Customer email addresses are considered personally identifiable information (PII), content that could potentially distinguish or identify a specific individual. You can use encryption to ensure the security of customer email addresses used for notifications and requests. To encrypt the email addresses, you must add information detailed in the following sections to Post-Interaction Email (PIE) feeds or to transactions.

Bazaarvoice email encryption is based on the RSA algorithm (4096-bit key). RSA pairs a public key to encrypt data and a private key to decrypt data. Bazaarvoice makes a shared public key available for clients, and maintains a private key.

Accessing public encryption keys

Bazaarvoice issues separate public keys for both staging and production environments, which cannot be used interchangeably.

Bazaarvoice strongly recommends that you obtain a new public key programmatically when you encrypt email addresses. Bazaarvoice changes the public and private keys regularly, and will change keys immediately if they are compromised. Older keys will continue to work, although you might receive a warning since retrieving new keys helps your company maintain the highest level of security.

For production, you can find the most up-to-date public key at the following URL:

api.bazaarvoice.com/notifications/rsa_encryption_key/public/current/?passkey=pedpamuvhnprx4hazkqe9xwt

For staging, you can find the most up-to-date public key at the following URL:

stg.api.bazaarvoice.com/notifications/rsa_encryption_key/public/current/?passkey=9m5v9x6t49c4ecnwvu7av6qb

The JSON response at the above URLs contains the public encryption key and its associated encryption key ID. You must include the encryptionKeyId string when sending encrypted email addresses to Bazaarvoice.

The following example shows a public key and encryptionKeyId.

Encrypting email addresses for maintenance-free PIE

If you are using maintenance-free PIE with BV Pixel, include the encryption key ID and encrypted email with other PIE interaction parameters. Use the following parameters:

  • encryptedEmail—Use this parameter instead of email for customer email addresses.
  • encryptionKeyId—Include the encryptionKeyId string located under the public key string.

Bazaarvoice recommends the following practices when encrypting email addresses for maintenance-free PIE:

  • Encrypt email addresses via a server-side operation.
  • Retrieve the public key programmatically at least once every day for optimal security.
  • Retrieve the key no more than once per hour for optimal performance.
  • Store the public key within your system for error-handling resilience.

Example: Encrypted email address data in code

The following example shows the way an encrypted email address and encryption key ID would look in transaction code.

{code:javascript}
BV.pixel.trackTransaction({
  "orderId" : "55555",
  "tax" : "1.44",
  "shipping" : "10.00",
  "total" : "40.84",
  "city" : "Austin",
  "state" : "TX",
  "country" : "USA",
  "currency" : "USD",
  "items" : [
      {
              "sku" : "2245",
              "name" : "product name",
              "category" : "category name",
              "price" : "13.42",
              "quantity" : "1",
              "imageURL" : "http://test.com/1.jpg"
      },
      {
              "sku" : "2246",
              "name" : "product name2",
              "imageURL" : "http://test.com/2.jpg"
      }
  ],
  "encryptedEmail" : "70c7dd458232284dd1720a29835fd4aa7afce99f2c587d3db43d19a54375b8afcdcca96206c6b3f99df8f058d1
                      6bf8bcb98c9b0fd52d6395d8181608e17cfabcb438c8c32415d99a5f856f041ffbb8098728c5680655dbdd68ab
                      c62656eb164781db3c866209b9bfeb980da66037a83b9e282a79d4e9133e21175173b8d139b64de0ad09e3b42f
                      9727c3a2be79682196de950179b94def664f5172ef887d31497c9d56f9196e7f8073547d95c0ccc04519102dda
                      ef6ff898d99c4067a1e9a5530a552f2562877618d493a2e292a181af2d8d56cb5c9dde4177da8ad1ceaf3eed12
                      be913bb4a7beb526f5066f82bf91048366f257754fd98b33f0aef2a5c5d63e75c7ed19059099ef56184039bae4
                      9d69fe554c81110a10d6bbd6244bdfa2aadcca03a6d9b6bb3fbf8979c8a98ab81969d5190da2c49b6abd1ffeaa
                      bded63998b0963da405b81085f7ec1b89ce9a1db6b3df88352e574881da04facb393e7b82ff8fbc78c86ed8374
                      389c8e160fde89f161872f5787fc39b74b3db873e498f168af726288a5b8546cfad345c8f52e9a8d3c93feae47
                      3df93713196d6d36dacfae7571afb6a45caa840143e433dfe52c825cf5101f050fea512edc4818c986b241e6b8
                      cf411daa880f7a0c3c04f94f29edc3fd89eefc3b9673ae78b6f314bc5514176965e13adf0a3b1bfb12d07e100c
                      e288e223443b6b82c69c5caa97d3a0d81d",

  "encryptionKeyId" : "ENCRYPTION-KEY-ID-2016-07-15T21:17:55.208Z",
  "locale" : "en_US"
});
{code}

Encrypting email addresses for feed-based PIE

If you are using feed-based PIE, add the following information to your XML feed:

  • <EncryptedEmailAddress>—Use this element instead of <EmailAddress> for customer email addresses.
  • encryptionKeyID—Include the encryptionKeyID string located under the public key string as an attribute of the root <Feed> tag.

Bazaarvoice recommends the following best practices:

  • For security considerations, programmatically retrieve the public key at least once every day.
  • For performance considerations, retrieve the key no more than once per hour.
  • For error-handling resilience, store the public key within your system.

Example: Encrypted email address data in XML feed for PIE

The following example shows the way an encrypted email address and encryption key ID would look in a PIE feed.

<Feed xmlns="http://www.bazaarvoice.com/xs/PRR/PostPurchaseFeed/14.7" encryptionKeyID="ENCRYPTION-KEY-ID-2016-07-15T21:17:55.208Z">
    <Interaction>
        <TransactionDate>2016-05-07T13:29:40.894</TransactionDate>
        <EncryptedEmailAddress>70c7dd458232284dd1720a29835fd4aa7afce99f2c587d3db43d19a54375b8afcdcca96206c6b3f99df8f058d1
6bf8bcb98c9b0fd52d6395d8181608e17cfabcb438c8c32415d99a5f856f041ffbb8098728c5680655dbdd68abc62656eb164781db3c866209b9bfeb9
80da66037a83b9e282a79d4e9133e21175173b8d139b64de0ad09e3b42f9727c3a2be79682196de950179b94def664f5172ef887d31497c9d56f9196e
7f8073547d95c0ccc04519102ddaef6ff898d99c4067a1e9a5530a552f2562877618d493a2e292a181af2d8d56cb5c9dde4177da8ad1ceaf3eed129d6
9fe554c81110a10d6bbd6244bdfa2aadcca03a6d9b6bb3fbf8979c8a98ab81969d5190da2c49b6abd1ffeaabded63998b0963da405b81085f7ec1b89c
e9a1db6b3df88352e574881da04facb393e7b82ff8fbc78c86ed8374389c8e160fde89f161872f5787fc39b74b3db873cfad345c8f52e9a8d3c93feae
473df93713196d6d36dacfae7571afb6a45caa840143e433dfe52c825cf5101f050fea512edc4818c986b241e6b8cf411daa880f7a0c3c04f94f29edc
3fd89eefc3b9673ae78b6f314bc5514176965e13adf0a3b1bfb12d07e100ce288e223443b6b82c69c5caa97d3a0d81d</EncryptedEmailAddress>
        <Locale>en_US</Locale>
        <UserName>nickname1</UserName>
        <UserID>718737491</UserID>
        <Products>
            <Product>
                <ExternalId>prod01</ExternalId>
                <Name>Product 1</Name>
                <ImageUrl>http://test.cimages/products/01.jpg</ImageUrl>
                <Price>20.61</Price>
            </Product>
        </Products>
    </Interaction>
</Feed>