Skip to main content
Gainsight Inc.

Identity HMAC Verification (SHA256)

Enabling identity verification means Gainsight PX will use HMAC id so we can have a secured way to validate that a logged in user doesn't try to impersonate as another user - this feature should be set via account product settings. The purpose of identity verification is to verify that your users are who they claim to be. It works by using a server side generated HMAC (hash based message authentication code), using SHA256, on either your user’s email or user_id. Once identity verification is enabled, We will not accept any requests for a logged-in user without a valid HMAC.

Enable Identity verification Under Account Settings:

One your server side has implemented identity verification using the hash key you can enable it under account settings.

tracked data.png

Pass the User Hash in the Identify Call:

  //User Fields
    "id": "unique-user-id", // Required for logged in app users
    "email": "",
    "firstName": "John",
    "lastName": "Smith",
    "signUpDate": 1522697426479, //unix time in ms
    "userHash": "" // optional transient for HMAC identification
  //Account Fields
    "id":"IBM", //Required
    "name":"International Business Machine"
  • Was this article helpful?