SheerID Hosted Verification Applications

Overview

SheerID provides a hosted solution for our customers, handling the verification experience from start to finish. The implementation times are much shorter, and isolates the verification portion of the experience from your code. You can still use all of the SheerID service features such as handing out reward codes or the notification subsystem, but you don't have to build forms or manage process state for your customers.

Integration Options

Hosted apps can be integrated in three ways:

  1. Embed an iFrame in your page, so the form appears to be a part of your site.
  2. Use JavaScript to display the iFrame above the page, appearing to be a pop-up form or "lightbox".
  3. Direct traffic to the hosted page, and have the application redirect back to your site on completion.

SheerID hosted applications are compatible with many browsers and devices. For a complete list of officially supported web browser versions, view our Browser Support documentation.

Protecting the Offer

Successful verification unlocks access to your protected resource. In order to ensure real protection of this resource, it is important for merchants to adhere to one of SheerID's recommended practices for ensuring that those attempting to access the protected resource have truly been verified by SheerID.

Token Validation

Token validation is a simple technique to ensure that a protected page visitor has in fact been verified by SheerID. When SheerID redirects users to your site after completing the verification workflow, a query string parameter is appended which contains a single-use unique token. Using a simple REST API call, your site can look up the verification request associated with that token to ensure it's valid and matches your site's verification criteria and revoke the token so it cannot be used again.

Another variation of this technique consists of SheerID displaying a confirmation page to the user with a human-friendly token string. The end user can then copy this string into a form on the merchant site which can then be validated manually by the merchant as part of order fulfillment or otherwise validated using the SheerID REST API in an offline order processing workflow.

Promo Code Issuance

This strategy consists of the merchant generating a batch of single-use promotional codes that unlock a special offer or discount using the e-commerce platform's existing promotions functionality (not all shopping cart software has this feature). The codes are then securely delivered to SheerID and issued only to verified individuals. Furthermore, configuration can be put in place to ensure an individual may redeem only one promotional code. Users can event be redirected to a specific URL on your site which has been designed to accept a promo code via query string, so there's no code for them to copy/re-enter.

Referrer Check (not recommended)

A somewhat reliable way of ensuring that an individual has come from the SheerID verification workflow is to add a few lines of code which check the Referer HTTP header and look for the URL of the SheerID verification process. If the URL matches, you can unlock the protected resource, otherwise display an error message or send the users to a public page. It is important to note that this strategy is easily worked around by savvy users that manipulate the HTTP headers using one of a few readily available techniques.

Security by Obscurity (not recommended)

Another way for merchants to ensure some level of protection for the offer is to use a URL which is not easily known by a user, such as a long and/or cryptic URL. This strategy is very prone to abuse, since once a single user finds out this direct URL, it can be shared with friends or posted to a message board, without any recourse to ensure the visitors coming to that URL have been verified. The effectiveness of this strategy could be improved slightly by frequently changing the URL and using the SheerID API to update the URL that users are redirected to upon a successful verification.

IFrame Integration

To load your SheerID Verification application into an iFrame for display on your website, you first start with placing it on the page:

<iframe src="https://myapp.sheerid.com" width="400" height="300" ></iframe>

That is all that is necessary to place the application onto a webpage, and the start of how to style it using width and height. In order to have this come up in a "lightbox" style dialog, a few steps are necessary. Instructions for this can be found on our Getting Started pages on GitHub.

Getting started with SheerID Hosted Verifications

To start using our hosted solution, you'll need some help from our support staff. They'll walk you through the process of customization, integration, and launching a live instance. Contact us and we'll get you started right away.

Areas that we will go over during integration:

Basic information such as company name, your URLs, the planned offer, and which group affiliations you will accept.

Success behavior: how will the app get the customer back to your site.

Services available along with hosted applications

Email notification: We can email the customer on success or failure explaining their next steps. This is especially important for the case of manual verification since it's possible the customer has closed their browser in the time it has taken for a manual review to complete.

HTTP notification: We can notify your services when a verification request has been changed, allowing you to script a follow-up inquiry on status and result.

Rewards: we can hand out one-time-use coupon codes or product keys with a successful verification. We have API support for managing the rewards and attaching them to particular customers, as well as including the code in the successful email.