Participant Auto Authentication

If your campaign is configured to have participants login/authenticate, you can set up Participant Auto Authentication to automatically log participants into their browser.

Set up the client

Step 1: Require participants to login/authenticate within the Campaign Editor

Step 2: Generate a new Participant Auth Secret

Step 3: Copy your unique Participant Auth Secret (to use for later in the Setting up the server instructions).

Your Participant Auth Secret holds privileges, so be sure to keep it secure! Do not share your Participant Auth Secret in publicly accessible areas such as GitHub, Bitbucket, client code, etc.

Step 4: Go to the final instructions page within the Campaign Editor to copy the new GrowSurf Universal Code.

Once your campaign has a Participant Auth Secret, the installation instructions will be updated and you will need to re-install a newly generated GrowSurf Universal Code snippet.

This new GrowSurf Universal Code snippet contains a new window.grsfConfig Object. Remember to replace two values: (1) set email as the participant's email address, and (2) set hash as the value you receive from setting up the server. See the example code block below:

<script type="text/javascript">
  window.grsfConfig = {
    email: "", // Replace this with the participant's email address
    hash: "HASH_VALUE" // Replace this with the SHA-256 HMAC value

  (function(g,r,s,f){g.growsurf={};g.grsfSettings={campaignId:"k1o87e",version:"2.0.0"};s=r.getElementsByTagName("head")[0];f=r.createElement("script");f.async=1;f.src="http://localhost:3000/static/growsurf.js"+"?v="+g.grsfSettings.version;f.setAttribute("grsf-campaign", g.grsfSettings.campaignId);!g.grsfInit?s.appendChild(f):"";})(window,document);

Set up the server

On your server, you will need to create a Hash-based message authentication code (HMAC).

Step 1: Implement SHA-256 HMAC, passing in the following values:

  • The Participant Auth Secret (from Step 3 of the Setting up the client section)

  • The participant's email address

Below is an example of the HMAC implementation in Node.js:

  .createHmac("sha256", "<YOUR_SECRET>")


Test your Participant Auto Authentication implementation by going to the URL in which you have installed GrowSurf.

Then load or refresh the page. If successful, you should be authenticated as a participant.

Below are additional references that may be helpful:

Last updated