Installing the Reward plugin
Overview
This guide will help you embed the Reward plugin on your website by adding tracking and user authentication scripts.
Installation Steps
1. Global Tracking Script (Required for All Pages)
🌐 Tracking Script Placement
- Add this script to every page of your website, including:
- Homepage
- Signup page
- All other pages where you want to track user interactions
- Navigate to the Reward dashboard
- Locate your specific tag version
- Add the following script to your website’s HTML:
<script
src="https://embed.rewardplugin.com/tags/{VERSION_NAME}.js"
async
></script>Replace {VERSION_NAME} with the version from your dashboard.
2. User Authentication Script (In-App Pages Only)
🔐 When to Use User Authentication
- Only add the authentication script when a user is logged in to your application
- This helps personalize tracking and associate interactions with specific users
JWT Token Generation
- Go to the Reward dashboard
- Retrieve your authentication key pair from the dashboard
Generate a JWT token with the following requirements:
| Claim | Description | Required | Example |
|---|---|---|---|
sub | User ID (String) | Required | Any unique identifier |
aud | Tag ID | Required | "tag_01jcp..." |
em | User’s email address | Optional | "john.doe@gmail.com" |
fn | User’s first name | Optional | "John" |
ln | User’s last name | Optional | "Doe" |
su | Sign-up date (ISO String or Unix timestamp) | Optional | 1731711385 |
Signing Algorithm Details
🔑 Authentication Token Signing
- Required Algorithm:
ES256(ECDSA using P-256 and SHA-256) - The authentication key pair is provided in the Reward dashboard
- Do not use other algorithms like RS256 or HS256
Example Token Generation (Node.js)
const jwt = require("jsonwebtoken");
// Use the private key obtained from the Reward dashboard
const privateKey = process.env.REWARD_PLUGIN_PRIVATE_KEY;
const userToken = jwt.sign(
{
sub: "7d9728c6-9649-4efe-a73e-82d0fcf1f1ce",
aud: "tag_01jcp42jg2eqca4ecny006jcnq",
em: "john.doe@gmail.com",
fn: "John",
ln: "Doe",
su: "2024-11-15T22:56:25.000Z",
},
`-----BEGIN PRIVATE KEY-----\n${privateKey}\n-----END PRIVATE KEY-----`,
{
algorithm: "ES256",
expiresIn: "2h", // Optional expiration
},
);Example Token Generation (Python)
import jwt
# Use the private key obtained from the Reward dashboard
private_key = os.environ.get("REWARD_PLUGIN_PRIVATE_KEY")
user_token = jwt.encode(
{
"sub": "7d9728c6-9649-4efe-a73e-82d0fcf1f1ce",
"aud": "tag_01jcp42jg2eqca4ecny006jcnq",
"em": "john.doe@gmail.com",
"fn": "John",
"ln": "Doe",
"su": 1731711385, # Unix timestamp
},
f"-----BEGIN PRIVATE KEY-----\n{private_key}\n-----END PRIVATE KEY-----",
algorithm="ES256",
)Authentication Script
When a user is logged in, add this script after the global tracking script:
<script>
window.rewardPlugin=window.rewardPlugin||function(){(window.rewardPlugin.q=window.rewardPlugin.q||[]).push(arguments)};
rewardPlugin({ userToken: "YOUR_GENERATED_JWT_TOKEN" });
</script>Replace YOUR_GENERATED_JWT_TOKEN with the token generated in the previous step.
Implementation Checklist
- ✅ Retrieve tracking script from Reward dashboard
- ✅ Add global tracking script on all pages
- ✅ Add user authentication script only when user is logged in
- ✅ Verify you can see your users on Reward dashboard
Security Notes
🔒 Important Security Practices
- Always generate the JWT token server-side
- Keep your private key confidential
- Use environment variables to manage the private key
- Ensure the token is signed with the ES256 algorithm using the provided key pair
Troubleshooting
- Verify that your global tracking script is on every page
- Confirm the token includes all required claims
- Ensure the token is signed with the ES256 algorithm using the dashboard-provided key
- Check that the private key is correctly imported from your environment variables
Support
If you encounter any issues during installation, contact Reward support.