Secure Identity (Authentication)

NanoLog allows you to cryptographically secure the identity of the users interacting with your widget. This prevents malicious actors from spoofing user identities to manipulate votes or submit fake feedback under another user's name.

How It Works

Secure Identity uses an HMAC SHA-256 signature. You generate this signature on your backend server using your NanoLog HMAC Secret (found in your Project Settings) and the user's unique identifier.

You then pass this signature to the frontend widget during initialization. NanoLog will verify the signature before accepting any votes or feedback from that user.

Implementation Steps

1. Enable Secure Identity

In your NanoLog Dashboard, navigate to your Project Settings and toggle Require Secure Identity (HMAC). You will be provided with an HMAC Secret. Keep this secret safe on your backend; never expose it in your frontend code.

2. Generate the Signature (Backend)

When generating the page for your logged-in user, create an HMAC SHA-256 hash using your NanoLog HMAC Secret and the user's unique ID.

Example (Node.js):

const crypto = require('crypto');

const hmacSecret = 'your-nanolog-hmac-secret';
const userId = 'user_12345'; // The ID of the currently logged-in user

const signature = crypto
  .createHmac('sha256', hmacSecret)
  .update(userId)
  .digest('hex');

3. Pass the Signature to the Widget (Frontend)

When initializing the NanoLog widget, provide the signature alongside the context object. Make sure the user ID inside the context matches the ID you used to generate the signature.

Example (Frontend):

<script>
  window.NanoLog.init({
    appId: 'your-app-id',
    signature: 'the-generated-signature-from-your-backend',
    context: {
      userId: 'user_12345', // Must match the ID signed on the backend
      plan: 'pro'
    }
  });
</script>

Note: The key you use for the user ID in the context (e.g., userId) must match the Unique User ID Key you configured in your Project Settings.