Signing The Request

Signing The Request

In order to sign the request to load a promotion link, three pieces of information are required:

  • Unix timestamp
  • Unique identifier of the user
  • Signed hash

Unix Timestamp

The unix timestamp should be a long integer, and be represented in seconds. 

const timestamp = Date.now()/1000;
$date = new DateTime();
$timestamp =  $date->getTimestamp();
import time
now = int( time.time() )

Unique identifier of the user

The unique identifier of the user should be something that can tie back to the user in your system. This can be a user ID, a username, or any other unique identifier. The unique identifier can be up to 255 characters long.

Signed Hash

The signed hash will consist of 3 pieces of information:

  • Unique identifier of the user
  • Shared secret key
  • Timestamp

The data should be separated by a ~ tilde. 

const memberId = 'abc123';
const sharedSecretKey = 'secretKeyThatShouldNotBeStoredInPlaintext';
const timestamp = Date.now()/1000;
const data = `${memberId}~${sharedSecretKey}~${timestamp}`;

Supported hashing algorithms:

  • SHA-1
  • SHA-256
  • MD5 (not recommended)

If another hashing method is required, please reach out and we will work with you.

Query String Format

The signed data should be passed as query string parameters in the following format: 

?mid=__UNIQUE_MEMBER_ID__&ts=__TIMESTAMP__&sig=__SIGNED_HASH__

The keys ts and sig can be overridden if needed.

← Getting Started OnCompletion Webhook →