Private SSP

Many businesses are averse to sharing the contact details of their users with third-party platforms like WebEngage.

We understand your concerns.

This is why we've made it possible for you to leverage a user's PII (Personally Identifiable Information) for sending SMS campaigns without actually sharing their phone numbers! This can be achieved by setting up a Private SSP API endpoint at your end.

Private SSP Basics

A Private SSP is an API endpoint that you expose for WebEngage to call. You can think of it as a proxy layer that decrypts the phone numbers of an SMS campaign's target audience before sending it to your SSP for delivery to your users. All you need to do is:

Step 1: Pass hashed PII data to WebEngage from your servers.

Step 2: Set up a Private SSP API endpoint to decrypt hashed phone numbers.

Step 3: Connect Private SSP with WebEngage. And add WebEngage Webhook URL to decryption layer to ensure that the delivery status of each message is relayed back from your SSP --> Decryption Layer --> WebEngage dashboard.

Step 4: Select Private SSP as the preferred SSP at Step 3: Message while creating the SMS campaign. In doing so, we'll send all the messages to the specified endpoint (where you can decrypt the phone numbers and pass them to your preferred SSP).

• The message payload will contain the hashed phone identifiers, message body, and some more associated data.

• WebEngage expects a JSON response at that instance denoting synchronous result (request success/failure).

PII Hashing

Let's get you acquainted with PII hashing or how you can encrypt a user's phone number and pass it to your WebEngage account.

Which Attributes Are PII?

WebEngage recognizes the user attributes, phone and email as PII (Personally Identifiable Information). Thus, if you opt for PII hashing, then instead of passing the actual data against these attributes, you will need to pass the corresponding hashes values against the attributes, hashed_phone and hashed_email.

Passing Hashed PII Values

All WebEngage platform integration SDKs enable you to pass hashed phone numbers and email addresses for each user. Here's an example to help you get started:

webengage.user.setAttribute({
  'we_hashed_phone': 'e0ec043b3f9e198ec09041687e4d4e8d',
  'we_hashed_email': '144e0424883546e07dcd727057fd3b62'
});

weUser.setHashedEmail(String hashedEmail)

weUser.setHashedPhoneNumber(String hashedPhoneNumber)

-(void) setHashedEmail:(NSString*)hasdhedemail;

-(void) setHashedPhone:(NSString*)hashedphone;

Please Note:

• The values passed against hashed_phone must be encrypted in a format that you can decrypt later through the Private SSP.
• The encrypted value can be a maximum of 512 characters. Additional characters will be truncated.
• Please ensure that the actual phone number is never passed through this method.

🚧

Start Here

• Website

• Android

• iOS

• React Native

• Cordova/ Phone Gap/ Ionic

• Xamarin.Android

• Xamarin.iOS

• Unity.Android

• Unity.iOS

• You can also choose to pass and update hashed PII attributes through the WebEngage REST API.

Once you've created a decryption layer at your end, you can add it to WebEngage as a Private SSP.

How to Configure

Now that you're sending us encrypted user data, let's show you how you can leverage it to engage users (while keeping their identity a top-secret!)

As shown above:

Step 1: Select SSP

• Access Data Platform> Integrations > SMS Setup.

• Select Private SSP from the List of Available SSPs. In doing so, you will be prompted by a configuration modal.

Step 2: Name your Configuration

Please add a user-friendly name that enables you to identify the right SSP for a campaign while creating it.

Step 3: Add URL

• Add the Private SSP API endpoint URL here.

• WebEngage makes a POST call in JSON to the URL you provide us. (as shown here)

• Response for the message request should be passed in this predefined format.

Step 4: Add Custom Headers (Optional):

This could be used for authenticating API requests from WebEngage and passing any other additional user data, as per your business needs.

• “Content-Type”: “application/json” is a default header present in all WebEngage POST requests to the Private SSP and cannot be overridden by you.

• A unique ID will always be passed in custom data as UUID for each SMS.

• Next, click Save!

Step 5: Add WebEngage Webhook URL to Private SSP

Adding the WebEngage Webhook to your decryption layer will enable us to receive delivery status notifications for each user. This includes campaign performance indicators like message delivered, failed, and queued.

Here's how you can go about it:

Step 5.1.: As shown below, you will find the integrated Private SSP under the section, Your SMS Service Provider List.

Step 5.2.: Click the overflow menu placed on the extreme right, click View Webhook URL, and copy it.

Step 5.3: Add it to your decryption layer to communicate DSN for each SMS sent to your users.

🚧

About Link Wrapping/Shortening

If your Private SSP is performing additional link wrapping on the links already wrapped by WebEngage (original URL) anywhere in the request payload, then the wrapped domain must ask the caller to follow the original URL-encoded location.

For example, let's assume that the SMS has the following hyperlink:

<a href=“https://google.co.in/?param=%3D%3D%2B%20%20abcd”> Link </a>

We have a parameter named param with a value of ==+ abcd here.

Thus, if you are further wrapping this link, then the wrapped domain must ask the caller to follow the URL-encoded location (https://google.co.in/?param=%3D%3D%2B%20%20abcd) and not the decoded one (https://google.co.in/?param===+ abcd).

Request

{
  "version": "1.0",
	"smsData" :{
		"toNumber" 	: "abc12345",
		"fromNumber": "PAXXXN",
		"body"		: "Text message"
	},
	"metadata": {
		"campaignType": "PROMOTIONAL",
		"custom": {
			"key1": "val1",
			"key2": "val2"
		},
		"timestamp": "2018-01-25T10:24:16+0000",
		"messageId": "webengage-message-id"
	}
}

{
  "version": "2.0",
  "smsData": {
    "toNumber": "919999999999",
    "fromNumber": "PAXXXN",
    "body": "Text message body"
  },
  "metadata": {
    "campaignType": "PROMOTIONAL",
    "timestamp": "2018-01-25T10:24:16+0000",
    "messageId": "webengage-message-id",
    "custom": {
      "key1": "val1",
      "key2": "val2"
    },
    "indiaDLT": {
      "contentTemplateId": "xyz",
      "principalEntityId": "abc"
    }
  }
}

Response (Delivery Status Notification)

Here are a few samples of the delivery status notifications (DSN) we expect to receive (in JSON) for each SMS sent to your Private SSP layer from your WebEngage dashboard.

• DSN must include the UUID passed from WebEngage.

{
  "version": "1.0",
	"messageId" : "webengage-message-id",
	"toNumber" : "abc12345",
	"status" : "sms_sent",
  "statusCode" : 0
}

{
	"status" : "sms_rejected",
	"statusCode" : 2001, // null in case of SMS_SENT
	"message" : "YOUR IP IS NOT WHITELISTED" // null in case of SMS_SENT
}

{
	"status" : "sms_rejected",
	"statusCode" : 2010, // null in case of SMS_SENT
	"message" : "VERSION NOT SUPPORTED",
  "supportedVersion" : "2.0" // mandatory in case of statusCode 2010
}

{
  "version": "1.0",// Mandatory
	"messageId" : "XXXXXXXXXXXX",
	"toNumber" : "abc12345",
	"status" : "sms_failed",
  "statusCode" : 2007, // Mandatory
  "message" : "EXCEEDING MAX LENGTH"
}

{
	"status" : "sms_accepted"
}

Let's walk you through each parameter in the above code snippets:

Delivery Status Codes

WebEngage will respond to the delivery status notification sent by the service provider with an HTTP 2XX response code and will enqueue the event to process it. Here's a list of all the response codes for your reference:

India DLT specific Delivery Status Codes

We hope this has enabled you to set up a decryption layer for sending SMS campaigns to encrypted phone numbers. Please feel free to drop in a few lines at [email protected] in case you have further queries. We're always just an email away!