Identity verification helps to make sure that your customers data are kept private and that one customer can't impersonate another. We require all PuBilling customers set up identity verification.
To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and send it to PuBilling.
Your code to generate an HMAC for your app is:
OpenSSL::HMAC.hexdigest('sha256', # hash function'YOUR_SECRET_KEY', # secret key (keep safe!)customer_id.to_s + account_id # customer id + your account id)
import hmacimport hashlibhmac.new('YOUR_SECRET_KEY', # secret key (keep safe!)request.customer.id + pubilling_account_id , # customer's id + your account iddigestmod=hashlib.sha256 # hash function).hexdigest()
Everywhere that you load user data and have a
window.pubillingSettings code snippet, add a new attribute called
account_hash and assign the HMAC code for the logged-in customer to it:
Log into your web app or site as a user, and then refresh any page with the PuBilling embeddable installed.
The purpose of identity verification is to verify that your users are who they claim to be. It works by using a server side generated HMAC (hash based message authentication code), using SHA256, on customer id. PuBilling will not accept any requests for a logged-in customer without a valid HMAC.
In the interest of protecting your users’ data, we enables identity verification for everyone. This helps prevent third parties from performing malicious actions.