Identity HMAC Verification (SHA256)
Enabling identity verification means Aptrinsic will use HMAC id so we can have a secured way to validate that a logged in user doesn't try to impersonate as another user - this feature should be set via account product settings. The purpose of identity verification is to verify that your users are who they claim to be. It works by using a server side generated HMAC (hash based message authentication code), using SHA256, on either your user’s email or user_id. Once identity verification is enabled, We will not accept any requests for a logged-in user without a valid HMAC.
Enabling Identity verification under account settings:
One your server side has implemented identity verification using the hash key you can enable it under account settings.
Passing the user hash in the identify call:
"id": "unique-user-id", // Required for logged in app users
"signUpDate": 1522697426479, //unix time in ms
"userHash": "" // optional transient for HMAC identification
"name":"International Business Machine"