- DarkLight
Implementing Trusted Vendors
- DarkLight
In this article, you'll learn how to use our Trusted Vendors feature.
About Trusted Vendors
Authentic reviews are an essential part of earning the trust of visitors to your site. Yotpo helps you earn buyer trust by applying badges to reviews based on their verification method. In cases where review authenticity has been guaranteed by another means, the Trusted Vendors feature can be enabled to create verified reviewers or verified buyers without sending the reviewer an automatic review request or confirmation email.
Google has strict requirements for defining which reviews are eligible for seller ratings. To find out if your site reviews are eligible, contact your Yotpo representative.
About reviewer badges
Yotpo applies reviewer badges to reviews according to their level of verification. For an in-depth description of Yotpo's Reviewer Badges, click here
Verified Buyer
The Verified Buyer badge is applied to reviews submitted via the automatic review request email because Yotpo can confirm that the reviewer purchased the product they reviewed based on the purchase information received by Yotpo.
Verified Reviewer
Reviews submitted via API call or the Reviews Widget / Reviews Tab on your website are verified via a confirmation email sent to the reviewer. Once the review is authenticated, the review is published with a Verified Reviewer badge. The same badge is also applied to reviews where the reviewer clicked on a social media icon and logged into their social account to verify authenticity.
Creating verified reviews
If you are able to confirm the authenticity of your reviews, the Trusted Vendors feature can be used to apply a Verified Reviewer or Verified Buyer badge to reviews without sending your reviewers a verification email.
To enable the feature, you must first contact your Yotpo Customer Success Manager. Once the feature has been enabled, you can implement Trusted Vendors using one of the three methods listed below:
Method | Description |
---|---|
Landing page | Reviews generated via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on your configurations |
Reviews Widget | Reviews generated through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations |
API endpoint | Reviews generated using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations |
To verify the integrity of the posted data and to ensure the creator of the review is indeed the verified vendor, all three implementation methods requires a digested hash signature.
Click here to learn more.
Creating verified reviews via a dedicated landing page
Using this implementation method, you can create a unique URL that can be added to emails or pages on your site. The URL contains a calculated signature that will direct reviewers to a Yotpo-hosted landing page when clicked. Reviews submitted via this Yotpo-hosted landing page will receive a Verified Buyer or Verified Reviewer badge based on the URL parameters.
URL Parameters
To implement Trusted Vendors via landing page, include the following parameters in the page URL:
Base URL:
- https://landing-pages.yotpo.com/base/#/review
If you're using the Landing Page Template Editor, please use the base URL below:
- https://landing-pages.yotpo.com/custom/app_key/1/#/review
- app_key should be replaced with your Yotpo account API key
Parameter | Description |
---|---|
appkey | Your Yotpo account API key |
sku | The SKU (stock-keeping unit) of the product |
product_title | The name of the product |
product_description | The description of the product |
product_url | The URL of the product on your store website |
display_name | reviewer display name |
The verified buyer or verified reviewer user email | |
signature | The signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function. The secret for the function is the account secret. See Signing Reviewer Data to learn how to generate a data signature. |
time_stamp | Unix timestamp |
reviewer_type | The reviewer type. Use this field only if there is also a Reviews Widget on the same page. Possible values: verified_buyer or verified_reviewer |
review_title_required | Accepts a Boolean as a parameter. false: will not include a review title field in the landing page true: will include a review title field in the landing page |
Example:
The app_key of the Yotpo account that is associated with this asset is xxxxxx
- Shopper Name: Arthur Lamdas.
- For privacy reasons, this name should be passed in the following format: “Arthur L.”
- Reviewer email: arthurl@gmail.com
- Unix timestamp at the moment of signature is: 123456789
Expand this tab to view a sample URL
https://landing-pages.yotpo.com/base/#/review?appkey= TqxSmh4giN7MFOvoslOIcLC6a0EUyuuYyCARJuGx&sku=1&product_title=USBthingy&product_description=testing-this-thing&product_url=http:%2F%2Fgkshops.com%2FBigUSBthingy.html&display_%20name=Arthurl&email=arthurl@gmail.com&signature=e407294cd0f86e215fe13844d9177ae8142433c6eb489c46843555959f0d9eda&time_stamp=1513086220&reviewer_type=verified_buyer&review_title_required=true
Creating verified reviews through the Reviews Widget or Reviews Tab
Using this implementation method, reviews created through the Reviews Widget or the Reviews Tab will receive a Verified Buyer or Verified Reviewer badge based on your configurations.
Add the div element below to the DOM structure of the relevant page.
You'll need to substitute each data element with the appropriate values of the buyer or reviewer. The div class must be "yotpo-signed-data"
The element should be added to the DOM structure of the relevant page.
<div class="yotpo-signed-data"
data-user-name="my name"
data-user-email="some@email.com"
data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
data-reviewer-type="verified_buyer"
data-time-stamp="1415107190">
</div>
Parameter | Description | Required |
---|---|---|
data-user-name | The full name of the verified buyer/verified reviewer | √ |
data-user-email | The email address of the verified buyer/verified reviewer | √ |
data-reviewer-type | The reviewer type. Use this field only if there is also a reviews widget on the same page. Possible values: verified_buyer or verified_reviewer | √ |
data-time-stamp | Unix timestamp | √ |
data-signature | The signature is the hexadecimal representation of a computed hash-based Message Authentication Code, using HMAC or SHA256 as the cryptographic function. The secret for the function is the account secret. See Signing Reviewer Data to learn how to generate a data signature. | √ |
data-reviewer-badge | The custom badge name for this reviewer. Note: Only use this when using the Customized Badge feature |
Creating Verified Q&A through the Q&A Widget
To allow shoppers to ask Q&A questions without requiring a verification email, add the following data element and value to the Yotpo Main Widget div element.
- data-mode="questions"
- See line 7 in the example below:
<div class="yotpo-signed-data"
data-user-name="my name"
data-user-email="some@email.com"
data-signature="F93GJPbthaNLVImLB0zbSk9PoAT6hZForCnkIWiE"
data-reviewer-type="verified_reviewer"
data-time-stamp="1415107190"
data-mode="questions">
</div>
Using this method, visitors who ask a question on your site are not required to provide their email address and will not receive a verification email.
Creating verified reviews by API endpoint
Using this implementation method, reviews created using the Create Reviews (Asynchronous) endpoint will receive a Verified Buyer or Verified Reviewer badge based on your configurations.
Please refer to the Creating Reviews (Asynchronous) endpoint in the Yotpo API documentation to view a full list of endpoint parameters, values, and responses.
Parameter | Description | Required for Trusted Vendors |
---|---|---|
appkey | Your Yotpo account API key. | √ |
domain | The account domain. | |
sku | The unique ID of the product on your site (doesn't have to be the SKU). To create a site review, use the value: 'yotpo_site_reviews' | √ |
product_title | The title of the product. | √ |
product_description | The description of the product | |
product_url | The product page URL of the product | √ |
product_image_url | The URL of the product image | |
display_name | The reviewer's name | √ |
The reviewer's email address | √ | |
review_content | The text content of the review | √ |
image_urls | The images submitted with the review. Please note: Videos cannot be uploaded via API. | |
review_title | The title of the review | √ |
review_score | The review score | √ |
signature | The signature is the hexadecimal representation of a computed Hash-based Message Authentication Code, using SHA256 as the cryptographic function (HMAC-SHA256). Must be passed in lowercase characters. The secret for the function is the account secret key. Note: The 'time_stamp' and 'reviewer_type' parameters are mandatory when using the signature parameter. See Signing Reviewer Data to learn how to generate a data signature. | √ |
time_stamp | Unix timestamp | √ |
submission_time_stamp | The date the review was created (if not today). Can be up to 7 days in the past. If you want to add a creation date that is more than 7 days in the past, please contact support | |
reviewer_type | The reviewer badge type. Possible values: verified_buyer or verified_reviewer Note: This is relevant when creating reviews as a Trusted Vendor (signature is mandatory) | √ |
Request example:
POST https://api.yotpo.com/v1/widget/reviews
============================================
{
"appkey": "PGIkyrrTBQ0VtQOn8rPpedQEEdBIL7vtr9Cu4LvA",
"domain": "http://www.shop.com",
"sku": "10",
"product_title": "Phone",
"product_description": "Smart Phone",
"product_url": "http://www.shop.com/phone.html",
"product_image_url": "http://www.shop.com/phone.jpg",
"display_name": "John Smith",
"email": "john@shop.com",
"review_content": "It’s really good",
"review_title": "Great Phone",
"review_score": 5,
"signature": "e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31", "time_stamp": "1426770722",
"reviewer_type": "verified_buyer"
}
- The `time_stamp` and `reviewer_type` parameters are mandatory when using the `signature` parameter.
- The `reviewer_type` parameter refers to a `verified_buyer` or `verified_reviewer` and requires a signature
- To pass validation, the hash in your signature must be passed in lowercase characters
- Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f
- Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F
- To see an example request for this feature, click Examples in the payload on the right and select Trusted Vendor
Signing Reviewer Data
To verify the integrity of the posted data and to ensure the creator of the review is the verified vendor, requires attaching a digested hash signature.
There are two types of hash signatures you can use - HMAC with SHA256 hash or SHA256.
The type of hash you choose to implement is up to you, but you must use a consistent signature type to sign all reviewer data.
For example, if you've chosen HMAC, all of your signatures must be HMAC and vice versa.
- To ensure proper functionality, you must update your Yotpo Customer Success Manager with the hash function you choose to implement (HMAC or SHA256).
- To pass validation, the hash in your signature must be in lowercase.
- Correct: e3a30f856453983fc3884ca0c9ef1f31862e6ad25199803dbc192bf2a58f2b31
- Incorrect: E3A30F856453983FC3884CA0c9EF1F31862E6AD25199803DBC192BF2A58F2B31
You can use a free third-party tool such as Freeformatter.com to generate a signature:
Verified Buyer Signatures
HMAC with SHA256 - Verified Buyer
The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code
- Select SHA256 as the digest algorithm (HMACSHA256).
- The Secret Key input of the HMAC should be the account’s API Secret.
Verified Buyer HMAC Signature - Expand this tab to view an example:
- Reviewer email: arthurl@gmail.com
- Reviewer type: verified_buyer
- SKU: PROD1234
- The Unix timestamp at the moment of signature: 123456789
- API Secret Key of the Yotpo Account: yyyyyy
Note: The API secret should be added to the 'Secret Key' field, not as part of the string.
**Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them
SHA256 - Verified Buyer
- The signature is a hexadecimal digest using SHA256.
- The message input of the SHA256 should be a sorted concatenation of the following values:
- Reviewer email
- Reviewer type: verified_buyer
- Product ID
- Unix timestamp
- API secret key
Verified Buyer SHA256 Signature - Expand this tab to view an example
- Reviewer email: arthurl@gmail.com
- Reviewer type: verified_buyer
- SKU: USB1234
- The Unix timestamp at the moment of signature: 123456789
- API Secret Key of the Yotpo Account: yyyyyy
Verified Reviewer Signatures
HMAC -Verified Reviewer
The signature is a hexadecimal representation of a computed Hash-based Message Authentication Code.
- Select SHA256 as the digest algorithm (HMACSHA256)
- The Secret Key input of the HMAC should be the account’s API Secret
- The order of the field values should remain in the same order
The message input of the HMAC should be a sorted concatenation of the following values:
- Reviewer email
- reviewer_badge (optional – only use this when using the Customized Badge feature)
- reviewer_type
- Unix timestamp
Verified Reviewer HMAC Signature - Expand this tab to view an example
- Reviewer email: arthurl@gmail.com
- Reviewer type: verified_reviewer
- The Unix timestamp at the moment of signature: 123456789
- API Secret Key of the Yotpo Account: yyyyyy
Note: The API secret should be added to the 'Secret Key' field, not as part of the string
**Please Note: All of the above-mentioned values should be in one line without any spaces or separators between them