It is possible to protect a page with Opticks by redirecting traffic to the Opticks platform before displaying the protected page. This integration method has advantages over an OpticksJS integration and the Opticks Firewall integration.
When traffic arrives to a protected page, the customer must determine whether Opticks has analyzed the visit prior to displaying the page. If the traffic has already been analyzed, the page can be displayed. If the traffic has not been analyzed, the visitor should be redirected to Opticks.
In order to determine whether Opticks has analyzed the visit, the customer should examine the OPT data. The name of the URL parameter containing the OPT data is defined by the customer. If the OPT data is valid, the Opticks analysis was successful and the protected page can be shown. If the OPT data does not exist, the visitor should be redirected to Opticks. If the OPT data exists but is invalid, it could be an indication that a malicious visit is occuring.
If the OPT data is empty, the visit should be redirected to the following endpoint:
|The Opticks Campaign id. This field will determine which security options are in force and split the data by Campaign in the Opticks Back Office.
|mandatory and important, please read description
|The url-encoded destination of the visit after Opticks has analyzed the visit. E.g.
N.B. The next_url must include parameters to tell the Opticks platform where to place the OPT data and the Opticks click_id. E.g.
In this case, Opticks will place the analysis info into the
opt parameter, the hmac into the
opt-hmac parameter, and the click id in the
If there is no
next_url parameter, Opticks will redirect the visitor to whichever offer is associated with the campaign hash.
|The url-encoded destination for traffic which is blocked by your campaign security settings. If you omit this parameter, Opticks will send filtered traffic to the fallback URL configured in the Opticks Back Office. If there is no fallback URL in the dashboard and no
fallback_url parameter, all traffic will be sent to the
|The HMAC-SHA-256 cryptographic hash function of the concatenated
fallback_url in combination with your secret encryption key. This hmac should be in Base64 and URL sanitized.
To sanitize the Base64 string, perform the following replacements: replace
-, and remove any
For example, if your secret key is
1234567812345678, the campaign_hash is
https://www.example.com, and the
hmac value (in Base64 and URL encoded)
See https://www.liavaag.org/English/SHA-Generator/HMAC/ and http://php.net/manual/en/function.hash-hmac.php for examples.
After Opticks has analyzed the visit, it will redirect the traffic to whichever url is in the next_url parameter (using the example above):
Ask our team for the documentation to decode the payload in the "data" and "hmac" parameters if you need to do so.
- No need to change partner URLs
- Some server side coding required.
- More redirects than the other integration options