Comment on page
By default, Decagon does not authenticate users. To authenticate users, first contact us to enable this feature and send you a secure private key.
You should first use the private key you were given to generate a token authenticating the user. This must be done on a backend server. Since the private keys cannot be exposed to end users, this cannot be done on a web client.
To generate a token, use the following Python snippet (or it's equivalent in another language):
def get_token(user_id, private_key):
epoch = int(time.time())
message = user_id + str(epoch)
signature = hmac.new(
Tokens are valid for 24 hours. After this time, a new token must be generated.
Every time the user is identified on the frontend, you must also pass in the token object that was generated above as part of the metadata.