Securing Your HasOffers Platform Integration

Your integration may need to take actions on behalf of a HasOffers network account in order to fulfill its purpose. To do so securely, you can validate that a network user is logged into the HasOffers application.

For integrators, this can be done on a HasOffers custom page or an external integration page.

Securing Your Integration

HasOffers uses a combination of the <nonce> macro and the getUser method to provide your integration with a token and validate it for your user. A nonce is a single use, 36 character UUID token with a 60 second lifespan.

Step 1: Generate a Nonce

To generate a nonce, include the <nonce> macro in your HasOffers custom page code or external integration page URL. HasOffers replaces this macro with a 36 character UUID when the custom page is rendered. This UUID (nonce) has a 60 second lifespan, so it must be validated quickly.

Step 2: Validate the User

Once you have received the nonce, it must be validated within 60 seconds or it will expire. To validate the nonce, your code must call the getUser method. In this call, include the nonce, your IntegratorId, and your Integrator API access token in the "Authorization" header.

For example, a getUser call in Python could look like this:

url = "https://integrator-api.hasoffers.com/getUser/?IntegratorId={}&nonce={}".format(integrator_id, nonce)

headers = {}
headers['Authorization'] = "Bearer TOKENSTRING"

req = urllib.request.Request(url, headers = headers)
resp = urllib.request.urlopen(req)
respData = resp.read()

On successful validation, the Integrator API returns user information and expires the nonce token.

Have a Question? Please contact support@tune.com for technical support.