Hashing user emails
DCO Pixel Implementation > Hashing user emails
This section refers to the Taboola DCO solution. For the standard e-commerce solution, see here.
Overview
To enrich DCO campaigns with user data, you can submit hashed email addresses to Taboola. This allows for better user identification and personalization while maintaining privacy and security.
Related docs
Why hashed emails?
Hashing emails is an industry standard for creating a persistent user identity without sharing the actual email address. The one-way hashing algorithm ensures that:
- The hash value will be different for different email addresses
- The original email address cannot be restored from the hash value
- User privacy is maintained while enabling identity matching
ImportantSharing hashed email addresses is mandatory for optimal DCO performance. Include the hashed email in all pixel events using the
unified_idparameter.
Hashing with SHA256
For legal and privacy reasons, all email addresses must be:
- Converted to lowercase (e.g.,
[email protected]β[email protected]) - Hashed using SHA256 encryption
Example
- Original email:
[email protected] - Step 1 - Lowercase:
[email protected] - Step 2 - SHA256 hash:
973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b
Implementation
Client-side JavaScript
Use this method to hash emails directly in the browser:
<html>
<head>
<title>SHA-256 Hash Example</title>
</head>
<body>
<input type="text" id="input" placeholder="Enter text to hash">
<button onclick="hashInput()">Hash</button>
<p>Hashed Output: <span id="output"></span></p>
<script>
async function hashString(message) {
const encoder = new TextEncoder();
const data = encoder.encode(message.toLowerCase());
const hashBuffer = await crypto.subtle.digest('SHA-256', data);
const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
return hashHex;
}
// Call the function when the button is clicked
async function hashInput() {
const input = document.getElementById('input').value;
const output = await hashString(input);
document.getElementById('output').textContent = output;
}
</script>
</body>
</html>
Testing the codeCreate an HTML page with the above code, open it in a web browser, enter an email address, and click the button. Then verify the output.
Server-side PHP
Use this method to hash emails on your server before sending them to the browser:
<?php
// Function to hash an email address
/*
Sample input:
[email protected]
Sample output:
973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b
*/
function hashEmail($email) {
// Convert the email address to lowercase
$emailLower = strtolower($email);
// Hash the lowercase email address using SHA-256
$hashedEmail = hash('sha256', $emailLower);
// Return the hashed email address
return $hashedEmail;
}
// Example usage
$email = "[email protected]";
$hashedEmail = hashEmail($email);
echo "The hashed email address is: " . $hashedEmail;
?>
Testing the codeEdit the
Verifying the output
- Use an online SHA256 tool to verify your implementation produces the correct result.
Note: Enter the email address in lowercase - the tool performs hashing only.
- Sample input:
[email protected] - Expected output:
973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b
Usage in pixel events
Once you have the hashed email, add it to your pixel events using the unified_id parameter:
window._tfa.push({
notify: 'event',
name: 'page_view',
id: ACCOUNT_ID,
unified_id: '973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b'
});For e-commerce events, include it alongside your event data:
_tfa.push({
notify: 'ecevent',
name: 'PRODUCT_VIEW',
id: ACCOUNT_ID,
productIds: ['PROD123'],
unified_id: '973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b'
});
When to capture the emailCapture and hash the user's email whenever they log in or provide it through a form. Store the hashed value in a variable and include it in all subsequent pixel events during that session.
Updated about 15 hours ago