{"id":23754,"date":"2022-09-07T09:26:23","date_gmt":"2022-09-07T09:26:23","guid":{"rendered":"https:\/\/refiner.io\/docs\/?post_type=knowledgebase&p=23754"},"modified":"2025-09-08T13:34:20","modified_gmt":"2025-09-08T13:34:20","slug":"identity-verification","status":"publish","type":"knowledgebase","link":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/","title":{"rendered":"Identity Verification"},"content":{"rendered":"\n\n\n

Introduction<\/h2>\n\n\n\n

Identity Verification is a security mechanism to protect your Refiner installation from malicious attacks from third parties. <\/p>\n\n\n\n

Enabling Identity Verification mitigates the risk of third parties impersonating other users or creating bogus user profiles. <\/p>\n\n\n\n

We highly recommend to enable Identify Verification in production environments.<\/p>\n\n\n\n

How it works<\/h2>\n\n\n\n

When Identify Verification is enabled on your Refiner environment, all communications between the your users and our servers need to be signed with a special hash token. <\/p>\n\n\n\n

The signature hash token is unique for each user and only you can calculate it using a secret API key.<\/p>\n\n\n\n

Communications without a user identifier and a corresponding valid signature will be rejected by our servers.<\/p>\n\n\n\n

As valid signature tokens can only be calculated by you, you are effectively preventing third parties from impersonating other users or creating bogus user profiles. <\/p>\n\n\n\n

Please note: Identify Verification can only be used if you can provide unique identifiers for each user. When enabled, our JavaScript SDK can’t be operated in Anonymous Mode<\/a> and all Survey Links<\/a> need to contain a user identifier.<\/em><\/p>\n\n\n\n

Enable Identity Verification<\/h2>\n\n\n\n

Go to SETTINGS > Identity Verification<\/strong> and enable the option for every survey channel where you want to enforce a verification check.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Compute the signature<\/h2>\n\n\n\n

The signature is a HMAC<\/a> computed using the SHA-256 hashing functions. The SHA-256 hashing function is natively supported by most programming languages. Below, we’ll list a couple of examples.<\/p>\n\n\n\n

Please make sure to replace the SECRET_KEY and the USER_ID in the examples below with the correct values. The SECRET_KEY is unique for each Refiner environment and can be find the environment settings as described above. The USER_ID is the one you’ll later use to identify your users using the identifyUser<\/a><\/em> method.<\/p>\n\n\n\n

Important:<\/strong> The secret key is … a secret<\/strong>! Do not include the key in your code repository or expose it in your frontend HTML code at any moment.<\/p>\n\n\n\n

\n

Node.js<\/strong><\/p>\n\n\n\n

import crypto from 'crypto'\n\nlet signature = crypto.createHmac('sha256', 'SECRET_KEY').update(USER_ID).digest('hex')<\/pre>\n\n\n\n
PHP<\/strong><\/p>\n\n\n\n
$signature = hash_hmac('sha256', $userId, 'SECRET_KEY')<\/pre>\n\n\n\n
Ruby<\/strong><\/p>\n\n\n\n
signature = OpenSSL::HMAC.hexdigest('sha256', 'SECRET_KEY', USER_ID)<\/pre>\n<\/div><\/div>\n\n\n\n
For testing purposes, you can keep Identity Verification in your Refiner settings disabled (see above). When disabled, Refiner will validate provided signatures, but also accept requests without a signature.<\/p>\n\n\n\n
Using the computed signature<\/h2>\n\n\n\n
JavaScript SDK<\/h3>\n\n\n\n
To pass the computed signature to the JavaScript SDK you can provide a second object to the identifyUser<\/em> method as shown in our client reference<\/a>.<\/p>\n\n\n\n
If you are using the Google Tag Manager<\/a> installation method, you can provide the signature as a user trait using “identify_verification_signature<\/em>” for the field identifier.<\/p>\n\n\n\n
Mobile SDK<\/h3>\n\n\n\n
To pass the computed signature to the Mobile SDK you can provide an additional parameter to the identifyUser<\/a><\/em> method. <\/p>\n\n\n\n
Please refer to our the reference for iOS<\/a>, Android<\/a> or React-Native<\/a> platform for detailed instructions.<\/p>\n\n\n\n
Survey Links<\/h3>\n\n\n\n
To pass the computed signature to Survey Links, you can provide it as a signature<\/em> URL parameter as described in our Survey Link Personalization<\/a> documentation.<\/p>\n","protected":false},"excerpt":{"rendered":"
Introduction Identity Verification is a security mechanism to protect your Refiner installation from malicious attacks from third parties. Enabling Identity Verification mitigates the risk of third parties impersonating other users or creating bogus user profiles. We highly recommend to enable Identify Verification in production environments. How it works When Identify Verification is enabled on your […]<\/p>\n
Read More…<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","template":"","knowledgebase_tag":[],"class_list":["post-23754","knowledgebase","type-knowledgebase","status-publish","hentry","knowledgebase_cat-data-index"],"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","ab-block-post-grid-landscape":"","ab-block-post-grid-square":"","gb-block-post-grid-landscape":"","gb-block-post-grid-square":""},"post_excerpt_stackable_v2":"
Introduction Identity Verification is a security mechanism to protect your Refiner installation from malicious attacks from third parties. Enabling Identity Verification mitigates the risk of third parties impersonating other users or creating bogus user profiles. We highly recommend to enable Identify Verification in production environments. How it works When Identify Verification is enabled on your Refiner environment, all communications between the your users and our servers need to be signed with a special hash token. The signature hash token is unique for each user and only you can calculate it using a secret API key. Communications without a user identifier…<\/p>\n","category_list_v2":"","author_info_v2":{"name":"Moritz Dausinger","url":"https:\/\/refiner.io\/docs\/author\/user\/"},"comments_num_v2":"0 comments","acf":[],"yoast_head":"\nIdentity Verification<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Identity Verification\" \/>\n<meta property=\"og:description\" content=\"Introduction Identity Verification is a security mechanism to protect your Refiner installation from malicious attacks from third parties. Enabling Identity Verification mitigates the risk of third parties impersonating other users or creating bogus user profiles. We highly recommend to enable Identify Verification in production environments. How it works When Identify Verification is enabled on your [...]Read More...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/\" \/>\n<meta property=\"og:site_name\" content=\"Refiner Documentation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-08T13:34:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48-1024x603.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/\",\"url\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/\",\"name\":\"Identity Verification\",\"isPartOf\":{\"@id\":\"https:\/\/refiner.io\/docs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48-1024x603.png\",\"datePublished\":\"2022-09-07T09:26:23+00:00\",\"dateModified\":\"2025-09-08T13:34:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage\",\"url\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48.png\",\"contentUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48.png\",\"width\":1297,\"height\":764},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/refiner.io\/docs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identity Verification\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/refiner.io\/docs\/#website\",\"url\":\"https:\/\/refiner.io\/docs\/\",\"name\":\"Refiner Documentation\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/refiner.io\/docs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/refiner.io\/docs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/refiner.io\/docs\/#organization\",\"name\":\"Refiner Documentation\",\"url\":\"https:\/\/refiner.io\/docs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png\",\"contentUrl\":\"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png\",\"width\":400,\"height\":61,\"caption\":\"Refiner Documentation\"},\"image\":{\"@id\":\"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Identity Verification","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/","og_locale":"en_US","og_type":"article","og_title":"Identity Verification","og_description":"Introduction Identity Verification is a security mechanism to protect your Refiner installation from malicious attacks from third parties. Enabling Identity Verification mitigates the risk of third parties impersonating other users or creating bogus user profiles. We highly recommend to enable Identify Verification in production environments. How it works When Identify Verification is enabled on your [...]Read More...","og_url":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/","og_site_name":"Refiner Documentation","article_modified_time":"2025-09-08T13:34:20+00:00","og_image":[{"url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48-1024x603.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/","url":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/","name":"Identity Verification","isPartOf":{"@id":"https:\/\/refiner.io\/docs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage"},"image":{"@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage"},"thumbnailUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48-1024x603.png","datePublished":"2022-09-07T09:26:23+00:00","dateModified":"2025-09-08T13:34:20+00:00","breadcrumb":{"@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#primaryimage","url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48.png","contentUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/10\/Screenshot-2022-10-05-at-15.01.48.png","width":1297,"height":764},{"@type":"BreadcrumbList","@id":"https:\/\/refiner.io\/docs\/kb\/data-index\/identity-verification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/refiner.io\/docs\/"},{"@type":"ListItem","position":2,"name":"Identity Verification"}]},{"@type":"WebSite","@id":"https:\/\/refiner.io\/docs\/#website","url":"https:\/\/refiner.io\/docs\/","name":"Refiner Documentation","description":"","publisher":{"@id":"https:\/\/refiner.io\/docs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/refiner.io\/docs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/refiner.io\/docs\/#organization","name":"Refiner Documentation","url":"https:\/\/refiner.io\/docs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/","url":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png","contentUrl":"https:\/\/refiner.io\/docs\/wp-content\/uploads\/2022\/11\/cropped-Group-8.png","width":400,"height":61,"caption":"Refiner Documentation"},"image":{"@id":"https:\/\/refiner.io\/docs\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/23754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase"}],"about":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/types\/knowledgebase"}],"author":[{"embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/comments?post=23754"}],"version-history":[{"count":27,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/23754\/revisions"}],"predecessor-version":[{"id":27587,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase\/23754\/revisions\/27587"}],"wp:attachment":[{"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/media?parent=23754"}],"wp:term":[{"taxonomy":"knowledgebase_tag","embeddable":true,"href":"https:\/\/refiner.io\/docs\/wp-json\/wp\/v2\/knowledgebase_tag?post=23754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}