Secure Partner Verification in Custom Cards
Custom dashboard cards in the Partner Portal now support a secure {affiliate_id_signature} macro and validation API endpoint to verify partner identities.
Custom dashboard cards in the Partner Portal now support a secure {affiliate_id_signature} macro. This update allows external developers and platforms to safely verify partner identities when embedding custom iframe applications.
Introduction
When embedding custom dashboard cards within the Partner Portal, platform operators often need to securely identify the logged-in partner to external back-end systems. Previously, standard macros like {affiliate_id} were guessable and could not be used for secure authentication. The new {affiliate_id_signature} macro resolves this by generating an HTML-safe, encrypted ciphertext containing the partner's ID and a generation timestamp, eliminating the need for fragile authentication workarounds.
Key Capabilities
- Encrypted Identity Verification: The
{affiliate_id_signature}macro dynamically swaps with an encrypted, HTML-safe ciphertext that securely bundles the partner ID and a Unix timestamp. - Direct Validation Endpoint: A new Network API endpoint
/networks/signature/validateallows external systems to POST the ciphertext and receive the verified partner ID and timestamp. - Built-in Security Checks: The validation endpoint automatically returns a 400 bad request error if the ciphertext is unrecognized, invalid, or cannot be decrypted.