Share information at the campaign load
Participation flow
With this technique, the participant must start the campaign being connected/identified on your side. This part is out of Qualifio responsibility.
- At the campaign launch, the page hosting the campaign uses Qualifio Javascript API to send a message (usually a JWT or similar identification token) to the embedded Qualifio campaign. The JWT token contains either (1) the authorization (access token) to request participant’s information via a webservice call to the database, or (2) the participant’s data directly in the message sent (JWT).
- If you choose not to send the participant data in the first message (JWT), Qualifio will call the API with the access token (authorization) received and will request the participant's information in this call.
- If you choose to send the participant data directly within the token, Qualifio won’t perform this additional call
- The data received will allow Qualifio to prefill the identification form and the participant will be able to pursue his/her journey.
Process flow
What are the requirements to set it up?
- You have your own authentication process with a login/register/forgot my password screen on a dedicated page or a login/register popin available.
- You have to prepare the list of fields you want to use to prefill Qualifio form fields.
- You have to define a CNAME for the Qualifio website where the campaign is integrated.
- You have to use the JS tag of the campaign to integrate them in your website.
- You have to add the setMetaData method in the pages where campaigns are integrated.
<div id='qualifio_insert_place_945645' class='qualifio_iframe_wrapper'></div><script type='text/javascript'>(function(b,o,n,u,s){var a,t;a=b.createElement(u);a.async=1;a.src=s;t=b.getElementsByTagName(u)[0];t.parentNode.insertBefore(a,t);o[n]=o[n]||[]}) (document,window,'_qual_async','script','https://files.qualifio.com/kit/qualp.2.min.js');_qual_async.push(['createIframe','qualifio_insert_place_945645','productteam.qualifioapp.com','20','DBBB4D76-12F3-48EC-86C9-807C78B9F1D2','100%','1200','','','','max-width:810px;margin:0 auto;']);_qual_async.push(['setMetaData', 'JWT', yourJWT, qualifio_insert_place_945645]);</script>
SetMetaData method
In order to allow the communication between Qualifio iframe and the campaign parent page, the parent page must include the following function:
_qual_async.push(['setMetaData', 'JWT', yourJWT, divId]);
Where:
- 'setMetaData' and 'JWT' are fixed values
- yourJWT is a valid JWT carrying an access_token or the PII (participant data) included directly in the payload
- The JWT could be either a JWS (signed) or a JWE (=JWT unreadable), meaning the token has been encrypted (before to be shared). JWS is considered as the best practice in this context.
- divId is the id related to Qualifio iframe. It is used to send the JWT to the right iframe, in case you have multiple campaigns, with the setMetaData function, embedded in the same page
Notes
- Unhappy flows
- In case of error (invalid token, no token sent, expired token…), Qualifio will
- Send an error message to the parent page
- Display a spinner with a message informing the participant that he/she is blocked at the authentication step of the game
- In case the 'setMetaData' is not executed in the parent page before Qualifio calls the 'getMetaData' function, Qualifio displays a spinner with a message informing the participant that he/she is blocked at the authentication step of the game
- In case of error (invalid token, no token sent, expired token…), Qualifio will
- This method is used when Qualifio campaigns are published on spaces dedicated to logged in users, as the participant has to be already connected to his/her personal space before starting the Qualifio campaign.
- This method is not compatible with campaigns using the “mini-site” publication channel. As the campaign is hosted outside your domain, messages can’t be exchanged between the campaign iframe and the parent page in this context.
- Non-standard protocol based on browser-based communication. Therefore, this method comes with a lower level of security than a server to server communication.