Signing The Request

Signing The Request

In order to sign the request to load a promotion link, three pieces of information are required:

  • Unix timestamp
  • Unique identifier of the user
  • Signed hash

Unix Timestamp

The unix timestamp should be a long integer, and be represented in seconds. 

const timestamp = Date.now()/1000;
$date = new DateTime();
$timestamp =  $date->getTimestamp();
import time
now = int( time.time() )

Unique identifier of the user

The unique identifier of the user should be something that can tie back to the user in your system. This can be a user ID, a username, or any other unique identifier. The unique identifier can be up to 255 characters long.

Signed Hash

The signed hash will consist of 3 pieces of information:

  • Unique identifier of the user
  • Shared secret key
  • Timestamp

The data should be separated by a ~ tilde. 

const memberId = 'abc123';
const sharedSecretKey = 'secretKeyThatShouldNotBeStoredInPlaintext';
const timestamp = Date.now()/1000;
const data = `${memberId}~${sharedSecretKey}~${timestamp}`;

Supported hashing algorithms:

  • SHA-256 (recommended)
  • SHA-512

Note: MD5 and SHA-1 are no longer supported due to known cryptographic weaknesses. All new integrations should use SHA-256. Existing integrations using deprecated algorithms must migrate to SHA-256 or SHA-512.

Query String Format

The signed data should be passed as query string parameters in the following format: 

?mid=__UNIQUE_MEMBER_ID__&ts=__TIMESTAMP__&sig=__SIGNED_HASH__

The keys ts and sig can be overridden if needed.

← Getting Started OnCompletion Webhook →