Contents x
      Implementing Trusted Vendors
          Contents

          Implementing Trusted Vendors

              Article Summary

              Products


              Reviews
              Supported plans

              Premium, Enterprise

              eCommerce Platform

              N/A

              In this article, you'll learn how to use our Trusted Vendors feature.

              About Trusted Vendors

              Authentic reviews are an essential part of earning the trust of visitors to your site. Yotpo helps you earn buyer trust by applying badges to reviews based on their verification method. In cases where review authenticity has been guaranteed by another means, the Trusted Vendors feature can be enabled to create verified reviewers or verified buyers without sending the reviewer an automatic review request or confirmation email

              Google has strict requirements for defining which reviews are eligible for seller ratings. To find out if your site reviews are eligible, contact your Yotpo representative.

              About reviewer badges

              Yotpo applies reviewer badges to reviews according to their level of verification. For an in-depth description of Yotpo's Reviewer Badges, click here

              Verified Buyer

              The Verified Buyer badge is applied to reviews submitted via the automatic review request email because Yotpo can confirm that the reviewer purchased the product they reviewed based on the purchase information received by Yotpo.  


              Verified Reviewer

              Reviews submitted via API call or the Reviews Widget / Reviews Tab on your website are verified via a confirmation email sent to the reviewer. Once the review is authenticated, the review is published with a Verified Reviewer badge. The same badge is also applied to reviews where the reviewer clicked on a social media icon and logged into their social account to verify authenticity.



              Creating verified reviews

              If you are able to confirm the authenticity of your reviews, the Trusted Vendors feature can be used to apply a Verified Reviewer or Verified Buyer badge to reviews without sending your reviewers a verification email.

              To enable the feature, you must first contact your Yotpo Customer Success Manager. Once the feature has been enabled, you can implement Trusted Vendors using one of the three methods listed below:

              Method Description 
              Landing page Reviews generated via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on your configurations
              Reviews Widget Reviews generated through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations
              API endpointReviews generated using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations
              Please note:

              To verify the integrity of the posted data and to ensure the creator of the review is indeed the verified vendor, all three implementation methods requires a digested hash signature.

              Click here to learn more.

              Creating verified reviews via a dedicated landing page

              Using this implementation method, you can create a unique URL that can be added to emails or pages on your site. The URL contains a calculated signature that will direct reviewers to a Yotpo-hosted landing page when clicked. Reviews submitted via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on the URL parameters. 

              URL Parameters

              To implement Trusted Vendors via landing page, include the following parameters in the page URL:

              Base URL:

              • https://landing-pages.yotpo.com/base/#/review
              Please note:

              If you're using the Landing Page Template Editor, please use the base URL below:

              • https://landing-pages.yotpo.com/custom/app_key/1/#/review 
                • app_key should be replaced with your Yotpo account API key
              ParameterDescription
              appkeyYour Yotpo account API key
              skuThe SKU (stock-keeping unit) of the product
              product_titleThe name of the product
              product_description The description of the product
              product_urlThe URL of the product on your store website
              display_namereviewer display name 
              emailThe verified buyer or verified reviewer user email
              signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
              The secret for the function is the account secret.
              See Signing Reviewer Data to learn how to generate a data signature.
              time_stampUnix timestamp
              reviewer_typeThe reviewer type. Use this field only if there is also a Reviews Widget on the same page.
              Possible values:
              verified_buyer or verified_reviewer
              review_title_requiredAccepts a Boolean as a parameter.
              false: will not include a review title field in the landing page
              true: will include a review title field in the landing page

              Example:

              The app_key of the Yotpo account that is associated with this asset is xxxxxx

              1. Shopper Name: Arthur Lamdas. 
                1. For privacy reasons, this name should be passed in the following format: “Arthur L.”
              2. Reviewer email: arthurl@gmail.com
              3. Unix timestamp at the moment of signature is: 123456789
              Expand this tab to view a sample URL

              https://landing-pages.yotpo.com/base/#/review?appkey= TqxSmh4giN7MFOvoslOIcLC6a0EUyuuYyCARJuGx&sku=1&product_title=USBthingy&product_description=testing-this-thing&product_url=http:%2F%2Fgkshops.com%2FBigUSBthingy.html&display_%20name=Arthurl&email=arthurl@gmail.com&signature=e407294cd0f86e215fe13844d9177ae8142433c6eb489c46843555959f0d9eda&time_stamp=1513086220&reviewer_type=verified_buyer&review_title_required=true

              Creating verified reviews through the Reviews Widget or Reviews Tab

              Using this implementation method, reviews created through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

              Add the div element below to the DOM structure of the relevant page.

              Please note:

              You'll need to substitute each data element with the appropriate values of the buyer or reviewer. The div class must be "yotpo-signed-data"

              The element should be added to the DOM structure of the relevant page.

              <div class="yotpo-signed-data"
data-user-name="my name"
data-user-email="some@email.com"
data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
data-reviewer-type="verified_buyer"
data-time-stamp="1415107190">
</div>
              ParameterDescription Required 
              data-user-nameThe full name of the verified buyer/verified reviewer
              data-user-emailThe email address of the verified buyer/verified reviewer
              data-reviewer-typeThe reviewer type.
              Use this field only if there is also a reviews widget on the same page.
              Possible values:
              verified_buyer or verified_reviewer
              data-time-stampUnix timestamp
              data-signatureThe signature is the hexadecimal representation of a computed hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
              The secret for the function is the account secret.
              See Signing Reviewer Data to learn how to generate a data signature.
              data-reviewer-badgeThe custom badge name for this reviewer.
              Note:  Only use this when using the Customized Badge feature

              Creating Verified Q&A through the Q&A Widget

              To allow shoppers to ask Q&A questions without requiring a verification email, add the following data element and value to the Yotpo Main Widget div element.

              • data-mode="questions"
              • See line 7 in the example below:
              <div class="yotpo-signed-data"
data-user-name="my name"
data-user-email="some@email.com"
data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
data-reviewer-type="verified_reviewer"
data-time-stamp="1415107190"
data-mode="questions">
</div>

              Using this method, visitors who ask a question on your site are not required to provide their email address and will not receive a verification email. 

              Creating verified reviews by API endpoint

              Using this implementation method, reviews created using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

              Please refer to the Creating Reviews (Asynchronous) endpoint in the Yotpo API documentation to view a full list of endpoint parameters, values, and responses.

              Please note:
              When creating Trusted Vendors reviews using this method, the following parameters must be included:
              ParameterDescriptionRequired for Trusted Vendors
              appkeyYour Yotpo account API key.
              domainThe account domain.
              skuThe unique ID of the product on your site (doesn't have to be the SKU). To create a site review, use the value: 'yotpo_site_reviews'
              product_title The title of the product.
              product_descriptionThe description of the product
              product_urlThe product page URL of the product
              product_image_urlThe URL of the product image
              display_nameThe reviewer's name
              emailThe reviewer's email address
              review_content The text content of the review
              image_urlsThe images submitted with the review.
              Please note: Videos cannot be uploaded via API.
              review_titleThe title of the review
              review_scoreThe review score
              signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using SHA256 as the cryptographic function (HMAC-SHA256). Must be passed in lowercase characters.
              The secret for the function is the account secret key.
              Note: The 'time_stamp' and 'reviewer_type' parameters are mandatory when using the signature parameter.
              See Signing Reviewer Data to learn how to generate a data signature.
              time_stampUnix timestamp
              submission_time_stampThe date the review was created (if not today). Can be up to 7 days in the past. If you want to add a creation date that is more than 7 days in the past, please contact support
              reviewer_typeThe reviewer badge type.
              Possible values:
              verified_buyer or verified_reviewer
              Note: This is relevant when creating reviews as a Trusted Vendor (signature is mandatory)

              Request example:

              POST https://api.yotpo.com/v1/widget/reviews
              ============================================

              {
              "appkey": "PGIkyrrTBQ0VtQOn8rPpedQEEdBIL7vtr9Cu4LvA",
              "domain": "http://www.shop.com",
              "sku": "10",
              "product_title": "Phone",
              "product_description": "Smart Phone",
              "product_url": "http://www.shop.com/phone.html",
              "product_image_url": "http://www.shop.com/phone.jpg",
              "display_name": "John Smith",
              "email": "john@shop.com",
              "review_content": "It’s really good",
              "review_title": "Great Phone",
              "review_score": 5,
              "signature": "e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31", "time_stamp": "1426770722",
              "reviewer_type": "verified_buyer"
              }

              Please note:
              • The `time_stamp` and `reviewer_type` parameters are mandatory when using the `signature` parameter.
              • The `reviewer_type` parameter refers to a `verified_buyer` or `verified_reviewer` and requires a signature
              • To pass validation, the hash in your signature must be passed in lowercase characters
                • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f
                • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F
              • To see an example request for this feature, click Examples in the payload on the right and select Trusted Vendor

              Signing Reviewer Data

              To verify the integrity of the posted data and to ensure the creator of the review is the verified vendor, requires attaching a digested hash signature.

              There are two types of hash signatures you can use - HMAC with SHA256 hash or SHA256

              The type of hash you choose to implement is up to you, but you must use a consistent signature type to sign all reviewer data. 

              For example, if you've chosen HMAC, all of your signatures must be HMAC and vice versa.

              Important:
              • To ensure proper functionality, you must update your Yotpo Customer Success Manager with the hash function you choose to implement (HMAC or SHA256).
              • To pass validation, the hash in your signature must be in lowercase.
                • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31
                • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F2B31
              Tip:

              You can use a free third-party tool such as Freeformatter.com to generate a signature:

              Verified Buyer Signatures

              HMAC with SHA256 - Verified Buyer

              The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code

              • Select SHA256 as the digest algorithm (HMACSHA256).
              • The Secret Key input of the HMAC should be the account’s API Secret.
              Verified Buyer HMAC Signature - Expand this tab to view an example:
              1. Reviewer email: arthurl@gmail.com
              2. Reviewer type: verified_buyer
              3. SKU: PROD1234
              4. The Unix timestamp at the moment of signature: 123456789
              5. API Secret Key of the Yotpo Account: yyyyyy
                Note: The API secret should be added to the 'Secret Key' field, not as part of the string.

              **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them

              SHA256 - Verified Buyer

              1. The signature is a hexadecimal digest using SHA256.
              2. The message input of the SHA256 should be a sorted concatenation of the following values:
                1. Reviewer email
                2. Reviewer type: verified_buyer
                3. Product ID
                4. Unix timestamp
                5. API secret key
              Tip:
              This signature can be generated using the SHA256 Generator
              Verified Buyer SHA256 Signature - Expand this tab to view an example
              1. Reviewer email: arthurl@gmail.com
              2. Reviewer type: verified_buyer
              3. SKU: USB1234
              4. The Unix timestamp at the moment of signature: 123456789
              5. API Secret Key of the Yotpo Account: yyyyyy

              Verified Reviewer Signatures

              HMAC -Verified Reviewer

              The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code. 

              • Select SHA256 as the digest algorithm (HMACSHA256)
              • The Secret Key input of the HMAC should be the account’s API Secret
              • The order of the field values should remain in the same order

              The message input of the HMAC should be a sorted concatenation of the following values:

              1. Reviewer email
              2. reviewer_badge (optional – only use this when using the Customized Badge feature)
              3. reviewer_type
              4. Unix timestamp
              Tip:
              This signature can be generated using the HMAC Generator
              Verified Reviewer HMAC Signature - Expand this tab to view an example
              1. Reviewer email: arthurl@gmail.com
              2. Reviewer type: verified_reviewer
              3. The Unix timestamp at the moment of signature: 123456789
              4. API Secret Key of the Yotpo Account: yyyyyy

              Note: The API secret should be added to the 'Secret Key' field, not as part of the string

              **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them

              Was this article helpful?
              What's Next

              PRODUCT

              RESOURCES

              PARTNERSHIPS

              COMPANY

              SUPPORT

              footer-logo

              Terms of Service

              Terms of Use

              Security

              Privacy Policy