Event authentication settings

By default, the use of JS SDK and event aggregation takes place without authentication (except for form.submit, client.createOrUpdate events). You can configure authentication requirements so that some (or even all) events can only be sent by customers who confirmed their identity.

Important: We highly recommend using this option, especially for events which involve personal data and/or events of high importance.

The customer’s identity is verified by your own backend, which informs Synerise that the user is authenticated. For technical details of the authentication, see the developer documentation.

Users can create lists of events which require the JSON Web Token (JWT) authentication. Users can create three-level authentication of events in the form of lists that contain:

  • Events that don’t modify customer’s data which don’t require authentication.
  • Events that modify customer data which don’t require authentication.
  • Events that modify data and require authentication.

Event configuration

  1. Go to Data Management icon Data Management > Events > Events settings.
Event settings
Event settings

Events which don’t change customer data and don’t require authentication

  1. To define events that don’t change customer’s data and don’t require a JWT, in the Accept anonymous customers section, click Define.
    1. To add a new event, click Add new item.
    2. From the dropdown list, select an event.
    3. Confirm your choice by clicking Add.
      Result: The event appears on the Events list.
    4. To add more, expand the dropdown list and select an event.
    5. To save the list of events, click Apply.

Events which change customer data and don’t require authentication

WARNING: Using non-authenticated events for changing customer data is enabled for backwards compatibility. You should not add events to this list unless absolutely necessary and allowed by your security policies.
  1. To define events that modify customer data and don’t require a JWT, in the Identify customer without JWT token section, click Define. Examples of such events: form.submit, client.login, client.createOrUpdate
    1. To add a new event, click Add new item.
    2. From the dropdown list, select an event.
    3. Confirm your choice by clicking Add.
      Result: The event appears on the Events list.
    4. To add more, expand the dropdown list and select an event.
    5. To save the list of events, click Apply.

Events which require authentication


Before you can authenticate events with JWT, you must add a certificate and implement your own logic for generating JWT tokens signed with that certificate.

Click to expand RSA key instructions

  1. Go to https://app.synerise.com/spa/modules/params-translator/params-translator/events.
  2. On the Event settings tab, in the Certificate section, click Define.
  3. If a certificate is already added, perform one of the following actions
    • Keep using the existing certificate, no further actions are required.
    • Overwrite the existing certificate by continuing to step 4.
      WARNING: Overwriting a certificate requires providing the new certificate in your backend implementation! JWT tokens signed with the old certificate are rejected!
  4. Open the terminal.
  5. Generate public and private RSA keys by using these commands:
    1. openssl genpkey -out private.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    2. openssl pkcs8 -topk8 -inform pem -in private.pem -outform DER -nocrypt -out private.der
    3. openssl rsa -pubout < private.pem > public.pem
  6. Perform one of the following actions:
    • To enter the certificate as text, in the Certificate code field paste the certificate without the header and footer.
      The header and footer are: -----BEGIN PUBLIC KEY-----; -----END PUBLIC KEY-----
      Important: The pasted certificate cannot contain line breaks or spaces.
      Tip: To open the certificate in the terminal, you can usually use cat public.pem in the root directory.
    • To upload the certificate as a file, click Upload Certificate > Upload certificate code and select a file from your computer.
  7. Click Apply.

  1. To define events that modify customer data and require a JWT, in the JWT token verification section, click Define. Examples of such events: form.submit, client.createOrUpdate (these two events are added to this list by default)
    1. To add a new event, click Add new item.
    2. From the dropdown list, select an event.
    3. Confirm your choice by clicking Add.
      Result: The event appears on the Events list.
    4. To add more, expand the dropdown list and select an event.
    5. To save the list of events, click Apply.
😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.