Hi, Hoping someone can provide some information for below We are developing External accessed Website hosted in Azure App service, and we have requirement to track one page visit in to Dynamics 365. We have created a custom trigger in Dynamics 365 by following the steps at https://learn.microsoft.com/en-us/dynamics365/customer-insights/journeys/real-time-marketing-custom-triggers We have placed this code snippet on to external page which works fine, but the security implications we have is about the Ingestion Key
As per MS / The code snippet that is provided with the trigger contains an ingestion key that uniquely identifies the Customer Insights - Journeys instance. An attacker with access to the ingestion key could possibly send spurious triggers that can trigger unintended customer journeys. It's a good practice to: Protect the ingestion key wherever possible. Limit the use of attributes in custom triggers, especially when those attributes can be used to personalize content and act as potential attack vectors such as cross-site scripting.
We are not sure how this Ingestion key can be hidden, the call is made from website by client and they can clearly see this unique Ingestion key on page when they go to view source
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Share
Report
All responses (
Answers (
170
