Skip to main content

Token verification for realtime server decisions

With realtime analysis from Upollo, you can easily tailor what you offer users so as to drive the best outcomes. Doing so securely involves passing control from your client application to your server and back again.

This example shows how to offer the first month of your product free to a genuine new user, but a lesser discount and alternative messaging to someone who is signing up with their second or third email address in an attempt to get a second or third free month. A similar approach can be taken for various other ways you might tailor your offering.

The process here involves getting a Upollo token on your client, and subsequently verifying it on your server. The specific steps are as follows:

  1. Track event: Have your client application inform Upollo of the event which is taking place.
  2. Upload token: Upload the resulting Upollo EventToken from your client to your server.
  3. Verify & decide: Have your server verify the token with Upollo and act on information available in the AnalysisResponse.
  4. Action: Send a personalised message and promotion code back to your client application, and present them to the user.

Prerequisites

The steps below assume you:

  • Are already signed up for Upollo.
  • Have imported the relevant Upollo Client Library into your application.
  • Understand the basics of sending an event to Upollo.

The Quick Start shows how to do all of this. If you have not already, you may wish to read through and follow its guidance first.

Step 1: Track event

At this point you are likely familiar with how to track events from the client application. Given we are looking to offer a deal to genuine new users, the event we will tie to is EVENT_TYPE_REGISTER. The response from that track() call will include the event_token required for subsequent steps.

// Replace 12345 and person@example.com with the real ID and email of your user.
const response = async userwatch.track(
{ userId: 12345, userEmail: "person@example.com" },
EventType.EVENT_TYPE_LOGIN_SUCCESS
);
const token = response.eventToken;

Step 2: Upload token

Given your server is implementing the logic of what deal to offer the user, your client application should now call the server, passing up the token which was just generated.

The token contains critical information for identifying who is behind the registration attempt, which would not be available if your server were to call track() instead of your client application calling track() then passing up the token.

Step 3: Verify & decide

Once the token is on your server, we check its validity and take a look at the analysis of the user. If the MULTI_ACCOUNTING flag is not present we can confidently offer them their first month free, whereas if the user is multi accounting we will try and get them into the habit of paying, even if only a small amount to begin with.

func SelectOffer(
ctx context.Context,
client userwatchgo.ShepherdClient,
token String,
uid String,
email String
) String {
userInfo := &userwatchgo.UserInfo{
UserID: uid,
UserEmail: email,
}
analysis, err := client.Validate(ctx, &userwatchgo.ValidationRequest{
ValidationToken: token,
Userinfo: userInfo,
})

if err != nil {
if s, ok := status.FromError(err); ok && s.Code() == codes.InvalidArgument {
// If the token was invalid, this could be a malicious request.
return "multi_discount"
}
// Other errors suggest a system issue. Give benefit of the doubt.
return "free_month"
}

// Ensure the token was not maliciously swapped out for one from another event.
if analysis.GetEventType() != userwatchgo.EventType_REGISTER {
return "multi_discount"
}

for _, flag := range result.GetFlag() {
if flag.GetType() == userwatchgo.FlagType_MULTIPLE_ACCOUNTS {
return "multi_discount"
}
}
return "free_month"
}

Step 4: Action

Based on the output of the selectOffer() function implemented above, it is now up to your application to present the right offer to the user. Remember to generate some sort of secure token for the offer on your server rather than just using the offer type.

Conclusion

This example has shown how Upollo lets you securely control whether a trial or discount is offered during account registration, based on whether the user registering is truly new or is trying to get the same offer again.

See Growing faster with trial accounts for more on converting trial users into longterm paying customers.