User Email Address
This section contains tutorials on encryption and decryption of email address.
Introduction
Depending upon your use case, you may either send email address in the request or receive it in the response. In both the cases your API key needs email address access enabled.
Please contact Bazaarvoice support to enable email access on your API Key.
- Client needs to pass encrypted user email address in the request. Please refer to Encrypting Email Address tutorial.
- Email address returned by Bazaarvoice is always encrypted. Please refer to Decrypting Email Address tutorial.
Security recommendations
- Do not request to enable User Email Address access when not required.
- Do not use email addresses enabled key for any display purposes.
- Avoid decryption logic at client side.
Email encryption details
AES is an NIST and US government approved standard for encrypting sensitive data based on the Rijndael algorithm. AES is a symmetrical algorithm (meaning it can be reversed using a shared key), offers a 128-bit block encryption and supports a shared key size of 128, 192, or 256 bits. It is also royalty free and supported by most major programming platforms.
Algorithm | AES |
---|---|
Key size | 128 bit |
Mode | ECB |
Padding | PKCS5/PKCS7 |
Updated 9 months ago