Implementing User Verification
Last updated
Was this helpful?
Last updated
Was this helpful?
User verification allows you to securely identify users who access your private widgets or pages. By generating a signed authentication token on your server, you can ensure that only authorized users gain access.
User verification is a great way to control access while providing a seamless experience for your team and customers.
Firstly, get your shared secret to securely encrypt the user data in the payload.
Access the global settings via the Settings button in the top right of the Released overview page.
Go to the User verification section.
Copy your Shared Secret – this will be used to generate authentication tokens.
Keep your secret safe! Never expose it in client-side code or public repositories.
Now you can generate an encrypted AUTH_TOKEN to securely identify the user.
Send a POST request to the Released token API with your ACCOUNT_ID and the CURRENT_USER_EMAIL. The API will respond with the AUTH_TOKEN for that user.
Include this token in every request to authenticate users accessing your Released portal. The token is valid for seven days. After that, you must generate a new token.
Example Request (Node.js)
You can find the SHARED_SECRET and ACCOUNT_ID values in the User verification settings in Released. The CURRENT_USER_EMAIL value should be filled in dynamically with the details of the authenticated user in your app or site.
Once you’ve generated the token, include it when embedding your portal:
When a portal has restricted access, the AUTH_TOKEN must be included in the embed code for content to appear. Only use the embed code with authentication tokens in pages that are not publicly accessible.
If you need to rotate your shared secret:
Generate a new secret from the User verification section.
Update your server to use the new secret when generating tokens.
Ensure all requests are updated with new tokens.
If you run into issues, contact us and we’ll help you get started.