Page tree

 

Contents

Evergage can receive encrypted fields from a web server through the visitor's web browser so the visitor or the visitor’s browser cannot read the data. If user or account attributes are defined with the same names as the incoming fields, the values will be stored on the user or account, respectively. They can be used for segmentation and targeting of Evergage campaigns without exposing them to the end user.

This article will review how the process works, give an overview of the setup process, then explain each step in detail.

How the Process Works

The web server encrypts the data with a shared secret API token and makes it available in the page as a Javascript variable. Evergage picks up the encrypted data and passes it along to the Evergage servers along with any other event data. Once the Evergage service receives the data, the fields are decrypted and can be used in the same ways as unencrypted fields. 

Overview of the Setup Process

  1. Create API Token
  2. Enable Encrypted Fields in Evergage
  3. Add Evergage-provided encryption code to your web server to encrypt all custom fields you are sending to Evergage, as shown in the Usage Example included in the code
  4. Store the encrypted data in the page as a JavaScript variable so that Evergage can access it
  5. Modify the Evergage Site-Wide Javascript to call Evergage.setEncryptedFields(), providing the encrypted data

Create API Token

  1. Log into the Evergage Platform
  2. Select SETTINGS > API Tokens
  3. Click CREATE TOKEN
  4. Add Notes as needed
  5. Click OK to accept defaults and create the token 

 

 

Enable Encrypted Fields in Evergage

  1. Still in Evergage SETTINGS, select Setup
  2. Expand Advanced Options
  3. Select Enable Encrypted Fields

 

Add the Evergage-Provided Encryption Code to Your Web Server

The Evergage-provided code will generate a unique, secure, random IV (Initialization Vector) for this encryption. It will use the API token (created above) as the encryption key, encrypt the field names and values using AES-128 CBC mode, and return the encrypted data as a single string of text.

  1. Still in SETTINGS, select JavaScript
  2. Under Encrypted Fields Generation Code, copy the code in the code block and paste it into a file named EncryptedFieldUtility.java
  3. Save the file
  4. Call EncryptedFieldUtility.encrypt() as shown in the Usage Example to encrypt the fields to be sent

 


Modify Site-Wide JavaScript

  1. Still in Evergage SETTINGS, select Site-Wide JavaScript
  2. Call Evergage.setEncryptedFields() 

    Example

    For instance, if you stored the encrypted data as window.myEncryptedFields, you would call:

  3. Click SAVE

 

 

  • No labels

This page has no comments.