Identity Resolution

Managed Identity Resolution

Teavaro provides extensive Identity Resolution capabilities which can be simply enabled via JavaScript tag or Mobile SDK, including:

  • Visitor profile creation via InfoIdent service API.
  • Login identification including real-time customer profile merge (or creation) via InfoIdent service API using any available and specified customer identifier, from hashed or encrypted email to CRM ID, etc.
  • Utiq token with real-time profile merge including prolongation through Utiq token stitching.
  • Cross-domain identity link including real-time visitor and customer profile merges.
  • Click identification including different call to action methods.
  • Telco network (mobile and fixed / wifi) identification via InfoIdent API using different methods from custom “header enrichment” to IP/PORT telco API lookup and other authentication methods. The real-time profile merge and switching can also be applied here.

The Ident method of your chosen Identity Resolution creates or links a user profile with a provided customer identifier. If a visitor profile existed before, it either merges or upgrades it to a customer profile. It can also switch the context of the device cookie from one customer profile to another in case the user changes identity from one login to another as example.

The Ident method is set in the JavaScript tag and pipeline configuration and requires information about the customer idenifier, which is always of the type string. The JavaScript configuration also needs to know how it can obtain the customer identifier, for example from session/local storage, data layer, etc.

While the customer identifier query string parameter names can be freely defined, here some suggestions:

Name Description
hemail Hashed (sha256 plus salt) email.
enemail Encrypted email.
fc_cid Customer ID.
fc_hcid Hashed (sha256) Customer ID.
fc_hmsisdn Hashed (sha256) mobile phone number.
martechpass The Utiq martechpass token.

All JavaScript and pipeline configuration is done by Teavaro ClientSDKs support team.

Visitor & Login Customer Identification

Using the InfoIdent service API you can pass the customer identifier as query string parameter, within request body, as custom request header, and as cookie. Any of these methods can be configured and multiple methods can be supported in parallel with set priorities in terms of order of use. The InfoIdent service API sets an HTTPOnly cookie. The cookie time to live and further cookie access restrictions through path can be configured. Profile merge and identity switching are real-time and can be enabled or disabled as required. External customer identifier mapping can be included in the Identity Resolution to merge multiple customer profiles. The FunnelConnect service can obtain these customer identifiers in real-time via server-side API call.

Sample request with encrypted email identifier:

curl -v 'https://funnelconnect.brand-demo.com/op/brand-demo-info/info?out=json&identifiers&enemail=JRCHSIm4J_uDd8RXxrBI4A=='

Sample request with Utiq martechpass token:

curl -v 'https://funnelconnect.brand-demo.com/op/brand-demo-info/info?out=js&identifiers&martechpass=mt1-VYrAqAy9OgDbZnQ2R3M4YA'

Sample response JSON with identifiers returned:

{
  "umid": "86def240-beff-420d-ae87-ea76b8a84e1b",
  "state": 1,
  "identifiers": [
    {
      "name": "mtid",
      "value": "mt1-VYrAqAy9OgDbZnQ2R3M4YA"
    },
    {
      "name": "email-aes",
      "value": "JRCHSIm4J_uDd8RXxrBI4A=="
    }
  ]
}

Sample response JavaScrip variable with identifiers returned:

var fcData = {"umid":"86def240-beff-420d-ae87-ea76b8a84e1b","state":1,"identifiers":[{"name":"mtid","value":"mt1-VYrAqAy9OgDbZnQ2R3M4YA"},{"name":"email-aes","value":"JRCHSIm4J_uDd8RXxrBI4A=="}]};

Utiq Martechpass

The Utiq service once enabled can be consumed through simple JavaScript and pipeline configuration. The Utiq martechpass is captured and passed on as customer identifier. This Identity Resolution method can be used alongside any of the other methods described here. For more information about the Utiq integration, please see.

Accessing the martechpass

The martechpass is obtained using the Utiq JavaScript API. Depending on the type of connection, the martechpass can be for a mobile or fixed line connection. The martechpass for a mobile connection is handled as a person identifier and for fixed line connection as a household identifier as multiple persons could be using it. The martechpass uses a prefix to identify the connection type:

  • mt1- stands for mobile (e.g. mt1-eVliTOLtBo90Gvug7ioVgw)
  • mt2- stands for fixed line (e.g. mt2-6loFAvH-Rlg8DJY4rwdc4A)

Getting the martechpass:

window.Utiq.API.getIdGraphEntry('mtid');

Handling privacy compliance

Utiq handles either directly or via some Consent Management Platform provider the Utiq consent. Only if consent is granted for the Utiq service, the martechpass is issued. If consent is revoked, the martechpass is removed / no longer available, which means it is also no longer valid and cannot be used for data activation.

The Cross-domain Identity Link enables you to link the identity across multiple domains using browser redirects. What domains and how many are included in the cross-domain link is service pipeline configuration. Also, the consent required to start a cross-domain identity link is configurable through a CDN rule. Teavaro will provide the required script for CDNs including AWS CloudFront, Fastly, and Akamai. Based on the cookie consent, the CDN redirects the user one time to the FunnelConnect cross-domain service. This redirect rule looks at the cookie consent as specified as well as any preceding redirects. If a cross-domain redirect has already taken place, it will not take place again, until that rule check is satisfied.

Sample cross-domain call flow in demo environment using cookie tv-consent=dHJ1ZQ== as qualifying redirect trigger.

curl -L -s -D - -o /dev/null 'https://funnelconnect.brand-demo.com/op/demo-cd/-/www.brand-demo.com/product/absolute-organic-cashews/?test=test&test1=test1' \
-H 'Cookie: umdid=NmVhNTIxMmItZDk1Ny00M2VhLTkxNGUtZDU5ZGNkNzE0ZDcxfDVkN2ViZjUwLTEwMzAtNGVjZi1hZjhjLTFhMjAwZWQxNjJiY3ww; tv-consent=dHJ1ZQ=='

Sample response showing redirects and response headers with cookie:

HTTP/1.1 307 Temporary Redirect
vary: Origin
location: https://funnelconnect.publisher-demo.media/op/demo-cd/ZEDr_yDTpPeHyJpMqxXn7t4MnNJqeHTjWnGSamMdDFi4zk0T5Hy5kemo9ADGOFzD9-R6t8PjNqljcsMfdXitJhhgone9PfpkN6LI4Zipy5BGeTmb3_dHU8e-Rp0YSDbCb16wdWG3/www.brand-demo.com/product/absolute-organic-cashews/?test=test&test1=test1
set-cookie: umdid=NmVhNTIxMmItZDk1Ny00M2VhLTkxNGUtZDU5ZGNkNzE0ZDcxfDg2ZGVmMjQwLWJlZmYtNDIwZC1hZTg3LWVhNzZiOGE4NGUxYnww; Max-Age=31536000; Expires=Wed, 07 Jan 2026 13:46:35 GMT; SameSite=None; Path=/op/; Domain=brand-demo.com; Secure; HTTPOnly
set-cookie: tv-cd-done=true; Max-Age=86400; Expires=Wed, 08 Jan 2025 13:46:35 GMT; SameSite=None; Path=/; Domain=brand-demo.com; Secure; HTTPOnly
date: Tue, 07 Jan 2025 13:46:35 GMT
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload

HTTP/1.1 307 Temporary Redirect
vary: Origin
location: https://www.brand-demo.com/product/absolute-organic-cashews/?test=test&test1=test1
set-cookie: umdid=NjM5MzQ5OTItNGNmYi00YjVkLWI4YTQtNzU2NjI5NGE0NjZifDg2ZGVmMjQwLWJlZmYtNDIwZC1hZTg3LWVhNzZiOGE4NGUxYnww; Max-Age=31536000; Expires=Wed, 07 Jan 2026 13:46:35 GMT; SameSite=None; Path=/op/; Domain=publisher-demo.media; Secure; HTTPOnly
date: Tue, 07 Jan 2025 13:46:35 GMT
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload

HTTP/2 200
content-type: text/html; charset=UTF-8
date: Tue, 07 Jan 2025 13:46:35 GMT
server: Apache
x-powered-by: PHP/8.2.26
link: <https://www.brand-demo.com/wp-json/>; rel="https://api.w.org/", <https://www.brand-demo.com/wp-json/wp/v2/product/4473>; rel="alternate"; title="JSON"; type="application/json", <https://www.brand-demo.com/?p=4473>; rel=shortlink
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e9f4c7fe4166f606f6376c2953bbf2b2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P2
x-amz-cf-id: rZVV25qaC_1A36akk2lGI2jBoJcmXu8h2p5ts0gjA7DmP-Q9ASF5qA==

The URL consiste of the following:

  1. FunnelConnect service endpoint set in CDN: https://funnelconnect.brand-demo.com/op/demo-cd/-/
  2. Target page set by the CDN script including the full target URL with all query string parameters: www.brand-demo.com/product/absolute-organic-cashews/?test=test&test1=test1

The FunnelConnect cross-domain service sets the following cookie to stop further redirects as its a condition checked in the CDN. set-cookie: tv-cd-done=true; Max-Age=86400; Expires=Wed, 08 Jan 2025 13:46:35 GMT; SameSite=None; Path=/; Domain=brand-demo.com; Secure; HTTPOnly

The cross-domain service can also be used with page links, for example using it within menu links, which does not require a CDN setup.

Click Identification

Click identification can be used to propagate the customer identity through an email, app push, or any other distributed link, using a customer identifier provided within the link. This can be any identifier including umid.

See more information here.

Telco Network Identification

Teavaro has been working with telcos for the better part of the last 10 years, supporting pretty much any type of telco identification including:

  • Custom request “header enrichment”.
  • IP/PORT telco API lookup.
  • Various standard authentication methods.

This experience let us to provide the platform technology for Utiq.