Security & Verification

Secret Key Security

Configure a domain-level secret lock key to prevent unauthorized domains or pages from calling conversion actions and draining your quotas.

Parameter Details

secret_key text

Default: "" (Disabled)

Token used to verify a request that is locked to a domain or specific html.

Global API Protection

The Secret Key is a powerful security feature that protects your entire API from unauthorized usage. When you configure a secret_token in your dashboard, all requests to the API must include a mathematically valid secret_key signature.

How it works:

1

Set a secret token in your Token Dashboard.

2

Combine your payload (base string) with your token.

3

Hash it using MD5 and send it as secret_key.

Hashing Strategy per Mode

Because the API supports multiple conversion types, the "base" string you must hash depends on the type of conversion you are performing. Choose your mode below to see the exact formula:

// 1. The base string is the requested URL string. // Note: "URL" level ignores query params, "URL & Query" requires exact URL. $secret_key = md5($url_base . $secret_token);

// 1. The base string is the exact raw HTML string sent in the request. $secret_key = md5($html_string . $secret_token);

// 1. The base string is the exact Markdown string sent in the request. $secret_key = md5($markdown_string . $secret_token);

// 1. Base: MD5 checksum of the uploaded file's contents + original filename. $file_hash = md5_file($file_path); $secret_key = md5($file_hash . $filename . $secret_token);

// 1. Base: JSON-encoded liquid_data array + base template string. // CRITICAL: Ensure your JSON encoding has no extra whitespace (standard format). $json_data = json_encode($liquid_data_array); $secret_key = md5($json_data . $template_string . $secret_token);