What's documented in this knowledgebase
article is optional—FUSE applications work
with or
without it. Organizations would deploy one
of these solutions when there is a need to
personalize a FUSE instance to a specific
user or groups of users.
FUSE instances (e.g.
chat, search, listing) can receive
custom data from you and customize what
gets shown to a user using a global
variable named
window.fuseapp_userdata.This lets you pass information like user
activity, context, or permissions to any
FUSE instance. There are two
approaches—one approach ensures that the
payload of
information you're passing to FUSE hasn't
been tampered with (i.e. a user
attempting
to access information they're not
supposed
to). The other method is when the
stakes
are lower and someone manipulating the
payload is not a concern. Please see the
helpful examples of both methods
below.
Standard FUSE Embed Code
Before we delve deeper, first understand
the standard way to
embed a FUSE instance:
<div id="sjview_xyz"></div>
<script src="https://fuse.fusesearch.app/api/1/views/xyz.js?element_id=sjview_xyz"></script>This code provided to you by Team
FUSE. It loads a FUSE instance into
the specified
<div>.Working with Unverified Data
Requests
Use this format when the
data is
for context or personalization and
does
not need verification that the request
is
authorized by you. For example,
instead of
listing events in Arizona, an
offending user manipulates the
code to get events in California instead. Their
loss?
<script>
window.fuseapp_userdata= {
event_location: ['arizona']
};
</script>
<!-- FUSE Standard Embed Code Start -->
<div id="sjview_xyz"></div>
<script src="https://fuse.fusesearch.app/api/1/views/xyz.js?element_id=sjview_xyz"></script>
Here's another example
with
multiple values being
passed:
<script>
window.fuseapp_userdata = {
event_locations: ['arizona','california', 'nevada'],
items_purchased: ['id1','id2'],
email_address: ['testerson@test.com']
};
</script>
<!-- FUSE Standard Embed Code Start -->
<div id="sjview_xyz"></div>
<script src="https://fuse.fusesearch.app/api/1/views/xyz.js?element_id=sjview_xyz"></script>
Note that you can include any key-value
data in the
window.fuseapp_userdata object.
Please work with FUSE Support to agree
on a
suitable data structure for your
project.Working with Verified Data Requests
This approach uses JSON
Web
Tokens (JWT). Take this
approach when the data
request
must be verified as being
valid—e.g. to
control access, confirm
entitlements,
and/or to prevent tampering.
Sticking with the same example as
the
previous section (Working with
Unverified Data Requests), if a
user
manipulated the code to get California events instead
of Arizona, the request
would
fail.
In this case, the
window.fuseapp_userdata variable would be a JWT string (not the
payload itself). However,
the data/payload is in the identical
format as the examples in the previous
section,Working
with Unverified Data
Requests. Please work with
FUSE Support to settle on a
suitable data structure for your
project. Here's a code example of this
approach:<script>
window.fuseapp_userdata =
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpdGVtc19wdXJjaGFzZWQiOlsiaWQxIiwiaWQyIiwiaWQzIl19.pnQTT2Zfm02GohMZpYDB-7mf2p-BvmmIkCPxFuvq0rA';
</script>
<!-- FUSE Standard Embed Code Start -->
<div id="sjview_xyz"></div>
<script src="https://fuse.fusesearch.app/api/1/views/xyz.js?element_id=sjview_xyz"></script>
In this code example,
the
token...
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpdGVtc19wdXJjaGFzZWQiOlsiaWQxIiwiaWQyIiwiaWQzIl19.pnQTT2Zfm02GohMZpYDB-7mf2p-BvmmIkCPxFuvq0rA...decodes to the
following
payload (you can try decoding
this token
yourself at jwt.io):
{
"items_purchased": ["id1", "id2", "id3"]
}
To generate the JWT:
- Select a JWT
library that
fits your needs/development
environment (e.g.
Node,
Python).
- Sign it using the secret key
shared
with you by FUSE
Support.
- Further, use jwt.io to inspect and
debug
JWTs.
Summary
window.fuseapp_userdata Global Variable Value | Use when... | Example |
|---|---|---|
| Plaintext | No need to validate
payload hasn't
been tampered with. | window.fuseapp_userdata
= {...} |
| JWT String | Critical to ensure payload
values
have not been manipulated
by
unscrupulous users. | window.fuseapp_userdata
= '...' |
- If
window.fuseapp_userdatais a string, it's treated as a JWT (verified). - If
window.fuseapp_userdatais an object, it’s used as-is (unverified).
If you need help generating a JWT
or are
unsure of which method to use,
please
contact FUSE Support and we'd be
happy to
assist you!