Enforce identity verification

Enforce identity verification on all platforms to prevent third parties from impersonating logged-in users. Once enabled, Gleap will require you to pass the correct user hash in order to identify users.

User hash generation

To set up identity verification, you’ll need to generate an HMAC on your server for each logged-in user and send it to Gleap.

Please choose your server stack to show an example code for the user hash generation.

const crypto = require('crypto');

const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
const userIdAsString = String(user.id); // convert user's id to string
const userHash = hmac.update(userIdAsString).digest('hex'); // generate hash

const crypto = require('crypto');

const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
const userIdAsString = String(user.id); // convert user's id to string
const userHash = hmac.update(userIdAsString).digest('hex'); // generate hash

OpenSSL::HMAC.hexdigest(
'sha256', # hash function
'YOUR-SECRET', # secret key (keep safe!)
current_user.id.to_s # user's id
)

import hmac
import hashlib

hmac.new(
b'YOUR-SECRET', # secret key (keep it safe!)
bytes(request.user.id, encoding='utf-8'), # user's id
digestmod=hashlib.sha256 # hash function
).hexdigest()

$userHash = hash_hmac(
'sha256', // hash function
$user->id, // user ID
'YOUR-SECRET' // secret key (keep it safe!)
);

Important: Gleap handles the userId as STRING, please make sure to convert the user ID to a string, before generating the hash.

Keep your secret key safe! Never commit it directly to your client-side code, or anywhere a third party can find it.

Indentify user with user hash

After generating the user hash you need to send it to your client and pass it to the Gleap SDK.

Gleap.identify("user_19283", {
  name: "Franz",
  email: "franz@gleap.io",
}, "GENERATED_USER_HASH");

Gleap.identify("user_19283", {
  name: "Franz",
  email: "franz@gleap.io",
}, "GENERATED_USER_HASH");

let userProperty = GleapUserProperty()
userProperty.name = "Franz"
userProperty.email = "franz@gleap.io"
Gleap.identifyUser(with: "user_1234", andData: userProperty andUserHash: "GENERATED_USER_HASH")

GleapUserProperties userProperties = new GleapUserProperties();
userProperties.setEmail("franzi@gleap.io");
userProperties.setName("Franzi");
userProperties.setPhone("+1 (902) 123123");
userProperties.setValue(199.95);
userProperties.setHash("GENERATED_USER_HASH");
Gleap.getInstancen().identifyUser("12334", userProperties);

Gleap.identifyWithUserHash('12334', {
  name: 'Franz',
  email: 'franz@gleap.io',
}, 'GENERATED_USER_HASH');

Gleap.identifyWithUserHash(
    userId: '12345',
    userProperties: GleapUserProperty(name: 'Franz', email: 'franz@gleap.io'),
    'GENERATED_USER_HASH',
);

Get Started

SDKs

Server-side event tracking

Guides

User hash generation

Indentify user with user hash

Get Started

SDKs

Server-side event tracking

Guides

​User hash generation

​Indentify user with user hash

User hash generation

Indentify user with user hash