Evergage can receive encrypted fields from a web server through the visitor's web browser so the visitor or the visitor’s browser cannot read the data. If user or account attributes are defined with the same names as the incoming fields, the values will be stored on the user or account, respectively. They can be used for segmentation and targeting of Evergage campaigns without exposing them to the end user.
This article will review how the process works, give an overview of the setup process, then explain each step in detail.
How the Process Works
Overview of the Setup Process
- Create API Token
- Enable Encrypted Fields in Evergage
- Add Evergage-provided encryption code to your web server to encrypt all custom fields you are sending to Evergage, as shown in the Usage Example included in the code
Create API Token
- Log into the Evergage Platform
- Select SETTINGS > API Tokens
- Click CREATE TOKEN
- Add Notes as needed
- Click OK to accept defaults and create the token
Enable Encrypted Fields in Evergage
- Still in Evergage SETTINGS, select Setup
- Expand Advanced Options
- Select Enable Encrypted Fields
Add the Evergage-Provided Encryption Code to Your Web Server
The Evergage-provided code will generate a unique, secure, random IV (Initialization Vector) for this encryption. It will use the API token (created above) as the encryption key, encrypt the field names and values using AES-128 CBC mode, and return the encrypted data as a single string of text.
- Under Encrypted Fields Generation Code, copy the code in the code block and paste it into a file named EncryptedFieldUtility.java
- Save the file
Call EncryptedFieldUtility.encrypt() as shown in the Usage Example to encrypt the fields to be sent
For instance, if you stored the encrypted data as window.myEncryptedFields, you would call:
- Click SAVE
This page has no comments.