Securing Your HasOffers Platform Integration

Your integration may need to take actions on behalf of a HasOffers network account in order to fulfill its purpose. To do so securely, you can validate that a network user is logged into the HasOffers application.

For integrators, this can be done on a HasOffers custom page or an external integration page.

Securing Your Integration

HasOffers uses a combination of the <nonce> macro and the getUser method to provide your integration with a nonce token and validate it for your user. A nonce token is a single use, 36 character UUID token with a 60 second lifespan.

Step 1: Generate a Nonce Token

To generate a nonce token, include the <nonce> macro in your HasOffers custom page code or external integration page URL. HasOffers replaces this macro with a nonce token when the custom page is rendered. The returned nonce token must be used for validation within its 60 second lifespan.

Step 2: Validate the User

To validate the user, call the getUser method and include the nonce token and your integrator ID in the "nonce" and "IntegratorId" query string parameters. As with any call to the Integrator API, include your Integrator API access token in the "Authorization" header.

Here's an example of user validation in Python:

url = "https://integrator-api.hasoffers.com/getUser/?IntegratorId={}&nonce={}".format(integrator_id, nonce)

headers = {}
headers['Authorization'] = "Bearer TOKENSTRING"

req = urllib.request.Request(url, headers = headers)
resp = urllib.request.urlopen(req)
respData = resp.read()

On successful validation, the Integrator API expires the nonce token and returns basic user information:

{
  "user_id": "10",
  "user_network": "BestNetwork",
  "user_type": "employee"
}
Have a Question? Please contact [email protected] for technical support.