Skip to content

Cookies

The Apptus eSales Web API uses four different cookies: apptus.customerKey, apptus.sessionKey, apptus.token, and apptus.queue.

apptus.customerKey

The apptus.customerKey cookie contains a unique randomly generated value that enables a website to identify a visitor between sessions. This value does not directly identify the visitor and a key (which Apptus don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is recommended to be persistent for 1 year.

The cookie is used to enable eSales to deliver personalised content and products based on the visitors previous behaviour on the site. Opting out of this cookie disables the possibility for a visitor to have a personalised experience on the site based on their own behaviour.

Retailers that use the JavaScript Library client side while setting the apptus.customerKey cookie server side must set the cookie properties according to the following instructions.

The JavaScript Library will use the apptus.customerKey cookie when sending requests to achieve personalisation as well as keeping the cookie updated during the life cycle of a page visit.

Property Value Description
Name apptus.customerKey={visitor id} The value is either a A SHA256 hash of the id of a signed in visitor or a unique for visitors not signed in, UUID v4 is recommended.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.esalesdrivensite.com. Unless specified in the JavaScript Library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future. When using the JavaScript Library, the date is automatically set one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript Library interacts with the cookie.

Example

The following example specifies a cookie set server side for the site www.esalesdrivensite.com that is served over https.

apptus.customerKey=eea6c1ee-7b12-4f40-a4f4-61a59a111b98; Path=/;
Domain=www.esalesdrivensite.com; Secure; Expires=Wed, 14 Oct 2020 07:00:00 GMT;

apptus.sessionKey

The apptus.sessionKey cookie contains a unique randomly generated value that enables a website to identify a session between page requests. This value does not directly identify a visitor and a key (which Apptus don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is persistent for the duration of the session.

The cookie is used to enable eSales to deliver the most relevant content and products based on the situation of the site. Opting out of this cookie disables the possibility for a visitor to have a personalised experience on the site.

Property Value Description
Name apptus.sessionKey={session id} A unique UUID v4.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.esalesdrivensite.com. Unless specified in the JavaScript Library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript Library interacts with the cookie.

apptus.token

The apptus.token cookie is a string token that should only be set when a visitor signs in to a site. It is recommended to only set the apptus.token cookie server side.

The token is obtained by signing the customerKey with the retailers Web API privateKey (as received by Apptus during the cloud configuration) and provides eSales information that the visitor is signed in. This allows eSales to verify that the customerKey format is correct, and if the customerKey leaks or becomes public, the visitor data is still safe as the privateKey-signed token is required.

Property Value Description
Name apptus.token={string token} A string token obtained by signing the customerKey with the retailers Web API privateKey.
Path / The path is defined as the root of the Domain.
Domain Site host name The Domain must match the host name of the site, for example www.esalesdrivensite.com. Unless specified in the JavaScript Library.
Expires Expiration date The expiration date is recommended to be set to be one year into the future.
Secure Secure or N/A If the site is served over https, then Secure must be specified in the cookie.
HttpOnly N/A The HttpOnly must not be specified as the JavaScript Library interacts with the cookie.

apptus.queue

The apptus.queue cookie is used to temporarily store click and adding-to-cart notifications. As a web browser unloads the current page content when a visitor clicks a link, eSales must ensure that all notifications have been sent. The apptus.queue cookie only stores the notifications that had not been sent before the next page is loaded. Once the notifications are sent the cookie is cleared.


Last update: August 25, 2020
×
Copyright

This online publication is intellectual property of Apptus Technologies. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.

All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Apptus Technologies nor the authors shall be held liable for possible errors or the consequences thereof.

Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Apptus Technologies essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.

CLOSE