DocumentationSandbox Swagger
Home

Links hash

Securing respondent-level connection between Ipsos and sample supliers

Suggest Edits

Hash algorithm

As a security measure, Ipsos offers a link hash solution, designed to validate the source of respondent browser redirects and server to server calls.

The hash can be used to validate that

  • respondents reaching Ipsos platform are indeed selected and redirected from that source
  • end sessions calls(complete) from Ipsos to supplier are not tampered with to gain access to quick rewards

Ipsos API calls to supplier side postbacks & feasibility queries will contain a header that can be used to validate that the request is really from Ipsos or not. Your Ipsos contact should setup a “Source Key” shared secret that will be used to setup a HTTP “Authorization” header that will contain that value, or if requested the value will be “Bearer “ + Base64Encoding(SourceKey) instead.

To generate the hash we use SHA2-256 (see details here: https://en.wikipedia.org/wiki/SHA-2), using the algorithm:

📘

SHA-2(Url+secret_key)
* Note: there is no actual + between the url and supplier key**

For testing purposes, you can generate SHA-2 hashes online here: https://emn178.github.io/online-tools/sha256.html

For Ipsos survey entry links, each supplier can opt-in that we check the existence and validity of the parameter origin. Example:

📘

Entry link: https://enter.ipsosinteractive.com/landing/?p=rXCMiFMaS7PYtaTns%2fwPcHIXoHnjXcn1Q1Spjpd%2bm4dhmHagGpJfgVlWhrx%2bK6De8DIb0cJCK1nR181zW1PlwODwqcEsyDmjk5fRVpLdU3U%3d&id=myUniqueId

Secret_key: 3b24915f-a90d-4a95-b10f-cd532f03eb94

Entry link + Secret_key before hashing: https://enter.ipsosinteractive.com/landing/?p=rXCMiFMaS7PYtaTns%2fwPcHIXoHnjXcn1Q1Spjpd%2bm4dhmHagGpJfgVlWhrx%2bK6De8DIb0cJCK1nR181zW1PlwODwqcEsyDmjk5fRVpLdU3U%3d&id=myUniqueId3b24915f-a90d-4a95-b10f-cd532f03eb94

Final entry link: https://enter.ipsosinteractive.com/landing/?p=rXCMiFMaS7PYtaTns%2fwPcHIXoHnjXcn1Q1Spjpd%2bm4dhmHagGpJfgVlWhrx%2bK6De8DIb0cJCK1nR181zW1PlwODwqcEsyDmjk5fRVpLdU3U%3d&id=myUniqueId&origin=ba68d19050c36048cde0f7325dd666a6840664cde9a99aa3fff9fa41b0b16262

For session end redirects, Ipsos will add the parameter origin with the hash generated for all links. It's up to the supplier to check the validity of the hash
Example:

📘

Complete redirect: https://supplier.com?status=3&id=myUniqueId

Secret_key: 3b24915f-a90d-4a95-b10f-cd532f03eb94

Final complete redirect: https://supplier.com?status=3&id=myUniqueId&origin=e23c93cbd6ae0521cf0e8ef23b38341197fc4e7bf0a04255b869951632a83057

Updated about 3 years ago