Enforce identity verification

Enforce identity verification on all platforms to prevent third parties from impersonating logged-in users. Once enabled, Gleap will require you to pass the correct user hash in order to identify users.

User hash generation

To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and send it to Gleap.

Please choose your server stack to show an example code for the user hash generation.

NodeJS
Rails (Ruby)
Django (Python 3)
PHP

const crypto = require('crypto');

const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
const userIdAsString = String(user.id); // convert user's id to string
const userHash = hmac.update(userIdAsString).digest('hex'); // generate hash

OpenSSL::HMAC.hexdigest(
'sha256', # hash function
'YOUR-SECRET', # secret key (keep safe!)
current_user.id.to_s # user's id
)

import hmac
import hashlib

hmac.new(
b'YOUR-SECRET', # secret key (keep it safe!)
bytes(request.user.id, encoding='utf-8'), # user's id
digestmod=hashlib.sha256 # hash function
).hexdigest()

$userHash = hash_hmac(
'sha256', // hash function
$user->id, // user ID
'YOUR-SECRET' // secret key (keep it safe!)
);

caution

Important: Gleap handles the userId as STRING, please make sure to convert the user ID to a string, before generating the hash.

caution

Keep your secret key safe! Never commit it directly to your client-side code, or anywhere a third party can find it.

Indentify user with user hash

After generating the user hash you need to send it to your client and pass it to the Gleap SDK.

JS
iOS
Android
ReactNative
Flutter

Gleap.identify("user_19283", {
  name: "Franz",
  email: "[email protected]",
}, "GENERATED_USER_HASH");

let userProperty = GleapUserProperty()
userProperty.name = "Franz"
userProperty.email = "[email protected]"
Gleap.identifyUser(with: "user_1234", andData: userProperty andUserHash: "GENERATED_USER_HASH")

GleapUserProperties userProperties = new GleapUserProperties();
userProperties.setEmail("[email protected]");
userProperties.setName("Franzi");
userProperties.setPhone("+1 (902) 123123");
userProperties.setValue(199.95);
userProperties.setHash("GENERATED_USER_HASH");
Gleap.getInstancen().identifyUser("12334", userProperties);

Gleap.identifyWithUserHash('12334', {
  name: 'Franz',
  email: '[email protected]',
}, 'GENERATED_USER_HASH');

Gleap.identifyWithUserHash(
    userId: '12345',
    userProperties: GleapUserProperty(name: 'Franz', email: '[email protected]'),
    'GENERATED_USER_HASH',
);

Enforce identity verification

User hash generation​

Indentify user with user hash​

User hash generation

Indentify user with user hash