Skip to main content

Enforce identity verification

Enforce identity verification on all platforms to prevent third parties from impersonating logged-in users. Once enabled, Gleap will require you to pass the correct user hash in order to identify users.

User hash generation

To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and send it to Gleap.

Please choose your server stack to show an example code for the user hash generation.

const crypto = require('crypto');

const hmac = crypto.createHmac('sha256', 'YOUR-SECRET'); // secret key (keep it safe!)
const userIdAsString = String(; // convert user's id to string
const userHash = hmac.update(userIdAsString).digest('hex'); // generate hash

Important: Gleap handles the userId as STRING, please make sure to convert the user ID to a string, before generating the hash.


Keep your secret key safe! Never commit it directly to your client-side code, or anywhere a third party can find it.

Indentify user with user hash

After generating the user hash you need to send it to your client and pass it to the Gleap SDK.

Gleap.identify("user_19283", {
name: "Franz",
email: "[email protected]",