User Data Hashing

To ensure the privacy and security of user data, the Humance SDK includes built-in hashing for sensitive information like user emails. This page explains how the SDK manages user data securely and provides guidance on using the allowPersonalization parameter to control whether requests include personalized data or default, non-personalized responses.

User Data Hashing

  1. Built-in SHA-256 Hashing:

    • The SDK automatically hash user emails into user_hash using the SHA-256 algorithm on the partner's side, before providing data to Humance API.

    • The user_hash is generated locally within the partner’s app and included in API requests as needed.

  2. Purpose of user_hash:

    • The user_hash is used to identify users across multiple API requests, including:

      • Fetching supported projects and their stories.

      • Creating new transactions.

      • Recording user interactions (e.g., likes, shares).

  3. Simple Integration:

    • Partners only need to pass the user's plaintext email to the SDK during configuration. The SDK handles all hashing automatically before any data leaves the partner's environment.

Optional: Avoid Transferring user_hash for New Users

The allowPersonalization parameter allows partners to control whether the SDK includes the user_hash in API projects-stories requests, which determines if the response contains personalized or default project data.

Behavior:

  • With allowPersonalization: true (Default):

    • The SDK includes the user_hash in the API request.

    • The API fetches personalized data, including supported projects and their stories.

  • With allowPersonalization: false:

    • The SDK omits the user_hash in the API request.

    • The API fetches a default set of new (trending) projects.

Code Example

Here’s how you can configure the SDK to include or exclude the user_has for some API requests:

import { Humance } from 'react-native-humance-sdk';

// For an existing user
<Humance
  apiConfig={{
    userEmail: 'existinguser@example.com', // Plaintext email for hashing
    apiKey: 'your-api-key',
    apiSecret: 'your-api-secret',
  }}
  paymentPageBalance={2440.98},
  allowPersonalization={true} // Default behavior
/>;

// For a new user
<Humance
  apiConfig={{
    userEmail: 'newuser@example.com', // Plaintext email for hashing
    apiKey: 'your-api-key',
    apiSecret: 'your-api-secret',
  }}
  paymentPageBalance={2440.98}
  allowPersonalization={false} // Omit user_hash for default projects
/>;

Best Practices

  • Default Behavior for All Users:

    • It is completely safe to set allowPersonalization: true for all users. Since all sensitive data is hashed locally using SHA-256, the user_hash cannot be decrypted, ensuring user privacy and data security.

  • Maximize Security by Limiting Hashed Data:

    • If you want to minimize the amount of hashed personal data provided to Humance, you can set allowPersonalization: false for users who have not interacted with Humance. This ensures that no user_hash is sent for these users, and they will receive default (non-personalized) project data instead.

    • Note: To achieve this, you will need to implement backend logic on your side to track whether a user has previously interacted with Humance (e.g., supported a project). Based on this, you can dynamically set allowPersonalization for each user.

  • Hashing Happens Locally:

    • The SDK hashes user emails locally before any data is transferred to the Humance API, ensuring maximum security and privacy without additional effort from your team.

PreviousContribution Collection System (Billing)NextShare Functionality

Last updated