Implementing Trusted Vendors
    • Dark
      Light

    Implementing Trusted Vendors

    • Dark
      Light

    Article summary

    Products


    Reviews
    Supported plans

    Premium, Enterprise

    eCommerce Platform

    N/A

    In this article, you'll learn how to use our Trusted Vendors feature.

    About Trusted Vendors

    Authentic reviews are an essential part of earning the trust of visitors to your site. Yotpo helps you earn buyer trust by applying badges to reviews based on their verification method. In cases where review authenticity has been guaranteed by another means, the Trusted Vendors feature can be enabled to create verified reviewers or verified buyers without sending the reviewer an automatic review request or confirmation email

    Google has strict requirements for defining which reviews are eligible for seller ratings. To find out if your site reviews are eligible, contact your Yotpo representative.

    About reviewer badges

    Yotpo applies reviewer badges to reviews according to their level of verification. For an in-depth description of Yotpo's Reviewer Badges, click here

    Verified Buyer

    The Verified Buyer badge is applied to reviews submitted via the automatic review request email because Yotpo can confirm that the reviewer purchased the product they reviewed based on the purchase information received by Yotpo.  


    Verified Reviewer

    Reviews submitted via API call or the Reviews Widget / Reviews Tab on your website are verified via a confirmation email sent to the reviewer. Once the review is authenticated, the review is published with a Verified Reviewer badge. The same badge is also applied to reviews where the reviewer clicked on a social media icon and logged into their social account to verify authenticity.



    Creating verified reviews

    If you are able to confirm the authenticity of your reviews, the Trusted Vendors feature can be used to apply a Verified Reviewer or Verified Buyer badge to reviews without sending your reviewers a verification email.

    To enable the feature, you must first contact your Yotpo Customer Success Manager. Once the feature has been enabled, you can implement Trusted Vendors using one of the three methods listed below:

    Method Description 
    Landing page Reviews generated via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on your configurations
    Reviews Widget Reviews generated through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations
    API endpointReviews generated using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations
    Please note:

    To verify the integrity of the posted data and to ensure the creator of the review is indeed the verified vendor, all three implementation methods requires a digested hash signature.

    Click here to learn more.

    Creating verified reviews via a dedicated landing page

    Using this implementation method, you can create a unique URL that can be added to emails or pages on your site. The URL contains a calculated signature that will direct reviewers to a Yotpo-hosted landing page when clicked. Reviews submitted via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on the URL parameters. 

    URL Parameters

    To implement Trusted Vendors via landing page, include the following parameters in the page URL:

    Base URL:

    • https://landing-pages.yotpo.com/base/#/review
    Please note:

    If you're using the Landing Page Template Editor, please use the base URL below:

    • https://landing-pages.yotpo.com/custom/app_key/1/#/review 
      • app_key should be replaced with your Yotpo account API key
    ParameterDescription
    appkeyYour Yotpo account API key
    skuThe SKU (stock-keeping unit) of the product
    product_titleThe name of the product
    product_description The description of the product
    product_urlThe URL of the product on your store website
    display_namereviewer display name 
    emailThe verified buyer or verified reviewer user email
    signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
    The secret for the function is the account secret.
    See Signing Reviewer Data to learn how to generate a data signature.
    time_stampUnix timestamp
    reviewer_typeThe reviewer type. Use this field only if there is also a Reviews Widget on the same page.
    Possible values:
    verified_buyer or verified_reviewer
    review_title_requiredAccepts a Boolean as a parameter.
    false: will not include a review title field in the landing page
    true: will include a review title field in the landing page

    Example:

    The app_key of the Yotpo account that is associated with this asset is xxxxxx

    1. Shopper Name: Arthur Lamdas. 
      1. For privacy reasons, this name should be passed in the following format: “Arthur L.”
    2. Reviewer email: arthurl@gmail.com
    3. Unix timestamp at the moment of signature is: 123456789
    Expand this tab to view a sample URL

    https://landing-pages.yotpo.com/base/#/review?appkey= TqxSmh4giN7MFOvoslOIcLC6a0EUyuuYyCARJuGx&sku=1&product_title=USBthingy&product_description=testing-this-thing&product_url=http:%2F%2Fgkshops.com%2FBigUSBthingy.html&display_%20name=Arthurl&email=arthurl@gmail.com&signature=e407294cd0f86e215fe13844d9177ae8142433c6eb489c46843555959f0d9eda&time_stamp=1513086220&reviewer_type=verified_buyer&review_title_required=true

    Creating verified reviews through the Reviews Widget or Reviews Tab

    Using this implementation method, reviews created through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

    Add the div element below to the DOM structure of the relevant page.

    Please note:

    You'll need to substitute each data element with the appropriate values of the buyer or reviewer. The div class must be "yotpo-signed-data"

    The element should be added to the DOM structure of the relevant page.

    <div class="yotpo-signed-data"
    data-user-name="my name"
    data-user-email="some@email.com"
    data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
    data-reviewer-type="verified_buyer"
    data-time-stamp="1415107190">
    </div>
    ParameterDescription Required 
    data-user-nameThe full name of the verified buyer/verified reviewer
    data-user-emailThe email address of the verified buyer/verified reviewer
    data-reviewer-typeThe reviewer type.
    Use this field only if there is also a reviews widget on the same page.
    Possible values:
    verified_buyer or verified_reviewer
    data-time-stampUnix timestamp
    data-signatureThe signature is the hexadecimal representation of a computed hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function.
    The secret for the function is the account secret.
    See Signing Reviewer Data to learn how to generate a data signature.
    data-reviewer-badgeThe custom badge name for this reviewer.
    Note:  Only use this when using the Customized Badge feature

    Creating Verified Q&A through the Q&A Widget

    To allow shoppers to ask Q&A questions without requiring a verification email, add the following data element and value to the Yotpo Main Widget div element.

    • data-mode="questions"
    • See line 7 in the example below:
    <div class="yotpo-signed-data"
    data-user-name="my name"
    data-user-email="some@email.com"
    data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
    data-reviewer-type="verified_reviewer"
    data-time-stamp="1415107190"
    data-mode="questions">
    </div>

    Using this method, visitors who ask a question on your site are not required to provide their email address and will not receive a verification email. 

    Creating verified reviews by API endpoint

    Using this implementation method, reviews created using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations.

    Please refer to the Creating Reviews (Asynchronous) endpoint in the Yotpo API documentation to view a full list of endpoint parameters, values, and responses.

    Please note:
    When creating Trusted Vendors reviews using this method, the following parameters must be included:
    ParameterDescriptionRequired for Trusted Vendors
    appkeyYour Yotpo account API key.
    domainThe account domain.
    skuThe unique ID of the product on your site (doesn't have to be the SKU). To create a site review, use the value: 'yotpo_site_reviews'
    product_title The title of the product.
    product_descriptionThe description of the product
    product_urlThe product page URL of the product
    product_image_urlThe URL of the product image
    display_nameThe reviewer's name
    emailThe reviewer's email address
    review_content The text content of the review
    image_urlsThe images submitted with the review.
    Please note: Videos cannot be uploaded via API.

    review_titleThe title of the review
    review_scoreThe review score
    signatureThe signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using SHA256 as the cryptographic function (HMAC-SHA256). Must be passed in lowercase characters.
    The secret for the function is the account secret key.
    Note: The 'time_stamp' and 'reviewer_type' parameters are mandatory when using the signature parameter.
    See Signing Reviewer Data to learn how to generate a data signature.
    time_stampUnix timestamp
    submission_time_stampThe date the review was created (if not today). Can be up to 7 days in the past. If you want to add a creation date that is more than 7 days in the past, please contact support
    reviewer_typeThe reviewer badge type.
    Possible values:
    verified_buyer or verified_reviewer
    Note: This is relevant when creating reviews as a Trusted Vendor (signature is mandatory)

    Request example:

    POST https://api.yotpo.com/v1/widget/reviews
    ============================================

    {
    "appkey": "PGIkyrrTBQ0VtQOn8rPpedQEEdBIL7vtr9Cu4LvA",
    "domain": "http://www.shop.com",
    "sku": "10",
    "product_title": "Phone",
    "product_description": "Smart Phone",
    "product_url": "http://www.shop.com/phone.html",
    "product_image_url": "http://www.shop.com/phone.jpg",
    "display_name": "John Smith",
    "email": "john@shop.com",
    "review_content": "It’s really good",
    "review_title": "Great Phone",
    "review_score": 5,
    "signature": "e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31", "time_stamp": "1426770722",
    "reviewer_type": "verified_buyer"
    }

    Please note:
    • The `time_stamp` and `reviewer_type` parameters are mandatory when using the `signature` parameter.
    • The `reviewer_type` parameter refers to a `verified_buyer` or `verified_reviewer` and requires a signature
    • To pass validation, the hash in your signature must be passed in lowercase characters
      • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f
      • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F
    • To see an example request for this feature, click Examples in the payload on the right and select Trusted Vendor

    Signing Reviewer Data

    To verify the integrity of the posted data and to ensure the creator of the review is the verified vendor, requires attaching a digested hash signature.

    There are two types of hash signatures you can use - HMAC with SHA256 hash or SHA256

    The type of hash you choose to implement is up to you, but you must use a consistent signature type to sign all reviewer data. 

    For example, if you've chosen HMAC, all of your signatures must be HMAC and vice versa.

    Important:
    • To ensure proper functionality, you must update your Yotpo Customer Success Manager with the hash function you choose to implement (HMAC or SHA256).
    • To pass validation, the hash in your signature must be in lowercase.
      • Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31
      • Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F2B31
    Tip:

    You can use a free third-party tool such as Freeformatter.com to generate a signature:

    Verified Buyer Signatures

    HMAC with SHA256 - Verified Buyer

    The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code

    • Select SHA256 as the digest algorithm (HMACSHA256).
    • The Secret Key input of the HMAC should be the account’s API Secret.
    Verified Buyer HMAC Signature - Expand this tab to view an example:
    1. Reviewer email: arthurl@gmail.com
    2. Reviewer type: verified_buyer
    3. SKU: PROD1234
    4. The Unix timestamp at the moment of signature: 123456789
    5. API Secret Key of the Yotpo Account: yyyyyy
      Note: The API secret should be added to the 'Secret Key' field, not as part of the string.

    **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them

    SHA256 - Verified Buyer

    1. The signature is a hexadecimal digest using SHA256.
    2. The message input of the SHA256 should be a sorted concatenation of the following values:
      1. Reviewer email
      2. Reviewer type: verified_buyer
      3. Product ID
      4. Unix timestamp
      5. API secret key
    Tip:
    This signature can be generated using the SHA256 Generator
    Verified Buyer SHA256 Signature - Expand this tab to view an example
    1. Reviewer email: arthurl@gmail.com
    2. Reviewer type: verified_buyer
    3. SKU: USB1234
    4. The Unix timestamp at the moment of signature: 123456789
    5. API Secret Key of the Yotpo Account: yyyyyy

    Verified Reviewer Signatures

    HMAC -Verified Reviewer

    The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code. 

    • Select SHA256 as the digest algorithm (HMACSHA256)
    • The Secret Key input of the HMAC should be the account’s API Secret
    • The order of the field values should remain in the same order

    The message input of the HMAC should be a sorted concatenation of the following values:

    1. Reviewer email
    2. reviewer_badge (optional – only use this when using the Customized Badge feature)
    3. reviewer_type
    4. Unix timestamp
    Tip:
    This signature can be generated using the HMAC Generator
    Verified Reviewer HMAC Signature - Expand this tab to view an example
    1. Reviewer email: arthurl@gmail.com
    2. Reviewer type: verified_reviewer
    3. The Unix timestamp at the moment of signature: 123456789
    4. API Secret Key of the Yotpo Account: yyyyyy

    Note: The API secret should be added to the 'Secret Key' field, not as part of the string

    **Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them


    Was this article helpful?