Event Verification (Signed Events)

To prevent spam and to guard against creating fake user's you can enable event verification on some key events by enabling the optional Event Verification feature. Please contact Blueshift if you want to enable this feature.

You will need an Event Verification Key which is accessible from the Blueshift dashboard. Once Event Verification feature is enabled you need to add the following attributes to your events which have an email or customer_id

  • verification_key: This can be set to any value which you want to use as the key, we would recommend using email or customer_id or any identifier which might be unique to the user. Ex: 'test@test.com', 'H1213123'
  • event_signature: This attribute needs to be set to Hex MD5 hash of <verification_key> + <event_verification_key>

When we receive an event, we compute the expected event_signature using the verification_key and Event Verification Key (private) and if the signature does not match with the value in the event then we will reject the event.

Event verification is applied only to events which have an email or customer_id, you can also choose which the events you want to enable for event verification (Ex: purchase, signup etc). Any events which fail validation will show up in the Event Processing Page Error's as "Event Verification Error". We will not do any signature validation on event's which are not part of the event verification list

 

Sample Event

Please find a sample event below

  • JSON
{
  "customer_id": "812122",
  "email": "abc@def.com",
  "event": "add_to_cart",
  "verification_key": "abc@def.com",
  "event_signature": "e88f85c920f59002409a4c71fde4c0c08ccb0ea464a0e0c96b46508ef0afd27d"
}
  • Event Verification Key: "8b8d518f7bb0934eecbaf9db97418623"
  • event_signature is set to SHA-256 Hex of ("abc@def.com" + "8b8d518f7bb0934eecbaf9db97418623" )

For older accounts, event_signature is an MD5 hex of the verification_key that you provide in the payload and the Event Verification Key of your account. Drop an email to support@blueshift.com to confirm which algorithm you should use to produce the event signature. As a general guideline, clients who signed up on or after 1st April of 2021 should produce the event signature using SHA-256 where as the rest of the customers should use MD5. We plan on providing the option to switch to a different algorithm, in the Blueshift web app, in the near future.

Meanwhile, if you fall in the category of clients who use MD5 and would like to switch to SHA-256, drop an email to support@blueshift.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request