Match Providers

Match Providers are first or third party data providers that facilitate a new user ID, given a known user ID. Matches enable the enrichment of the user’s profile graph, enabling the usage of his data across additional channels.

Match Providers can be added to the system using the User Interface. Head over to “Collect > Setup > Match Provider” to access the form bellow.

screen-shot-2016-11-14-at-13-13-52
The following fields are available:

    • Name: Name for the Match Provider.
    • Key: Identifier for the Match Provider.
    • Active: Enables/Disables receiving matches from this Match Provider.
    • Allow extra IFrame Activations: Enable performing data Activations on match requests to this Provider, replying to the match request with the appropriate HTML or Image tag as set in the Activation.
    • Encryption Key: When enabled, the new user ID parameter received is expected to be base64-encoded and encrypted using AES/ECB with the SHA256 hash of this Key as the secret. Using encryption, particularly when done server-side, ensures the user ID sent is unusable in the event of it being captured during transport.

Examples using transport encryption Key:

JavaScriptPHPJava
<script src="//cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/sha256.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/enc-base64-min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/mode-ecb-min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/pad-nopadding-min.js"></script>
<script type="text/javascript">
var EmailHash = {
 generate: function(email, secret) {
 var hash = CryptoJS.SHA256(email.trim().toLowerCase());
 var aesKey = CryptoJS.SHA256(secret);
 
 var encrypted = CryptoJS.AES.encrypt(
 hash, aesKey, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.NoPadding });
 
 var b64 = encrypted.ciphertext.toString(CryptoJS.enc.Base64);
 return b64.replace(/\+/g, '-')
 .replace(/\//g, '_')
 .replace(/=+$/, '');
 }
}
</script>
<?php
class Security {
 private static function encryptAES($input, $key) {
 $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $input, MCRYPT_MODE_ECB);
 return $data;
 }
 
 private static function base64url_encode($data) {
 return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
 }
 
 public static function encrypt($input, $key) {
 $hashValue = hash("sha256", strtolower(trim($input)), $raw_output = true);
 $aes256Key = hash("sha256", $key, $raw_output = true);
 $encryptedHashValue = Security::encryptAES($hashValue, $aes256Key);
 return Security::base64url_encode($encryptedHashValue);
 }
}
?>
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
public class EmailHash {
    public static String generate(String email, String secret) throws UnsupportedEncodingException,
                                                                      NoSuchAlgorithmException,
                                                                      NoSuchPaddingException,
                                                                      InvalidKeyException,
                                                                      IllegalBlockSizeException,
                                                                      BadPaddingException {
        byte[] hash = DigestUtils.sha256(email.trim().toLowerCase(Locale.US).getBytes("UTF-8"));
        byte[] key = DigestUtils.sha256(secret.getBytes("UTF-8"));
 
        BouncyCastleProvider provider = new BouncyCastleProvider();
        Cipher encryptor = Cipher.getInstance("AES/ECB/NoPadding", provider);
        SecretKeySpec skey = new SecretKeySpec(key, "AES/ECB/NoPadding");
        encryptor.init(Cipher.ENCRYPT_MODE, skey);
 
        byte[] encrypted = encryptor.doFinal(hash);
 
        return Base64.encodeBase64URLSafeString(encrypted);
    }
}