Implementing Trusted Vendors

      Implementing Trusted Vendors


        Article summary

        Products


        Reviews
        Supported plans

        Premium, Enterprise

        eCommerce Platform

        N/A

        In this article, you'll learn how to use our Trusted Vendors feature.

        About Trusted Vendors

        Authentic reviews are an essential part of earning the trust of visitors to your site. Yotpo helps you earn buyer trust by applying badges to reviews based on their verification method. In cases where review authenticity has been guaranteed by another means, the Trusted Vendors feature can be enabled to create verified reviewers or verified buyers without sending the reviewer an automatic review request or confirmation email

        Google has strict requirements for defining which reviews are eligible for seller ratings. To find out if your site reviews are eligible, contact your Yotpo representative.

        About reviewer badges

        Yotpo applies reviewer badges to reviews according to their level of verification. For an in-depth description of Yotpo's Reviewer Badges, click here

        Verified Buyer

        The Verified Buyer badge is applied to reviews submitted via the automatic review request email because Yotpo can confirm that the reviewer purchased the product they reviewed based on the purchase information received by Yotpo.  


        Verified Reviewer

        Reviews submitted via API call or the Reviews Widget / Reviews Tab on your website are verified via a confirmation email sent to the reviewer. Once the review is authenticated, the review is published with a Verified Reviewer badge. The same badge is also applied to reviews where the reviewer clicked on a social media icon and logged into their social account to verify authenticity.



        Creating verified reviews

        If you are able to confirm the authenticity of your reviews, the Trusted Vendors feature can be used to apply a Verified Reviewer or Verified Buyer badge to reviews without sending your reviewers a verification email.

        To enable the feature, you must first contact your Yotpo Customer Success Manager. Once the feature has been enabled, you can implement Trusted Vendors using one of the three methods listed below:

        Method Description 
        Landing page Reviews generated via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on your configurations
        Reviews Widget Reviews generated through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations
        API endpointReviews generated using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations
        Please note:

        To verify the integrity of the posted data and to ensure the creator of the review is indeed the verified vendor, all three implementation methods requires a digested hash signature.

        Click here to learn more.

        Creating verified reviews via a dedicated landing page

        Using this implementation method, you can create a unique URL that can be added to emails or pages on your site. The URL contains a calculated signature that will direct reviewers to a Yotpo-hosted landing page when clicked. Reviews submitted via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on the URL parameters. 

        URL Parameters

        To implement Trusted Vendors via landing page, include the following parameters in the page URL:

        Base URL:

        • https://landing-pages.yotpo.com/base/#/review
        Please note:

        If you're using the Landing Page Template Editor, please use the base URL below:

        • https://landing-pages.yotpo.com/custom/app_key/1/#/review 
          • app_key should be replaced with your Yotpo account API key
        ParameterDescription
        appkeyYour Yotpo account API key
        skuThe SKU (stock-keeping unit) of the product
        product_titleThe name of the product
        product_description The description of the product
        product_urlThe URL of the product on your store website
        display_namereviewer display name 
        emailThe verified buyer or verified reviewer user email
        signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
        The secret for the function is the account secret.
        See Signing Reviewer Data to learn how to generate a data signature.
        time_stampUnix timestamp
        reviewer_typeThe reviewer type. Use this field only if there is also a Reviews Widget on the same page.
        Possible values:
        verified_buyer or verified_reviewer
        review_title_requiredAccepts a Boolean as a parameter.
        false: will not include a review title field in the landing page
        true: will include a review title field in the landing page

        Example:

        The app_key of the Yotpo account that is associated with this asset is xxxxxx

        1. Shopper Name: Arthur Lamdas. 
          1. For privacy reasons, this name should be passed in the following format: “Arthur L.”
        2. Reviewer email: arthurl@gmail.com
        3. Unix timestamp at the moment of signature is: 123456789
        Expand this tab to view a sample URL

        https://landing-pages.yotpo.com/base/#/review?appkey= TqxSmh4giN7MFOvoslOIcLC6a0EUyuuYyCARJuGx&sku=1&product_title=USBthingy&product_description=testing-this-thing&product_url=http:%2F%2Fgkshops.com%2FBigUSBthingy.html&display_%20name=Arthurl&email=arthurl@gmail.com&signature=e407294cd0f86e215fe13844d9177ae8142433c6eb489c46843555959f0d9eda&time_stamp=1513086220&reviewer_type=verified_buyer&review_title_required=true

        Creating verified reviews through the Reviews Widget or Reviews Tab

        Using this implementation method, reviews created through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

        Add the div element below to the DOM structure of the relevant page.

        Please note:

        You'll need to substitute each data element with the appropriate values of the buyer or reviewer. The div class must be "yotpo-signed-data"

        The element should be added to the DOM structure of the relevant page.

        <div class="yotpo-signed-data"
        data-user-name="my name"
        data-user-email="some@email.com"
        data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
        data-reviewer-type="verified_buyer"
        data-time-stamp="1415107190">
        </div>
        ParameterDescription Required 
        data-user-nameThe full name of the verified buyer/verified reviewer
        data-user-emailThe email address of the verified buyer/verified reviewer
        data-reviewer-typeThe reviewer type.
        Use this field only if there is also a reviews widget on the same page.
        Possible values:
        verified_buyer or verified_reviewer
        data-time-stampUnix timestamp
        data-signatureThe signature is the hexadecimal representation of a computed hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
        The secret for the function is the account secret.
        See Signing Reviewer Data to learn how to generate a data signature.
        data-reviewer-badgeThe custom badge name for this reviewer.
        Note:  Only use this when using the Customized Badge feature

        Creating Verified Q&A through the Q&A Widget

        To allow shoppers to ask Q&A questions without requiring a verification email, add the following data element and value to the Yotpo Main Widget div element.

        • data-mode="questions"
        • See line 7 in the example below:
        <div class="yotpo-signed-data"
        data-user-name="my name"
        data-user-email="some@email.com"
        data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
        data-reviewer-type="verified_reviewer"
        data-time-stamp="1415107190"
        data-mode="questions">
        </div>

        Using this method, visitors who ask a question on your site are not required to provide their email address and will not receive a verification email. 

        Creating verified reviews by API endpoint

        Using this implementation method, reviews created using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

        Please refer to the Creating Reviews (Asynchronous) endpoint in the Yotpo API documentation to view a full list of endpoint parameters, values, and responses.

        Please note:
        When creating Trusted Vendors reviews using this method, the following parameters must be included:
        ParameterDescriptionRequired for Trusted Vendors
        appkeyYour Yotpo account API key.
        domainThe account domain.
        skuThe unique ID of the product on your site (doesn't have to be the SKU). To create a site review, use the value: 'yotpo_site_reviews'
        product_title The title of the product.
        product_descriptionThe description of the product
        product_urlThe product page URL of the product
        product_image_urlThe URL of the product image
        display_nameThe reviewer's name
        emailThe reviewer's email address
        review_content The text content of the review
        image_urlsThe images submitted with the review.
        Please note: Videos cannot be uploaded via API.

        review_titleThe title of the review
        review_scoreThe review score
        signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using SHA256 as the cryptographic function (HMAC-SHA256). Must be passed in lowercase characters.
        The secret for the function is the account secret key.
        Note: The 'time_stamp' and 'reviewer_type' parameters are mandatory when using the signature parameter.
        See Signing Reviewer Data to learn how to generate a data signature.
        time_stampUnix timestamp
        submission_time_stampThe date the review was created (if not today). Can be up to 7 days in the past. If you want to add a creation date that is more than 7 days in the past, please contact support
        reviewer_typeThe reviewer badge type.
        Possible values:
        verified_buyer or verified_reviewer
        Note: This is relevant when creating reviews as a Trusted Vendor (signature is mandatory)

        Request example:

        POST https://api.yotpo.com/v1/widget/reviews
        ============================================

        {
        "appkey": "PGIkyrrTBQ0VtQOn8rPpedQEEdBIL7vtr9Cu4LvA",
        "domain": "http://www.shop.com",
        "sku": "10",
        "product_title": "Phone",
        "product_description": "Smart Phone",
        "product_url": "http://www.shop.com/phone.html",
        "product_image_url": "http://www.shop.com/phone.jpg",
        "display_name": "John Smith",
        "email": "john@shop.com",
        "review_content": "It’s really good",
        "review_title": "Great Phone",
        "review_score": 5,
        "signature": "e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31", "time_stamp": "1426770722",
        "reviewer_type": "verified_buyer"
        }

        Please note:
        • The `time_stamp` and `reviewer_type` parameters are mandatory when using the `signature` parameter.
        • The `reviewer_type` parameter refers to a `verified_buyer` or `verified_reviewer` and requires a signature
        • To pass validation, the hash in your signature must be passed in lowercase characters
          • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f
          • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F
        • To see an example request for this feature, click Examples in the payload on the right and select Trusted Vendor

        Signing Reviewer Data

        To verify the integrity of the posted data and to ensure the creator of the review is the verified vendor, requires attaching a digested hash signature.

        There are two types of hash signatures you can use - HMAC with SHA256 hash or SHA256

        The type of hash you choose to implement is up to you, but you must use a consistent signature type to sign all reviewer data. 

        For example, if you've chosen HMAC, all of your signatures must be HMAC and vice versa.

        Important:
        • To ensure proper functionality, you must update your Yotpo Customer Success Manager with the hash function you choose to implement (HMAC or SHA256).
        • To pass validation, the hash in your signature must be in lowercase.
          • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31
          • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F2B31
        Tip:

        You can use a free third-party tool such as Freeformatter.com to generate a signature:

        Verified Buyer Signatures

        HMAC with SHA256 - Verified Buyer

        The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code

        • Select SHA256 as the digest algorithm (HMACSHA256).
        • The Secret Key input of the HMAC should be the account’s API Secret.
        Verified Buyer HMAC Signature - Expand this tab to view an example:
        1. Reviewer email: arthurl@gmail.com
        2. Reviewer type: verified_buyer
        3. SKU: PROD1234
        4. The Unix timestamp at the moment of signature: 123456789
        5. API Secret Key of the Yotpo Account: yyyyyy
          Note: The API secret should be added to the 'Secret Key' field, not as part of the string.

        **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them

        SHA256 - Verified Buyer

        1. The signature is a hexadecimal digest using SHA256.
        2. The message input of the SHA256 should be a sorted concatenation of the following values:
          1. Reviewer email
          2. Reviewer type: verified_buyer
          3. Product ID
          4. Unix timestamp
          5. API secret key
        Tip:
        This signature can be generated using the SHA256 Generator
        Verified Buyer SHA256 Signature - Expand this tab to view an example
        1. Reviewer email: arthurl@gmail.com
        2. Reviewer type: verified_buyer
        3. SKU: USB1234
        4. The Unix timestamp at the moment of signature: 123456789
        5. API Secret Key of the Yotpo Account: yyyyyy

        Verified Reviewer Signatures

        HMAC -Verified Reviewer

        The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code. 

        • Select SHA256 as the digest algorithm (HMACSHA256)
        • The Secret Key input of the HMAC should be the account’s API Secret
        • The order of the field values should remain in the same order

        The message input of the HMAC should be a sorted concatenation of the following values:

        1. Reviewer email
        2. reviewer_badge (optional – only use this when using the Customized Badge feature)
        3. reviewer_type
        4. Unix timestamp
        Tip:
        This signature can be generated using the HMAC Generator
        Verified Reviewer HMAC Signature - Expand this tab to view an example
        1. Reviewer email: arthurl@gmail.com
        2. Reviewer type: verified_reviewer
        3. The Unix timestamp at the moment of signature: 123456789
        4. API Secret Key of the Yotpo Account: yyyyyy

        Note: The API secret should be added to the 'Secret Key' field, not as part of the string

        **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them


        Was this article helpful?