HMAC Generation

Hash-based Message Authentication Code (HMAC) is a method used to verify and digitally sign customer details. The underlying logic of this signing mechanism involves generating a hash of the customer_id and email_id, with the Secret Key serving as the combination for computing the hash. After these details are pushed to Zoho Thrive’s system, the secret key is validated and utilised to decrypt the hash, revealing the details. This process helps in mitigating any tampering of data that could lead to fraudulent transactions.

Sample Script to Generate an HMAC

Node JSRubyPHP
Copiedconst crypto = require("crypto")
let email_id="peter.prescott@zylker.com" // Email address of Customer
let customer_id = "bfuyw3fiub3289uij" //Unique Identifiable System ID of Customer
let digestRaw = email_id+customer_id
let algorithm = "sha256"
let secret = "e46788a75fe6a876ba83a3892cfd201f"; // Secret Key
let HMACDigest = crypto.createHMAC(algorithm,secret).update(digestRaw).digest("hex")
Copiedrequire 'base64'
require 'openssl'

email_id="peter.prescott@zylker.com" // Email address of Customer
customer_id="bfuyw3fiub3289uij" //Unique Identifiable System ID of Customer
digestRaw= email_id+customer_id;

algorithm = OpenSSL::Digest.new('sha256')
secret = 'e46788a75fe6a876ba83a3892cfd201f' //Secret Key
HMACDigest = OpenSSL::HMAC.hexdigest(algorithm, secret, digestRaw)
Copied$email_id = "peter.prescott@zylker.com"; //Email address of Customer
$customer_id="bfuyw3fiub3289uij"; //Unique Identifiable System ID of Customer
$digestRaw= $email_id.$customer_id;
$algorithm = 'sha256';
$secret = 'e46788a75fe6a876ba83a3892cfd201f'; //Secret Key
$HMACDigest = hash_HMAC($algorithm, $digestRaw, $secret);

  1. Copy any one of the above scripts based on your preferred programming language.

  2. Compute it on your server side.

  3. Replace "peter.prescott@zylker.com" and "bfuyw3fiub3289uij" with their respective variables. The variable for email_id must contain the email addresses of your customers, while the customer_id's must hold the customer's unique identifiable system ID.

  4. Replace the placeholder for secret, "e46788a75fe6a876ba83a3892cfd201f" with the Secret Key found on your Scripts page.

  5. Return the HMACDigest in a way that the HMAC code generated replaces the  {{Server Generated HMAC}} inside the tracking script.