Terminologies

Widget code

Widget Code is part of the URL which is used to identify your program and it is public.

This key will be available on your brand's Scripts page.

Project Key

This is the Secret Key which you will be using to encrypt the data (during hmac generation) which you are sending from your Server to Thrive Server.
This key will be available on your brand's Scripts page.
Note: This key should not be exposed to the outside world.

HMAC

Hmac generation

Hmac is way to authenticate / digitally sign the customer details based on the key exposed in your console. The logic behind the signing mechanism is to find the hash of the customerid and emailid with the project key as the the key with which the hash is computed. Then when sent to the thrive system, will again be validated in the same fashion. 

This way, we can mitigate any tampering of data which results in fraudalent transactions.

Hmac should be computed in the server side and should be sent along with campaign optin request.

Hmac can be generated as follows

Node JSRubyPHP
Copiedconst crypto = require("crypto")
let email_id="peter.prescott@zylker.com" // email address of the member.
let customer_id = "bfuyw3fiub3289uij"
let digestRaw = email_id+customer_id
let algorithm = "sha256"
let secret = "e46788a75fe6a876ba83a3892cfd201f"; // Project key
let hmacDigest = crypto.createHmac(algorithm, secret).update(digestRaw).digest("hex")
Copiedrequire 'base64'
require 'openssl'

email_id="peter.prescott@zylker.com"
customer_id="bfuyw3fiub3289uij"
digestRaw= email_id+customer_id;

algorithm = OpenSSL::Digest.new('sha256')
secret = 'e46788a75fe6a876ba83a3892cfd201f'
hmacDigest = OpenSSL::HMAC.hexdigest(algorithm, secret, digestRaw)
Copied$email_id = "peter.prescott@zylker.com";
$customer_id="bfuyw3fiub3289uij"​;
$digestRaw= $email_id.$customer_id;
$algorithm = 'sha256';
$secret = 'e46788a75fe6a876ba83a3892cfd201f';
$hmacDigest = hash_hmac($algorithm, $digestRaw, $secret);