Skip to content

Cookies

The Voyado Elevate Web API uses four different cookies: apptus.customerKey, apptus.sessionKey, apptus.token, and apptus.queue.

apptus.customerKey

The apptus.customerKey cookie contains a unique randomly generated value that enables a website to identify a visitor between sessions. This value does not directly identify the visitor and a key (which Voyado don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is recommended to be persistent for 1 year.

The cookie is used to enable Elevate to deliver personalized content and products based on the visitors previous behavior on the site. Opting out of this cookie disables the possibility for a visitor to have a personalized experience on the site based on their own behavior.

Retailers that use the JavaScript library client side while setting the apptus.customerKey cookie server side must set the cookie properties according to the following instructions.

The JavaScript library will use the apptus.customerKey cookie when sending requests to achieve personalisation as well as keeping the cookie updated during the life cycle of a page visit.

Property Value Description
Name apptus.customerKey={visitor id} The value is either a A SHA256 hash of the id of a signed in visitor or a unique for visitors not signed in, UUID v4 is recommended.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future. When using the JavaScript library, the date is automatically set one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript library interacts with the cookie.

Example

The following example specifies a cookie set server side for the site www.example.com that is served over https.

apptus.customerKey=eea6c1ee-7b12-4f40-a4f4-61a59a111b98; Path=/;
Domain=www.example.com; Secure; Expires=Wed, 14 Oct 2020 07:00:00 GMT;

apptus.sessionKey

The apptus.sessionKey cookie contains a unique randomly generated value that enables a website to identify a session between page requests. This value does not directly identify a visitor and a key (which Voyado don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is persistent for the duration of the session.

The cookie is used to enable Elevate to deliver the most relevant content and products based on the situation of the site. Opting out of this cookie disables the possibility for a visitor to have a personalized experience on the site.

Property Value Description
Name apptus.sessionKey={session id} A unique UUID v4.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript library interacts with the cookie.

apptus.token

The apptus.token cookie is a string token that should only be set when a visitor signs in to a site. It is recommended to only set the apptus.token cookie server side.

The token is obtained by signing the customerKey with the retailers Web API privateKey (as received by Voyado during the cloud configuration) and provides Elevate information that the visitor is signed in. This allows Elevate to verify that the customerKey format is correct, and if the customerKey leaks or becomes public, the visitor data is still safe as the privateKey-signed token is required.

Property Value Description
Name apptus.token={string token} A string token obtained by signing the customerKey with the retailers Web API privateKey.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript library interacts with the cookie.

apptus.queue

The apptus.queue cookie is used to temporarily store click and adding-to-cart notifications. As a web browser unloads the current page content when a visitor clicks a link, Elevate must ensure that all notifications have been sent. The apptus.queue cookie only stores the notifications that had not been sent before the next page is loaded. Once the notifications are sent the cookie is cleared.

×
Copyright

This online publication is intellectual property of Voyado Lund AB. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.

All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Voyado Lund AB nor the authors shall be held liable for possible errors or the consequences thereof.

Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Voyado Lund AB essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.

CLOSE