Links hash
Securing respondent-level connection between Ipsos and sample suppliers
Hash algorithm
As a security measure, Ipsos offers a link hash solution, designed to validate the source of respondent browser redirects and server to server calls.
The hash can be used to validate that
- respondents reaching Ipsos platform are indeed selected and redirected from that source
- end sessions calls(complete) from Ipsos to supplier are not tampered with to gain access to quick rewards
Ipsos API calls to supplier side postbacks & feasibility queries will contain a header that can be used to validate that the request is really from Ipsos or not. Your Ipsos contact should setup a “Source Key” shared secret that will be used to setup a HTTP “Authorization” header that will contain that value, or if requested the value will be “Bearer “ + Base64Encoding(SourceKey) instead.
To generate the hash we use SHA2-256 (see details here: https://en.wikipedia.org/wiki/SHA-2), using the algorithm:
SHA-2(Url+secret_key)
* Note: there is no actual + between the url and supplier key**
For testing purposes, you can generate SHA-2 hashes online here: https://emn178.github.io/online-tools/sha256.html
For Ipsos survey entry links, each supplier can opt-in that we check the existence and validity of the parameter origin. Example:
Secret_key: 3b24915f-a90d-4a95-b10f-cd532f03eb94
Entry link + Secret_key before hashing: https://enter.ipsosinteractive.com/landing/?p=rXCMiFMaS7PYtaTns%2fwPcHIXoHnjXcn1Q1Spjpd%2bm4dhmHagGpJfgVlWhrx%2bK6De8DIb0cJCK1nR181zW1PlwODwqcEsyDmjk5fRVpLdU3U%3d&id=myUniqueId3b24915f-a90d-4a95-b10f-cd532f03eb94
For session end redirects, Ipsos will add the parameter origin with the hash generated for all links. It's up to the supplier to check the validity of the hash
Example:
Complete redirect: https://supplier.com?status=3&id=myUniqueId
Secret_key: 3b24915f-a90d-4a95-b10f-cd532f03eb94
Final complete redirect: https://supplier.com?status=3&id=myUniqueId&origin=e23c93cbd6ae0521cf0e8ef23b38341197fc4e7bf0a04255b869951632a83057
Updated about 2 months ago