> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gleap.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Enforce identity verification

Enforce identity verification on all platforms to prevent third parties from impersonating logged-in users.
Once enabled, Gleap will require you to pass the correct user hash in order to identify users.

## User hash generation

To set up identity verification, you'll need to generate an <a href="https://en.wikipedia.org/wiki/HMAC" target="_blank">HMAC</a> on your server for each logged-in user and send it to Gleap.

Please choose your server stack to show an example code for the user hash generation.

<Tabs>
  <Tab title="NodeJS">
    ```js theme={null}
    const crypto = require('crypto');

    const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
    const userIdAsString = String(user.id); // convert user's id to string
    const userHash = hmac.update(userIdAsString).digest('hex'); // generate hash
    ```
  </Tab>

  <Tab title="Rails (Ruby)">
    ```rails theme={null}
    OpenSSL::HMAC.hexdigest(
    'sha256', # hash function
    'YOUR-SECRET', # secret key (keep safe!)
    current_user.id.to_s # user's id
    )
    ```
  </Tab>

  <Tab title="Django (Python 3)">
    ```py theme={null}
    import hmac
    import hashlib

    hmac.new(
    b'YOUR-SECRET', # secret key (keep it safe!)
    bytes(request.user.id, encoding='utf-8'), # user's id
    digestmod=hashlib.sha256 # hash function
    ).hexdigest()
    ```
  </Tab>

  <Tab title="PHP">
    ```php theme={null}
    $userHash = hash_hmac(
    'sha256', // hash function
    $user->id, // user ID
    'YOUR-SECRET' // secret key (keep it safe!)
    );
    ```
  </Tab>
</Tabs>

<Info>Important: Gleap handles the userId as STRING, please make sure to convert the user ID to a string, before generating the hash.</Info>

<Warning>Keep your secret key safe! Never commit it directly to your client-side code, or anywhere a third party can find it.</Warning>

## Indentify user with user hash

After generating the user hash you need to send it to your client and pass it to the Gleap SDK.

<Tabs>
  <Tab title="JS">
    ```js theme={null}
    Gleap.identify("user_19283", {
      name: "Franz",
      email: "franz@gleap.io",
    }, "GENERATED_USER_HASH");
    ```
  </Tab>

  <Tab title="iOS">
    ```objc theme={null}
    let userProperty = GleapUserProperty()
    userProperty.name = "Franz"
    userProperty.email = "franz@gleap.io"
    Gleap.identifyUser(with: "user_1234", andData: userProperty andUserHash: "GENERATED_USER_HASH")
    ```
  </Tab>

  <Tab title="Android">
    ```java theme={null}
    GleapUserProperties userProperties = new GleapUserProperties();
    userProperties.setEmail("franzi@gleap.io");
    userProperties.setName("Franzi");
    userProperties.setPhone("+1 (902) 123123");
    userProperties.setValue(199.95);
    userProperties.setHash("GENERATED_USER_HASH");
    Gleap.getInstancen().identifyUser("12334", userProperties);
    ```
  </Tab>

  <Tab title="ReactNative">
    ```js theme={null}
    Gleap.identifyWithUserHash('12334', {
      name: 'Franz',
      email: 'franz@gleap.io',
    }, 'GENERATED_USER_HASH');
    ```
  </Tab>

  <Tab title="Flutter">
    ```js theme={null}
    Gleap.identifyWithUserHash(
        userId: '12345',
        userProperties: GleapUserProperty(name: 'Franz', email: 'franz@gleap.io'),
        'GENERATED_USER_HASH',
    );
    ```
  </Tab>
</Tabs>