# Participant Auto Authentication

## **Set up the client**

**Step 1:** Require participants to login/authenticate within the Program Editor

![](/files/-LzeGapQc_6sLaaE6Y5y)

**Step 2:** Generate a new *Participant Auth Secret*

![](/files/-LzeGw_R8zE4F-YNjnl7)

**Step 3:** Copy your unique *Participant Auth Secret* (to use for later in the [Setting up the server](#set-up-the-server) instructions).

![](/files/-LzeH37ZyvFdqSs4xbLO)

{% hint style="info" %}
Your *Participant Auth Secret* holds privileges, so be sure to keep it secure! Do not share your *Participant Auth Secret* in publicly accessible areas such as GitHub, Bitbucket, client code, etc.
{% endhint %}

**Step 4:** Go to the final instructions page within the Program Editor to copy the new GrowSurf Universal Code.

Once your program has a *Participant Auth Secret,* the installation instructions will be updated and you will need to re-install a newly generated [GrowSurf Universal Code](/getting-started.md#step-1-install-the-growsurf-universal-code-onto-your-site) snippet.

![](/files/-LzjP_6Io515016gWklX)

This new GrowSurf Universal Code snippet contains a new `window.grsfConfig` Object. Remember to replace two values: (1) set `email` as the participant's email address, and (2) set `hash` as the value you receive from [setting up the server](#set-up-the-server). See the example code block below:

```markup
<script type="text/javascript">
  window.grsfConfig = {
    email: "participant@email.com", // Replace this with the participant's email address
    hash: "HASH_VALUE" // Replace this with the SHA-256 HMAC value
  };

  (function(g,r,s,f){g.growsurf={};g.grsfSettings={campaignId:"k1o87e",version:"2.0.0"};s=r.getElementsByTagName("head")[0];f=r.createElement("script");f.async=1;f.src="http://localhost:3000/static/growsurf.js"+"?v="+g.grsfSettings.version;f.setAttribute("grsf-campaign", g.grsfSettings.campaignId);!g.grsfInit?s.appendChild(f):"";})(window,document);
</script>
```

## Set up the server

On your server, you will need to create a *Hash-based message authentication code* (HMAC).

**Step 1:** Implement SHA-256 HMAC, passing in the following values:

* The *Participant Auth Secret (*&#x66;rom Step 3 of the [Setting up the client](#set-up-the-client) section)
* The participant's email address

Below is an example of the HMAC implementation in Node.js:

{% tabs %}
{% tab title="Node.js" %}

```javascript
require("crypto")
  .createHmac("sha256", "<YOUR_SECRET>")
  .update("participant@email.com")
  .digest("hex");
```

{% endtab %}
{% endtabs %}

## **Testing**

Test your Participant Auto Authentication implementation by going to the URL in which you have installed GrowSurf.

Then load or refresh the page. If successful, you should be authenticated as a participant.

**Below are additional references that may be helpful:**

* JavaScript Web API method [**growsurf.init()**](https://docs.growsurf.com/developer-tools/javascript-sdk/api-reference#initialize-reinitialize-growsurf)
* [Single Page Applications](https://docs.growsurf.com/integrate/javascript-web-api/single-page-applications)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.growsurf.com/getting-started/participant-auto-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.