What does it give
This setting allows the developer to obtain the user’s personal data, thereby simplifying the registration process and, accordingly, increasing the overall conversion to connect the application.
How to turn it on
In the Personal Account, in the application editing mode, go to “Settings for development”. Mark the checkbox “Transmit user data when connecting the integration”. As long as the checkbox is not checked, data will not be transmitted by default.
How data is transferred
When you click on the “Connect” button in the Marketplace, you follow the link “Registration Redirect Url” specified in the Partner’s Personal Account. The user_data and user_data_sign parameters are applied to this link by the GET-parameter, in addition to the already existing parameter salon_id.
When the setting is disabled, the integration connection occurs according to the usual flow.
How data is generated
user_data is JSON encoded with the base64 algorithm.
user_data_signis a signature that we highly recommend checking to avoid unwanted registrations from third parties. It is generated by SHA-256 encryption of the decoded JSON (user_data) with your partner key (it is located in the “Account Settings” menu).
Below is an example of data decryption in PHP:
<?php
const PARTNER_TOKEN = '2t6u73mrh85btb8wgyfj';
$userData = $_GET['user_data'];
// String eyJ1c2VyX2lkIjoxMjMsIm5hbWUiOiLQkNC90LTRgNC10Lkg0JjQstCw0L3QvtCyIiwiZW1haWwiOiJhbmRyZXlAZXhhbXBsZS5jb20iLCJwaG9uZSI6Ijc5OTkwMDA5OTAwIn0=
// Stage 1 - decode base64
$userData = base64_decode($userData);
var_dump($userData);
/**
* After decoding, we get an array with information about the user
*array(4) {
* ["user_id"] => int(123)
* ["name"] => string(25) "Alex Smith"
* ["email"] => string(18) "[email protected]"
* ["phone"] => string(11) "19990009900"
*}
*/
// Stage 2 - check the validity of the signature
$isSignValid = $_GET['user_data_sign'] === hash_hmac('sha256', $userData, PARTNER_TOKEN);
if (!$isSignValid) {
die("Invalid sign!");
