Enforce identity verification
Enforce identity verification on all platforms to prevent third parties from impersonating logged-in users. Once enabled, Gleap will require you to pass the correct user hash in order to identify users.
User hash generation​
To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and send it to Gleap.
Please choose your server stack to show an example code for the user hash generation.
- NodeJS
- Rails (Ruby)
- Django (Python 3)
- PHP
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
const userHash = hmac.update(user.id).digest('hex'); // user's id
OpenSSL::HMAC.hexdigest(
'sha256', # hash function
'YOUR-SECRET', # secret key (keep safe!)
current_user.id.to_s # user's id
)
import hmac
import hashlib
hmac.new(
b'YOUR-SECRET', # secret key (keep it safe!)
bytes(request.user.id, encoding='utf-8'), # user's id
digestmod=hashlib.sha256 # hash function
).hexdigest()
$userHash = hash_hmac(
'sha256', // hash function
$user->id, // user ID
'YOUR-SECRET' // secret key (keep it safe!)
);
caution
Keep your secret key safe! Never commit it directly to your client-side code, or anywhere a third party can find it.
Indentify user with user hash​
After generating the user hash you need to send it to your client and pass it to the Gleap SDK.
- JS
- iOS
- Android
- ReactNative
- Flutter
Gleap.identify("user_19283", {
name: "Franz",
email: "[email protected]",
}, "GENERATED_USER_HASH");
let userProperty = GleapUserProperty()
userProperty.name = "Franz"
userProperty.email = "[email protected]"
Gleap.identifyUser(with: "user_1234", andData: userProperty andUserHash: "GENERATED_USER_HASH")
GleapUserProperties userProperties = new GleapUserProperties("");
GleapUser gleapUserWithId = new GleapUser("12");
GleapUser gleapUserWithIdAndProps = new GleapUser("12", userProperties, "GENERATED_USER_HASH");
Gleap.identifyWithUserHash('12334', {
name: 'Franz',
email: '[email protected]',
}, 'GENERATED_USER_HASH');
Gleap.identifyWithUserHash(
userId: '12345',
userProperties: GleapUserProperty(name: 'Franz', email: '[email protected]'),
'GENERATED_USER_HASH',
);