User Verification

Last updated 2 months ago

Was this helpful?

User Verification

Overview

User verification allows you to securely identify users who access your private widgets or pages. By generating a signed authentication token on your server, you can ensure that only authorized users gain access.

User verification is a great way to control access while providing a seamless experience for your team and customers.

Authentication flow

Setting up user verification

1. Get your shared secret

Firstly, get your shared secret to securely encrypt the user data in the payload.

Access the global settings via the Settings button in the top right of the Released overview page.
Go to the User verification section.
Copy your Shared Secret – this will be used to generate authentication tokens.

Keep your secret safe! Never expose it in client-side code or public repositories.

2. Generate an authentication token on your server

Now you can generate an encrypted AUTH_TOKEN to securely identify the user.

Send a POST request to the Released token API with your ACCOUNT_ID and the CURRENT_USER_EMAIL. The API will respond with the AUTH_TOKEN for that user.

Include this token in every request to authenticate users accessing your Released portal. The token is valid for seven days. After that, you must generate a new token.

Example Request (Node.js)

const response = await fetch("https://accounts.releasedhub.com/auth/api/token", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer SHARED_SECRET" // Your shared secret
  },
  body: JSON.stringify({
    account_id: "ACCOUNT_ID", // Your Released Account ID 
    user_email: "CURRENT_USER_EMAIL" // Email of the current authenticated user 
  }),
});

const json = await response.json();
console.log(json);

You can find the SHARED_SECRET and ACCOUNT_ID values in the User verification settings in Released. The CURRENT_USER_EMAIL value should be filled in dynamically with the details of the authenticated user in your app or site.

3. Pass the authentication token with the embed tag

Once you’ve generated the token, include it when embedding your portal:

<released-page auth-token="AUTH_TOKEN"></released-page>

When a portal has restricted access, the AUTH_TOKEN must be included in the embed code for content to appear. Only use the embed code with authentication tokens in pages that are not publicly accessible.

Rotating your shared secret

If you need to rotate your shared secret:

Generate a new secret from the User verification section.
Update your server to use the new secret when generating tokens.
Ensure all requests are updated with new tokens.

Need Help?

PreviousInternal Domains NextOverview

Last updated 2 months ago

Was this helpful?

Overview

User verification is a great way to control access while providing a seamless experience for your team and customers.

Authentication flow

Setting up user verification

1. Get your shared secret

Firstly, get your shared secret to securely encrypt the user data in the payload.

Access the global settings via the Settings button in the top right of the Released overview page.
Go to the User verification section.
Copy your Shared Secret – this will be used to generate authentication tokens.

Keep your secret safe! Never expose it in client-side code or public repositories.

2. Generate an authentication token on your server

Now you can generate an encrypted AUTH_TOKEN to securely identify the user.

Send a POST request to the Released token API with your ACCOUNT_ID and the CURRENT_USER_EMAIL. The API will respond with the AUTH_TOKEN for that user.

Include this token in every request to authenticate users accessing your Released portal. The token is valid for seven days. After that, you must generate a new token.

Example Request (Node.js)

const response = await fetch("https://accounts.releasedhub.com/auth/api/token", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer SHARED_SECRET" // Your shared secret
  },
  body: JSON.stringify({
    account_id: "ACCOUNT_ID", // Your Released Account ID 
    user_email: "CURRENT_USER_EMAIL" // Email of the current authenticated user 
  }),
});

const json = await response.json();
console.log(json);

3. Pass the authentication token with the embed tag

Once you’ve generated the token, include it when embedding your portal:

<released-page auth-token="AUTH_TOKEN"></released-page>

Rotating your shared secret

If you need to rotate your shared secret:

Generate a new secret from the User verification section.
Update your server to use the new secret when generating tokens.
Ensure all requests are updated with new tokens.

Need Help?

If you run into issues, and we’ll help you get started.