This library handles decrypting TrustedForm certificate IDs, which contain metadata about the certificate. Generally speaking, this library can extract the certificate type and the certificate creation date.

There are several different formats of certificate IDs, depending on the certificate type.

This is the most common form of certificate identifier. It looks like a SHA1 hash (40 character hexidecimal string). Web certificate IDs contain two properties:

• type: 'web' — The type of these certificates will always be "web"
• createdAt — The Date the certificate was created

Example: eb9fc4dd9bed9ad451a5648946cf4bf09b5bb947

Mobile certificates are created by the TrustedForm Mobile SDK, which supports collecting certs from mobile platform applications built on iOS and Android. Mobile certificates IDs contain two properties:

• type: 'mobile' — The type of these certificates will always be "mobile"
• createdAt — The Date the certificate was created

Example: 11NgkzK_mroUbOD1-x66NigDliU1kdvbaCtLGvyja1K80vU1sKh9grlwP78vzKSp4ncwAfJAlNPNVY8f

Certificates generated for Facebook Lead Ads contain extra metadata:

• type: 'facebook' — The type of these certificates will always be "facebook"
• createdAt — The Date the certificate was created
• accountId — The ActiveProspect account ID for the account that generated the certificate
• pageId — the Facebook page identifier where the certificate was generated
• leadId — the Facebook lead identifier associated with the certificate

Example: 0.rpM21ddljS9BNNUOm6FZVVqb5C5JMk1cofI4nDGdwy5ezucyxjok9qLyUXMu9diW62Xac8xNMpomBf1B-XDpfbYvaFMr0YC-54TzHcLrni4.OHOMoMFXaX9YW9DoX_xeng.1vnf6DTWU7sJo6XAxlRP_w

TrustedForm implements ping URLs to be used during the ping phase of a ping/post lead auction. Ping IDs are really just a pointer to the real certificate ID. The properties of these IDs are:

• type — The type of the real certificate
• createdAt — The Date the real certificate was created

Example: 0.1JT7QUPI1sOFZxpr72ZK45K0ck75kEBO9H3jNJuX8NkqMTv4UF-zrapBUlsefTP3lkXWh6qM.fF0DNrov0zNUNVRCqDV5dw.E2eYOJ5-dnAgiX02-96FNQ

TrustedForm supports certificate masking. A masked certificate hides important details like the session replay. Currently, masked certificate IDs do not contain any metadata beyond the type property:

• type: 'masked' — The type of these certificates will always be "masked"

This library requires that two seperate private decryption keys be set in environment variables. These variables are named the same as in the TrustedForm platform, for consistency.

• CERT_IDS_SECRET_KEY — The private key used to decrypt web and mobile certificate IDs
• TF_CONFIG_CERT_ID_SECRET — The private key used to decrypt all certificate IDs starting with 0.

To decrypt a certificate ID, call the decrypt() function:

const { decrypt } = require('@activeprospect/trustedform-cert-id');
const decrypted = decrypt('eb9fc4dd9bed9ad451a5648946cf4bf09b5bb947');
console.log(decrypted);
// { 
//   type: 'web',
//   createdAt: 2022-03-08T20:20:16.000Z
// }

To build a ping ID for a given certificate ID, call the ping() function:

const { ping } = require('@activeprospect/trustedform-cert-id');
const certId = 'a1028cbb41b876744fa752eec276bec0e4c48b33';
const pingId = ping(certId);
console.log(pingId);
// 0.1JT7QUPI1sOFZxpr72ZK45K0ck75kEBO9H3jNJuX8NkqMTv4UF-zrapBUlsefTP3lkXWh6qM.fF0DNrov0zNUNVRCqDV5dw.E2eYOJ5-dnAgiX02-96FNQ