HMAC Payload

because socratease is a front end library, we need to ensure that the data that gets sent to socratease's server hasn't been tampered with for instance, imagine a user who modifies the javascript code and grants themselves a super admin role they will then be able to take over your entire website to prevent this from happening, the sdk takes an extra parameter called the hmac payload this should be generated by your backend the example in the snippet shows you how you can calculate the hmac of the payload the steps are determine the payload docid 7cy1qkswkezcp719c1vu you want to send convert it to a json calculate the hmac of the json using sha256 and signing it with your secret key encode it using base 64 this is the hmacpayloadbase64 parameter in the sdk because the payload is signed with your secret key in the backend, your website users will not be able to tamper with the payload this is why your secret key must be extremely confidential