--- title: "Configuring WebTag Legacy manually" date: "2024-11-22T01:14:07+00:00" summary: "Learn to configure WebTag Legacy manually with step-by-step instructions for secure authentication and event tracking." image: type: "page" url: "/customer-data-platform/configuring-webtag-legacy-manually" id: "e528dccf-b7cf-4dde-a00e-cd3eca03b2f7" --- This page provides instructions to configure WebTag Legacy manually. Use the following checklist to configure WebTag Legacy: S.No. Task **Description** 1 Generate and test a Bcrypt access key * [Generating a Bcrypt access key](#generating-bcrypt)  * [Testing the Bcrypt access key using Postman](#testing-bcrypt-access-key) 2 Automate the encryption mechanism. Several frameworks are available to automate the Bcrypt encryption process. * [Generating a Bcrypt access key through Node.js](#different-bcrypt-framework) * [Passing the access-key to the front-end](#passing-access-key) 3 Embed the Global WebTag Legacy script within the `
` tags. [Embedding the Global WebTag Legacy script](#global-webtag-legacy-script) 4 Configure visitors object [Configuring visitors object](#configure-vistor's-object) 5 Configure tracking events Refer to the [Configuring tracking events](https://docs.acquia.com/node/59966?previewMode=current#section-configure-tracking-events) section on the [Configuring WebTag 2.0](/customer-data-platform/configuring-webtag-20-manually "Configuring WebTag 2.0 manually") page. The following implementation diagram helps you to understand the flow between your server, client, and Customer Data Platform (CDP): ![CDP documentation restructure, Legacy Webtag Infographic](https://acquia.widen.net/content/8dc1ed08-999d-4b3f-8db7-4c1516f2ecc0/web/CDP%20documentation%20restructure-Legacy%20Webtag.png) Generating a Bcrypt access key ------------------------------ To secure each request to the CDP service API, you must encrypt the authentication token. The token must be re-authenticated every 24 hours for CDP to continue to receive payloads from your website. Use the following steps to generate a Bcrypt access key: 1. Combine the bearer token and the current date to create a string: `BEARER_TOKENyyyy-MM-dd` For example, the string created by combining `ABCDEFG-HEFEG-DE3FGB` and `2024-01-01` is `ABCDEFG-HEFEG-DE3FGB2024-01-01`. The current date must be used to create the string as the access key is valid for 24 hours. 2. Open [Bcrypt Password Generator](https://www.browserling.com/tools/bcrypt). 3. In the **Password** field, paste the string that you created. ![cdp_bcrypt-password-generator.png](https://acquia.widen.net/content/c162cfba-592c-450c-9d34-e047b42e038e/web/cdp_bcrypt-password-generator.png?w=480&itok=TxwCR8F0) 4. Click **Bcrypt**. The string is hashed using the Bcrypt algorithm with 10 rounds. The resulting hash always begins with the prefix `$2a$`. Testing the Bcrypt access key using Postman ------------------------------------------- As you are still using Postman and working in the staging environment to build the integration steps, you must manually test and understand the encryption setup with Bycrpt. 1. Download and open [Postman](https://www.postman.com/downloads/). 2. Click the (+) icon to create a new collection. ![cdp_create-newcollection.png](https://acquia.widen.net/content/243eb127-5abb-405f-83f5-fcd5b0b784af/web/cdp_create-newcollection.png?w=480&itok=k93fviWq) 3. Click the Ellipsis icon, click **Rename**, and then rename the folder collection to **CDP Push Payload.** ![cdp_rename-CDP-authentication.png](https://acquia.widen.net/content/159ddbee-ce44-4490-b139-8d2c58dbbc07/web/cdp_rename-CDP-authentication.png?h=480&itok=jirwNHh7) 4. Click **Add a request**. ![cdp_add-a-request.png](https://acquia.widen.net/content/87fb9f9b-8b0d-4413-a695-add41add9f86/web/cdp_add-a-request.png?w=480&itok=3Zfs2Wit) 5. Click the Ellipsis icon, click **Rename**, and then rename the request to **Scenario 1 - Pushing a WebTag Event Test.** 6. Change the request to `POST`. ![cdp_get-post.png](https://acquia.widen.net/content/63b25409-debd-48b6-96cf-6e1d0d12c9ec/web/cdp_get-post.png?w=480&itok=XgamsvFf) 7. Enter your instance credentials and the host endpoint URL into **Enter URL or paste text.**  Ensure that the URL matches your cloud region and tenant type as previously saved. ![cdp_webtag-event-test.png](https://acquia.widen.net/content/4ed78b11-7bf8-4f71-a5ea-403a6ea47498/web/cdp_webtag-event-test.png?w=480&itok=5Yx5HlXU) `https://api7.agilone.com/v2/xxxx/dw/tracker` **Cloud Region** **URL Endpoint** **Parameter Description** AWS `api7.agilone.com` * `/v2` indicates the latest version path of the host API. * `/xxxx` indicates the tenant numerical identifier correlating to the tenant ID for accessing account. For more information, [contact Acquia support](/service-offerings/contacting-acquia-support "Contacting Acquia Support"). * `/dw/tracker` indicates the path to the data warehouse (dw), pointing towards service named `tracker`. 8. Enter the following in **Query Params** to be added to the URL: **Key**: `scheme`, **Value**: `a1webtag` **Key**: `accessKey`, **Value**: `'PASTE-BCRYPT-ACCESSKEY'` ![cdp_queryparams.png](https://acquia.widen.net/content/c7d61b29-71d1-4295-a95a-c0a9758e3772/web/cdp_queryparams.png) The system adds the parameters to the URL: `https://api7.agilone.com/v2/xxxx/dw/tracker?scheme=a1webtag&accessKey=paste-bcrypt-accesskey` **Cloud Region** **URL Endpoint** **Parameter Description** AWS `api7.agilone.com` * `?` indicates the beginning of the query string, which contains the parameters. * `scheme=a1webtag` is a parameter that specifies the authentication or authorization scheme to be used. It informs the server that the request is being made under the `a1webtag` scheme, and may possibly affect how the token is generated or what permissions are associated with it. * `accessKey=paste-bcrypt-accesskey` is the manual Bcrypt access key you generated. 9. Replace the `paste-bcrypt-accesskey` text with the access key that you [generated](#generating-bcrypt) previously. ![cdp_event-test-access-key.png](https://acquia.widen.net/content/adefd101-b6b8-496f-980d-d2c7f5fcbcb4/web/cdp_event-test-access-key.png?w=720&itok=ZquP66-F) 10. Click the **Authorization** tab and select the **Type** as **No Auth**. ![cdp_authorization-noauth.png](https://acquia.widen.net/content/1fb257c2-25d2-4cce-92f6-1514de5d8a59/web/cdp_authorization-noauth.png?w=220&itok=GxZcOR6S) 11. Click the **Headers** tab. 12. Add **Key** as **Content-Type** and **Value** as **application/json**. ![cdp_headers.png](https://acquia.widen.net/content/b5d9bde6-1c31-4e68-9b9e-e840d4e9ac82/web/cdp_headers.png) 13. Click **Pre-request Script** and enter the JavaScript code to automatically generate current date as an epoch variable: function epoch (date) {  pm.collectionVariables.set("epochVariable", Date.parse(date)) console.log(pm.collectionVariables.get("epochVariable")) } const dateToday = new Date()  const timestamp = epoch(dateToday) 14. Click **Body**. 1. Select **Raw**. ![cdp_body-tab.png](https://acquia.widen.net/content/6045409d-93e0-4ede-bc50-e4699a2a1443/web/cdp_body-tab.png?w=220&itok=fGYMvmcm) 2. Select **JSON** and enter the following code: { "events": [ { "SourceSystemID":"WebTag", "Cookie": "a1cookie", "EventTimeStamp": {{epochVariable}}, "Type": "productBrowsed", "SourceCustomerNumber": "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", "sourceproductnumber": "user.test@acquia.com" } ], "customers": [ { "SourceSystemID":"WebTag", "SourceCustomerNumber": "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", "Email": "user.test@acquia.com" } ] } ![cdp_pushing-webtag-event-test.png](https://acquia.widen.net/content/254335e8-4a73-4c2c-8788-79c6a56cb5b2/web/cdp_pushing-webtag-event-test.png?w=720&itok=CJsukQFm) 15. Click **Save** and click **Send**. ![cdp_save-send.png](https://acquia.widen.net/content/054c6226-b84a-4ddf-88cf-e72f6bcf9f01/web/cdp_save-send.png?w=220&itok=BAjvedA7) 16. For successful requests, Postman displays **Status: 200 OK** and no response body. The payload is sent to CDP. ![cdp_status-200OK.png](https://acquia.widen.net/content/0b9ffd9c-d583-4c7d-9bf2-e1b129bb8dae/web/cdp_status-200OK.png) 17. To verify that the test payload is displayed in CDP, contact Professional Services and provide the `curl` code snippet from your Postman test. To copy the `curl` code: 1. Click **Code.** ![cdp_curl-code.png](https://acquia.widen.net/content/ebbe3804-28dc-4c71-9110-ac7112edc740/web/cdp_curl-code.png?w=100&itok=xu_gSbW3) 2. Click **Copy Snippet.** ![cdp_curl-code-snippet.png](https://acquia.widen.net/content/f1fc0dff-e118-454f-a094-996e84ac20c0/web/cdp_curl-code-snippet.png?h=480&itok=4K7N9gap) You can manually perform a test push using the website key, which is valid for 24 hours. The process continues until a daily automated server-side system is established to obtain the access key encrypted with Bcrypt. Generating a Bcrypt access key through Node.js ---------------------------------------------- On your server-side, you can use multiple methods to generate a Bcrypt access key. This key can be generated using various programming languages such as Python, Node.js, PHP, Ruby, or Java. For detailed instructions, refer to the developer documentation.  This procedure provides the steps to create a Bcrypt access key through Node.js. Node.js provides several packages for `bcrypt`, with `bcrypt` and `bcryptjs` being the most widely used. `bcrypt` is a native Node module, while `bcryptjs` is entirely implemented in JavaScript. 1. To install `bcrypt`, visit [npm install bcrypt](https://www.npmjs.com/package/bcrypt "https://www.npmjs.com/package/bcrypt"). Acquia recommends an asynchronous approach. The following is a sample code: const bcrypt = require('bcrypt'); const saltRounds = 10; const myPlaintextPassword = 's0/\/\P4$$w0rD'; 2. Auto-generate a salt and hash: bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) { // Store hash in your password DB. console.log(hash); }); Important * Hashes are 60 characters long and include the salt among other parameters, as follows:`$[algorithm]$[cost]$[salt][hash]` eg. (`$[2a]$[10]$[jabo.nDbVTCdWdHBU4Zy5e][gSDSa071vltbRlOpAwT4.K4siyAuJMi]`) * CDP accepts `hash-algorithm identifier => 2a = BCrypt` and it must be a `rounds=10: ~10 hashes/sec`. If you use a different algorithm or cost round, the access fails and results in a 401 unauthorized response from the API endpoint. * If Acquia's recommended approach is unsuitable for you, you must adhere to your company's policy and consult the instructions in the NPM documentation. Passing the access key to the front-end --------------------------------------- The following are some of the methods to deliver the access key to your front-end: * Embedding the key in the HTML sent to the client * Including the key as a dynamic JavaScript variable * Fetching the key through an API. After generating the Bcrypt-hashed access key, pass it to the front-end as a populated tag. * As a dynamic JavaScript variable: 1. Use a templating engine such as Embedded JavaScript (EJS) in web development to generate HTML markup with plain JavaScript. 2. Embed the hash within a script tag in your server-side rendered HTML template. 3. After the hash is available on the front-end, use it as required. For example, you can verify a value by comparing it against another hash. Ideally, Bcrypt hashes must be compared on the server for security reasons. * For client-side applications: 1. Fetch the key through an API call to your server if your application uses SPA frameworks such as React, Angular, Vue.js, Ember.js, or Svelte. 2. Retrieve the hash through an API call to your server and dynamically assign it to the `$A1Config.key` value. If CDP recommended approach do not fit your requirements, you must adhere to your company's policy and proceed. ### Populating the Script Tag Regardless of how the hash is sent to the front-end, you must ensure that the `$A1Config` variable is correctly filled with the Bcrypt hash value before loading the `a1.js` script that relies on it. Embedding the Global WebTag Legacy script ----------------------------------------- On the main HTML domain page, embed the WebTag script within the `
` tags. This script coordinates with the SDK Library to request permissions to access CDP Tracker, thus triggering the subdomain page according to the configured event. **Parameter** **Description** key `dynamic.hash.access.key` is your server's Bcrypt hash value, dynamically retrieved through an API or plain JavaScript, and must be refreshed every 24 hours. tenantId `1111, 2222, 3333` are numerical path identifiers that correlate with the tenant ID for account access. host `//url.endpoint.com` acts as the service endpoint, allowing users to push data to the appropriate environment and cloud services. src [`https://scripts.agilone.com/latest/a1.js`](https://scripts.agilone.com/latest/a1.js) invokes the old CDP SDK script. domain (optional) * `.acme.com` serves as the default main domain for setting up CDP tracking mechanism as a first-party cookie. If you omit it, it might default to a subdomain cookie, potentially being flagged and blocked as a third-party cookie by Google policies. * `domain: ".ecme.com", // Set the static main domain(no subdomain).` Configuring visitors object --------------------------- The code to capture the unique ID and store it in a session must be placed on each subpage of your main website page where you want to track visitor interactions. This can be part of your website's global header or another common include that runs before the page content is fully rendered. 1. Capture the Unique ID: 1. Javascript code snippet **visitor identify** as logged in to the site: var currentVisitor = $A1.Customer ( { SourceCustomerNumber: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Customer Unique ID can be either an email address or a numerical value. UUID: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Duplication of Customer Unique ID can be either an email address or a numerical value. Email: "sample@acquia.com", // Customer email address value. // Add Other data points in this object } ); $A1.event = { SourceCustomerNumber: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Customer Unique ID can be either an email address or a numerical value. Email: "sample@acquia.com", // Customer email address value. // Add Other data points in this object }; 2. Javascript code snippet **visitor anonymous** as logged out from the site: var currentanonymousVisitor = $A1.Customer ( { SourceCustomerNumber: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Customer Unique ID can be either an email address or a numerical value. UUID: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Duplication of Customer Unique ID can be either an email address or a numerical value. } ); $A1.event = { SourceCustomerNumber: "6952E515-B67C-CB1B-3B21-GRG9GBN0LN8DF", // Customer Unique ID can be either an email address or a numerical value. Email: "sample@acquia.com", // Customer email address value. // Add Other data points in this object }; 2. Store the Unique ID in your website's session. This usually involves setting a session cookie with the unique ID value, ensuring it remains throughout the visitor's browser session. 3. Send the Unique ID to CDP using the CDP WebTag library or the DW Tracker API. Ensure that you include the unique identifier and any relevant visitor information in the payload of an HTTP call to CDP. The data structure within the payload depends on whether the visitor is logged in to your website. ### Sample explanation Consider that CDP receives the following values: SourceCustomerNumber Email UUID Source System Name 12345 \- 12345 WebTag \- A34567 sample@acquia.com 12345 WebTag \- 12345 sample@acquia.com 12345 External Source \- A34567 sample@acquia.com \- Customer Data Source ABC CDP maps the received values from the **Customer feed - External Source** to **SourceCustomerNumber** and **UUID**. This results in the following customer summary record: Master Customer Email UUID Name 12345|A34567 sample@acquia.com 12345 ABC