Security
You can enable enhanced security for the editor by enforcing identity verification. Identity verification prevents third parties from impersonating your logged-in users and using the Unlayer editor. We strongly recommend that you enforce identity verification.
Setup Identity Verification
To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and send it to Unlayer.
In order to enable this, you must send us a user
object which contains a unique ID for the user, and a generated HMAC signature.
unlayer.init({
user: {
id: 1,
signature: 'XXX',
name: 'John Doe', // optional
email: '[email protected]' // optional
}
})
Generate Signature
You can generate the HMAC signature
on your server using the following code:
Project Secret
Keep your secret key safe! Never commit it directly to your repository, client-side code, or anywhere a third party can find it.
const crypto = require('crypto');
const signature = crypto
.createHmac("sha256", "[PROJECT-SECRET]") // secret key (keep safe!)
.update("[USER-ID]")
.digest("hex");
require 'openssl'
OpenSSL::HMAC.hexdigest(
'sha256', # hash function
'[PROJECT-SECRET]', # secret key (keep safe!)
'[USER-ID]' # user's id
)
hash_hmac(
'sha256', // hash function
$user->id, // user's id
'[PROJECT-SECRET]' // secret key (keep safe!)
);
import hmac
import hashlib
hmac.new(
b'[PROJECT-SECRET]', # secret key (keep safe!)
bytes(request.user.id, encoding='utf-8'), # user's id
digestmod=hashlib.sha256 # hash function
).hexdigest()
You can get your project secret from project settings in the Unlayer dashboard.
Updated over 2 years ago