Guides

Encrypted Uuid Integration Method

Suggest Edits

The Encrypted UUID Integration Method enables secure access to Featured Offers through an AES-128-CBC encryption system. This authentication flow operates independently from the code validation system, providing an additional layer of security for promotional microsites.

Prerequisites

  • 16-byte encryption key for AES-128-CBC encryption.
  • A campaign slug for the Featured Offer product.

Steps to Implement

  1. Set Up Encryption Environment
javascript  
import crypto from "crypto";

const encryptionKey = "ENCRYPTION-KEY"; // Replace with your 16-byte key
const keyBuffer = Buffer.from(encryptionKey, "utf8");
  1. Create Encryption Function
javascript  
function generateEncryptedData(data) {
  const { campaign_slug, user_id } = data;

  // Generate a random IV (16 bytes)
  const iv = crypto.randomBytes(16);

  // Create the cipher instance
  const cipher = crypto.createCipheriv("aes-128-cbc", keyBuffer, iv);

  // Prepare the plaintext to encrypt (JSON string)
  const plaintext = JSON.stringify({ campaign_slug, user_id });

  // Encrypt the plaintext
  let encrypted = cipher.update(plaintext, "utf8", "base64");
  encrypted += cipher.final("base64");

  // Base64URL encode the IV and payload
  const ivEncoded = iv
    .toString("base64")
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=/g, "");
  const payloadEncoded = encrypted
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=/g, "");

  return { iv: ivEncoded, payload: payloadEncoded };
}
  1. Implement URL Generation
javascript

function generateFullUrl(baseUrl, encryptedData) {
  const { iv, payload } = encryptedData;
  return `${baseUrl}?iv=${iv}&payload=${payload}`;
}

const data = { campaign_slug: "<campaign_slug>", user_id: "<user_id>" };
const baseUrl =
  "<https://featured-offer.entertainment.com>";

const encryptedData = generateEncryptedData(data);
const fullUrl = generateFullUrl(baseUrl, encryptedData);

Key Considerations

  1. Generate a new random IV for each encryption operation.
  2. Ensure proper URL encoding of all query parameters (iv and payload).

Example Workflow

  1. Prepare the user data: Include the campaign_slug and user_id to be encrypted.
  2. Generate a unique IV: Use a 16-byte IV for encryption.
  3. Encrypt the data: Use AES-128-CBC encryption to secure the data.
  4. Base64URL encode the IV and payload: Ensure both are URL-safe.
  5. Generate the URL: Use the format https://[base-url]/?iv=[encoded_iv]&payload=[encoded_payload].
  6. Route the user to the URL: Redirect the user to the generated URL when they confirm participation in the campaign.

Best Practices

  • Store encryption keys securely and never expose them in code repositories or to a front-end client.

Updated 5 months ago