InAuth - Device Fingerprinting

This tutorial demonstrates how to create and submit device fingerprint information to InAuth as part of submitting user-generated content to Bazaarvoice using the Conversations API.

❗️

InAuth is no longer supported for new integrations. Developers implementing device fingerprinting for the first time should use iovation.

🚧

Bazaarvoice clients and partners only. All others should refer to InAuth for documentation.

Introduction

Mass advertising campaigns, trolling, and attempts at automated content submission are all sources of inauthentic content. To combat them Bazaarvoice has partnered with InAuth, an industry leader in device reputation technology.

InAuth InBrowser™

InAuth's InBrowser™ is a JavaScript based solution that generates an encoded device fingerprint string containing information about the end-user's computing device such as OS, browser, etc (no PII is exchanged or maintained). This device fingerprint is used in conjunction with sophisticated algorithms allowing Bazaarvoice to identify, flag, and report suspicious content. Without this information our fraud detection technology will not be able to identify submissions as authentic consumer generated content.

🚧

Per the Bazaarvoice Authenticity Policy, you must send a device fingerprint attached to each submission. If you fail to send a device fingerprint with your submission, Bazaarvoice may take any action deemed necessary in Bazaarvoice’s sole discretion to protect the integrity of the network. Such actions may include but are not limited to: rejection of your content, halting syndication of your content on the Bazaarvoice network, revocation of your API key, or revocation of your API license.

Content types

Device fingerprinting with InAuth is available for the following content types.

  • Review
  • Review Comment
  • Question
  • Answer

Walk-through

Overview

InAuth uses JavaScript to generate and submit the device fingerprint. The fingerprint will be associated with content using a Bazaarvoice submission ID. The Conversations API returns a submission ID in response to a successful submission. Consequently you will need to submit to Bazaarvoice and get a success response before submitting the device fingerprint to InAuth. This process is described step-by-step below.

  1. Submit content to Bazaarvoice.
  2. Configure and load InAuth's collector code JavaScript.
  3. Submit device fingerprint to InAuth and load thank you message.

Steps

1. Submit content to Bazaarvoice

The process begins with a submission to Bazaarvoice using the Conversations API. Refer to Submission Fundamentals for more information on the submission process.

A successful POST to Bazaarvoice will result in a response containing a submission ID value. The submission ID is used to associate the InAuth device fingerprint with the content submission.

The following example demonstrates a response to a successful submission:

    {
       "Data":{},
       "HasErrors":false,
       "Form":[],
       "FormErrors":{},
       "TypicalHoursToPost":72,
       "SubmissionId":"3bjfuudsrjt516vitpvwnqrli",
       "Review":{
         "SendEmailAlertWhenPublished":false,
         "SendEmailAlertWhenCommented":false,
         "SubmissionTime":"2011-11-16T13:51:01.196-00:00",
         "Rating":5,
         "IsRecommended":false,
         "ReviewText":"Duis mollis et metus sed blandit. Duis nibh orci, imperdiet eget sapien dapibus, lobortis suscipit nisl. Etiam scelerisque mi vitae euismod euismod.",
         "TypicalHoursToPost":null,
         "Id":null,
         "SubmissionId":null,
         "Title":"Lorem ipsum dolor sit amet, consectetur adipiscing elit."
       },
       "Locale":"en_US",
       "Errors":[]
    }

If you perform the submission from your server, then your server should pass the submissionId value, line #7 above, back to your web app in order to complete the following steps.


2. Configure and load InAuth's collector code JavaScript

The next step, assuming the submission was successful, is to configure InAuth's collector code JavaScript. This enables data collection, sets up the transport of data back to InAuth, and creates the device fingerprint. The example code below demonstrates how to configure and load InAuth's collector code:

🚧

The configuration parameters below must be used exactly as they appear, with the exception of _BV_SUBMISSION_ID_ and _TIME_STAMP_ which you will update with the appropriate values as described in this section.

<script type=text/javasript>
// Configurations must be on page before cc.js
window._cc = window._cc || [];
window._cc.push(['ci', {'sid': '54b684cc-4b18-4193-be5f-9548d46cabaa'}]);
window._cc.push(['cf', 1022963]);
window._cc.push(['run', ('https:' == document.location.protocol ? 'https://' : 'http://') + 'uk.cdn-net.com']);
window._cc.push(['ci', {'tid': '_BV_SUBMISSION_ID_'}]);
</script>

<!-- Load cc.js from uk.cdn-net.com. MUST NOT BE SAVED LOCALLY -->
<script async="true" src="https://uk.cdn-net.com/cc.js?ts=_TIME_STAMP_"></script>

You must make the following modifications to the example above:

  • Lines 7: Replace the token _BV_SUBMISSION_ID_ with the submissionId value from step 1.
  • Line 11: Replace the token _TIME_STAMP_ with a time stamp in Unix time format

This code should be placed as early as possible in the page, such as in the <head>, with other important assets. This will ensure the least amount time from page load to device fingerprint creation.

📘

You may load cc.js using JavaScript instead using a static script tag. Refer to Load InAuth cc.js with JavaScript in the Appendix for more details.


3. Submit device fingerprint to InAuth and load thank you message

After a successful submission to Bazaarvoice you will be able to complete the process by submitting the device fingerprint, with submission ID, to InAuth. When the device fingerprint submission is finished InAuth will execute your callback function, loading your thank you message communicating to the author that it is safe to navigate away from the submission process.

The following example shows how to trigger the submission to InAuth:

<!-- TODO: your thank you message HTML -->

<script type="text/javasript">
    // InAuth collector code will execute callback function when
    // device fingerprint has been successfully captured.
    window._cc.push(["csd", function() {
        // TODO: Your code to load your thank you message.
    }]);
</script>

In the example above you must make the following modifications:

  • Line 1: The first line of the example contains a TODO indicating that you should display a thank you message to the author.
  • Line 7: Within the callback function is a TODO indicating where you must implement the code necessary to display a thank you message.

This collector code should be placed after your thank you message HTML is available to be manipulated with JavaScript.

📘

InAuth also supports an option for users without JavaScript. Refer to Noscript support in the Appendix for more details.


Complete example

The following code sample shows all components of the InAuth JavaScript implemented in the context of a single HTML page.

<html lang="en">
    <head>
        <title>Thank you page example</title>

        <script type="text/javascript":>
            // Configurations must be on page before cc.js
            window._cc = window._cc || [];
            window._cc.push(['ci', {'sid': '54b684cc-4b18-4193-be5f-9548d46cabaa'}]);
            window._cc.push(['cf', 1022963]);
            window._cc.push(['run', ('https:' == document.location.protocol ? 'https://' : 'http://') + 'uk.cdn-net.com']);
            window._cc.push(['ci', {'tid': '_BV_SUBMISSION_ID_'}]);
        </script>

        <!-- Load cc.js from uk.cdn-net.com. MUST NOT BE SAVED LOCALLY -->
        <script async="true" src="https://uk.cdn-net.com/cc.js?ts=_TIME_STAMP_"></script>
    </head>
    <body>
        <h1>Thank you page example</h1>

        <!-- TODO: Your thank you message HTML-->

        <script type="text/javascript">
            // InAuth collector code will execute callback function when
            // device fingerprint has been successfully captured.
            window._cc.push(["csd", function() {
                // TODO: Your code to load your thank you message.
            }]);
        </script>
    </body>
</html>

Appendix

Load InAuth cc.js with JavaScript

The following code can be used to dynamically create the <script> tag used to load cc.js:

// Load cc.js from uk.cdn-net.com. MUST NOT BE SAVED LOCALLY
var collectorScript = document.createElement('script');
collectorScript.type = 'text/javascript';
collectorScript.async = true;
collectorScript.src = 'https://uk.cdn-net.com/cc.js?ts=' + (new Date()).getTime();
var anyScript = document.getElementsByTagName('script')[0];
anyScript.parentNode.insertBefore(collectorScript, anyScript);

Use the snipped above to replace the following:

<!-- Load cc.js from uk.cdn-net.com. MUST NOT BE SAVED LOCALLY -->
<script async="true" src="https://uk.cdn-net.com/cc.js?ts=_TIME_STAMP_"></script>

This technique is useful if you are unable to generate a timestamp on the server side.

Noscript support

Include the following <noscript> element in your page to support devices without JavaScript. This can be placed anywhere in the <body> of your thank you page.

    <noscript>
        <img src="https://uk.cdn-net.com/s1.gif?sid=54b684cc-4b18-4193-be5f-9548d46cabaa&tid=_BV_SUBMISSION_ID_">
    </noscript>

In the example above you must make the following modifications:

  • Lines 2: Replace the token _BV_SUBMISSION_ID_ with the submissionId value from step 1.