OneSignal Help & Documentation

Welcome to the OneSignal New IA developer hub. You'll find comprehensive guides and documentation to help you start working with OneSignal New IA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    Discussions

Identity Verification

Features - Security

OneSignal now supports a higher security method known as Identity Verification. This helps prevent users from impersonating one another by generating a user-specific token on your server, if you have one.

We highly recommend enabling identity verification for apps and websites that use OneSignal Email Messaging. For apps and websites that are 'backendless' and do not run their own servers, we suggest either creating a minimal server that just verifies users, or avoid sending sensitive information in user tags and notifications.

Code Example

When identity verification is enabled, OneSignal will look for a SHA-256 hash of a user's email address from your server. See the following code examples for how to generate these hashes on your server:

OpenSSL::HMAC.hexdigest('sha256', ONESIGNAL_API_KEY, email_address)
<?php
echo hash_hmac('sha256', $email_address, $ONESIGNAL_REST_API_KEY);
?>
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', ONESIGNAL_REST_API_KEY);
hmac.update(email_address);
console.log(hmac.digest('hex'));

If you have questions about implementing this please contact us.

Updated 2 years ago


What's Next

Email Quickstart

Identity Verification


Features - Security

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.