. As this secret key must not be know to any public user, you need to keep this on your backend code only.
Therefore, only your backend will be able to sign the identifier that will be passed to the identify Javascript SDK method. The only requirement for using User Verification is the ability to sign the id your provide from your own backend code, with the secret key Jimo generates for you in your website settings.
In order for your backend to sign the identifier, you'll need a secret key.
Login to Jimo dashboard
Navigate to Installation Settings
Enable the "Identify Verification"
Copy the secret key
Once your have your secret key, you can use it to sign identifiers.
Here's how to sign the identifier from your backend using Nodejs (make sure to adapt according to the technology your are using for your backend).
Make sure you generate signatures with the HMAC-SHA256 algorithm. Any other HMAC digest is not accepted and will be refused by Jimo when provided.
Example based on the snippet provided above
Once your signed identifiers is generated, make sure to pass it every time you call the Identify Javascript SDK method like so
Example (from above)
Please make sure that
You have passed the signed identifiers as the 3rd parameters of the Identify Javascript SDK method
You have correctly signed the identifiers using your secret key
Please make sure that
You have passed the signed identifiers as the 3rd parameters of the Identify Javascript SDK method
You have correctly signed the identifiers using your secret key
Quick reminder : We recommend to use unguessable identifier when setting up the identify in Jimo to increase the security of your integration. Please check for more information.
