Security & Compliance
Keeping your data secure
For requests that use your publishable API key, Miso requires an encrypted
user_hash, which encrypts the requested
anonymous_id) with your secret API key using HMAC. Your backend server will need to generate the
user_hash, and then let the front-end code send the
user_hash to Miso APIs to verify the identity of the API caller.
As long as the Secret API Key is kept secret, the
user_hash prevents a malicious attacker from making unauthorized API calls or impersonating any of your users.
Miso APIs accept the case-insensitive "hex digest" of the
user_hash. Sample Python 3 code for generating it on your backend server is as follows:
import hashlib import hmac YOUR_MISO_SECRET_API_KEY = "039c501ac8dfcac91" key_bytes = YOUR_MISO_SECRET_API_KEY.encode() user_id = "USER_123" # or anonymous_id user_id_bytes = user_id.encode() user_hash = hmac.new( key_bytes, user_id_bytes, hashlib.sha256).hexdigest() # user_hash is "7eb04da5e..."
You can find more examples for other languages in this Github Gist.
Our privacy commitment
We have complete support for the right to be forgotten and offer full incognito mode personalization. We also are not a data broker in any way: we don’t resell or redistribute your data and models outside the scope of your subscription and use of the Miso platform. No cookie tracking or cross-site surveillance, either. We’re on a clear mission to get rid of that craziness on the web and make it clear that brands can have awesome personalization performance without having to compromise user privacy and security.