It is possible to protect a page with Opticks by redirecting traffic to the Opticks platform before displaying the protected page. This integration method has advantages over an OpticksJS integration and the Opticks Firewall integration.
Overview
When traffic arrives to a protected page, the customer must determine whether Opticks has analyzed the visit prior to displaying the page. If the traffic has already been analyzed, the page can be displayed. If the traffic has not been analyzed, the visitor should be redirected to Opticks.
In order to determine whether Opticks has analyzed the visit, the customer should examine the OPT data. The name of the URL parameter containing the OPT data is defined by the customer. If the OPT data is valid, the Opticks analysis was successful and the protected page can be shown. If the OPT data does not exist, the visitor should be redirected to Opticks. If the OPT data exists but is invalid, it could be an indication that a malicious visit is occuring.
Redirecting to Opticks
If the OPT data is empty, the visit should be redirected to the following endpoint:
https://{custom_domain}/g/{campaign_hash}?next_url={abc}&hmac={...}&external_id={xyz}&subpublisher_id={...}&var1={...}&var2={...}&var3={...}
| Field | Type | Description |
|---|---|---|
| campaign_hash | mandatory. | The Opticks Campaign id. This field will determine which security options are in force and split the data by Campaign in the Opticks Back Office. |
| next_url | mandatory and important, please read description | The url-encoded destination of the visit after Opticks has analyzed the visit. E.g. http://merchantdomain.com/protectedpage.html?all=x&your=y¶ms=z…N.B. The next_url must include parameters to tell the Opticks platform where to place the OPT data and the Opticks click_id. E.g. http://merchantdomain.com/protectedpage.html?all=x&your=y¶ms=z&clickid={click_id}&opt={OPT}&opt-hmac={OPT-HMAC}.In this case, Opticks will place the analysis info into the opt parameter, the hmac into the opt-hmac parameter, and the click id in the clickid parameter.If there is no next_url parameter, Opticks will redirect the visitor to whichever offer is associated with the campaign hash. |
| fallback_url | optional | The url-encoded destination for traffic which is blocked by your campaign security settings. If you omit this parameter, Opticks will send filtered traffic to the fallback URL configured in the Opticks Back Office. If there is no fallback URL in the dashboard and no fallback_url parameter, all traffic will be sent to the next_url |
| hmac | mandatory | The HMAC-SHA-256 cryptographic hash function of the concatenated campaign_hash, next_url and fallback_url in combination with your secret encryption key. This hmac should be in Base64 and URL sanitized.To sanitize the Base64 string, perform the following replacements: replace / with _, + with -, and remove any =.For example, if your secret key is 1234567812345678, the campaign_hash is 43f47, the next_url is https://www.example.com, and the fallback_url is https://adnetwork.com, the hmac value (in Base64 and URL encoded)would be: RtMcnAnnCfBP4L2F5QhkC5azmK_UtBCrL60ay2UVo0U.See https://www.liavaag.org/English/SHA-Generator/HMAC/ and http://php.net/manual/en/function.hash-hmac.php for examples. |
After Opticks has analyzed the visit, it will redirect the traffic to whichever url is in the next_url parameter (using the example above):
http://merchantdomain.com/protectedpage.html
?all=x&your=y¶ms=z
&clickid=track_202030055_3453fwfwf_fweew34
&opt=urlencodedBase64EncryptedData
&opt-hmac=urlencodedBase64EncryptedData
The OPT and OPT-HMAC data
See the JSON Payload and Encryption section for more details.
Example PHP implementation
https://gist.github.com/Opticks-io/232e3bdf93f12f17fe4021a4ea2884e6#file-bouncerpage-php
Advantages
- No need to change partner URLs
- No risk of fraud occurring before Javascript executes
Disadvantages
- Some server side coding required.
- More redirects than the other integration options
Comments
0 comments
Please sign in to leave a comment.