Skip to end of metadata
Go to start of metadata

Evergage can receive encrypted fields from a web server through the visitor's web browser so the visitor or the visitor’s browser cannot read the data. If user or account attributes are defined with the same names as the incoming fields, the values will be stored on the user or account, respectively. They can be used for segmentation and targeting of Evergage campaigns without exposing them to the end user.

This Article Explains

This section details how the process of sending data works, give an overview of the setup process, then explain each step in detail.

Sections in this Article

How the Process Works

The web server encrypts the data with a shared secret API token and makes it available in the page as a Javascript variable. Evergage picks up the encrypted data and passes it along to the Evergage servers along with any other event data. Once the Evergage service receives the data, the fields are decrypted and can be used in the same ways as unencrypted fields. 

Overview of the Setup Process

  1. Create API Token
  2. Enable Encrypted Fields in Evergage
  3. Add Evergage-provided encryption code to your web server to encrypt all custom fields you are sending to Evergage, as shown in the Usage Example included in the code
  4. Store the encrypted data in the page as a JavaScript variable so that Evergage can access it
  5. Modify the Evergage Site-Wide Javascript to call Evergage.setEncryptedFields(), providing the encrypted data

Create API Token

  1. Log into the Evergage Platform
  2. Select Security > API Tokens
  4. Add Notes as needed
  5. Click OK to accept defaults and create the token 



Enable Encrypted Fields in Evergage

  1. Select SettingsGeneral Setup
  2. Expand Advanced Options
  3. Select Enable Encrypted Fields


Add the Evergage-Provided Encryption Code to Your Web Server

The Evergage-provided code will generate a unique, secure, random IV (Initialization Vector) for this encryption. It will use the API token (created above) as the encryption key, encrypt the field names and values using AES-128 CBC mode, and return the encrypted data as a single string of text.

  1. In Channels & Campaigns, select WebJavascript Integration
  2. Under Encrypted Fields Generation Code, copy the code in the code block and paste it into a file named
  3. Save the file
  4. Call EncryptedFieldUtility.encrypt() as shown in the Usage Example to encrypt the fields to be sent


Modify Site-Wide JavaScript

  1. Still in Channels & Campaigns > Web, select Site-Wide JavaScript
  2. Call Evergage.setEncryptedFields() 


    For instance, if you stored the encrypted data as window.myEncryptedFields, you would call:

  3. Click SAVE