cdp-lite-sdk 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +123 -28
  2. package/dist/cdp-lite-sdk.umd.js +277 -24
  3. package/dist/cdp-lite-sdk.umd.js.map +1 -1
  4. package/dist/cdp-lite-sdk.umd.min.js +1 -1
  5. package/dist/cdp-lite-sdk.umd.min.js.map +1 -1
  6. package/dist/index.cjs.js +277 -24
  7. package/dist/index.cjs.js.map +1 -1
  8. package/dist/index.esm.js +277 -24
  9. package/dist/index.esm.js.map +1 -1
  10. package/package.json +1 -1
package/README.md CHANGED
@@ -11,6 +11,7 @@
11
11
  - [Installation](#installation)
12
12
  - [Quick Start](#quick-start)
13
13
  - [Configuration](#configuration)
14
+ - [Security Features](#security-features)
14
15
  - [Core Methods](#core-methods)
15
16
  - [Advanced Usage](#advanced-usage)
16
17
  - [React Integration](#react-integration)
@@ -21,10 +22,12 @@
21
22
 
22
23
  ---
23
24
 
24
- ## Features
25
+ <h2 id="features">✨ Features</h2>
25
26
 
26
27
  - ✅ **Event Tracking** - Track custom events with properties
27
28
  - ✅ **User Identification** - Identify and track users
29
+ - 🔒 **Data Encryption** - AES-256-CBC encryption for sensitive user data
30
+ - 🔐 **Request Signing** - HMAC-SHA256 signatures for API security
28
31
  - ✅ **Batch Processing** - Auto-batch events for optimal performance
29
32
  - ✅ **Device Detection** - Auto-detect device information
30
33
  - ✅ **Anonymous Tracking** - Track users before identification
@@ -37,7 +40,7 @@
37
40
 
38
41
  ---
39
42
 
40
- ## 📦 Installation
43
+ <h2 id="#installation">📦 Installation</h2>
41
44
 
42
45
  ### NPM
43
46
 
@@ -59,29 +62,31 @@ yarn add cdp-lite-sdk
59
62
 
60
63
  ---
61
64
 
62
- ## 🚀 Quick Start
65
+ <h2 id="#quick-start">🚀 Quick Start</h2>
63
66
 
64
67
  ### ES6 Import (Recommended)
65
68
 
66
69
  ```javascript
67
70
  import CdpLiteSdk from 'cdp-lite-sdk';
68
71
 
69
- // Initialize SDK
72
+ // Initialize SDK with security
70
73
  const cdp = new CdpLiteSdk({
71
74
  apiKey: 'your-api-key',
75
+ secretKey: 'your-secret-key', // Required for encryption & signatures
72
76
  source: 'YourApp',
73
77
  serviceName: 'YourService',
74
78
  isTest: true,
75
79
  debug: true
76
80
  });
77
81
 
78
- // Identify user
82
+ // Identify user (sensitive data auto-encrypted)
79
83
  cdp.identify('user_123', {
80
- name: 'John Doe',
81
- email: 'john@example.com'
84
+ full_name: 'John Doe',
85
+ email: 'john@example.com',
86
+ phone: '0901234567'
82
87
  });
83
88
 
84
- // Track event
89
+ // Track event (auto-signed with HMAC)
85
90
  cdp.track('button_clicked', {
86
91
  button_name: 'Sign Up',
87
92
  page: 'Landing'
@@ -115,7 +120,7 @@ const cdp = new CdpLiteSdk({
115
120
 
116
121
  ---
117
122
 
118
- ## ⚙️ Configuration
123
+ <h2 id="#configuration">⚙️ Configuration</h2>
119
124
 
120
125
  ### Configuration Options
121
126
 
@@ -124,6 +129,10 @@ const cdp = new CdpLiteSdk({
124
129
  // Required
125
130
  apiKey: 'string', // Your API key
126
131
 
132
+ // Security (Recommended)
133
+ secretKey: 'string', // Secret key for encryption & signatures
134
+ enableEncryption: boolean, // Enable traits encryption (default: true)
135
+
127
136
  // Optional
128
137
  source: 'string', // Source name (default: 'Web')
129
138
  serviceName: 'string', // Service name (default: 'DefaultService')
@@ -143,9 +152,10 @@ const cdp = new CdpLiteSdk({
143
152
  ```javascript
144
153
  const cdp = new CdpLiteSdk({
145
154
  apiKey: 'dev-api-key',
155
+ secretKey: 'dev-secret-key',
146
156
  source: 'MyApp',
147
157
  serviceName: 'MyService',
148
- baseUrl: 'https://vconnect-dev.vietcredit.com.vn',
158
+ baseUrl: 'https://stg-ingestlog.vietcredit.com.vn',
149
159
  isTest: true,
150
160
  debug: true,
151
161
  batchSize: 5,
@@ -158,6 +168,7 @@ const cdp = new CdpLiteSdk({
158
168
  ```javascript
159
169
  const cdp = new CdpLiteSdk({
160
170
  apiKey: process.env.CDP_API_KEY,
171
+ secretKey: process.env.CDP_SECRET_KEY,
161
172
  source: 'MyApp',
162
173
  serviceName: 'MyService',
163
174
  baseUrl: 'https://vconnect.vietcredit.com.vn',
@@ -170,7 +181,48 @@ const cdp = new CdpLiteSdk({
170
181
 
171
182
  ---
172
183
 
173
- ## 📚 Core Methods
184
+ <h2 id="#security-features">🔒 Security Features</h2>
185
+
186
+ ### Automatic Data Encryption
187
+
188
+ SDK automatically encrypts sensitive user data using **AES-256-CBC** before sending:
189
+
190
+ ```javascript
191
+ // Sensitive data is automatically encrypted
192
+ cdp.identify('user_123', {
193
+ email: 'user@example.com', // Encrypted
194
+ phone: '0901234567', // Encrypted
195
+ idcard: '001234567890', // Encrypted
196
+
197
+ // Other fields are not encrypted
198
+ city: 'Hanoi',
199
+ age: 30
200
+ });
201
+ ```
202
+
203
+ ### Request Signing
204
+
205
+ All API requests are signed with **HMAC-SHA256** for authentication:
206
+
207
+ ```
208
+ X-Signatures = Base64(HMAC-SHA256(X-Source + "|" + X-Timestamp + "|" + Payload))
209
+ ```
210
+
211
+ ### Setup Security
212
+
213
+ ```javascript
214
+ const cdp = new CdpLiteSdk({
215
+ apiKey: process.env.CDP_API_KEY,
216
+ secretKey: process.env.CDP_SECRET_KEY, // Required for security
217
+ enableEncryption: true // Default: true
218
+ });
219
+ ```
220
+
221
+ **📖 See [SECURITY.md](SECURITY.md) for complete security documentation.**
222
+
223
+ ---
224
+
225
+ <h2 id="#core-methods">📚 Core Methods</h2>
174
226
 
175
227
  ### 1. Track Events
176
228
 
@@ -231,15 +283,32 @@ cdp.identify(userId, traits);
231
283
 
232
284
  ```javascript
233
285
  cdp.identify('user_123', {
234
- name: 'John Doe',
235
- email: 'john@example.com',
286
+ // Sensitive fields (auto-encrypted)
287
+ full_name: 'Nguyen Van A',
288
+ first_name: 'A',
289
+ last_name: 'Nguyen Van',
290
+ email: 'user@example.com',
236
291
  phone: '+84901234567',
292
+ idcard: '001234567890',
293
+ dob: '1990-01-01',
294
+ gender: 'male',
295
+ address: '123 ABC Street, Hanoi',
296
+ religion: 'Buddhism',
297
+
298
+ // Non-sensitive fields (not encrypted)
237
299
  age: 30,
238
300
  city: 'Hanoi',
239
301
  plan: 'premium'
240
302
  });
241
303
  ```
242
304
 
305
+ **Sensitive Fields (Auto-Encrypted):**
306
+ - `full_name`, `first_name`, `last_name`
307
+ - `idcard`, `old_idcard`
308
+ - `phone`, `email`
309
+ - `gender`, `dob`
310
+ - `address`, `religion`
311
+
243
312
  ### 3. Page Views
244
313
 
245
314
  Track page views (for web applications).
@@ -368,7 +437,7 @@ cdp.destroy();
368
437
 
369
438
  ---
370
439
 
371
- ## 🔥 Advanced Usage
440
+ <h2 id="#advanced-usage">🔥 Advanced Usage</h2>
372
441
 
373
442
  ### Batch Processing
374
443
 
@@ -427,7 +496,7 @@ cdp.track('checkout', {
427
496
 
428
497
  ---
429
498
 
430
- ## ⚛️ React Integration
499
+ <h2 id="react-integration">⚛️ React Integration</h2>
431
500
 
432
501
  ### Setup Analytics Context
433
502
 
@@ -525,7 +594,7 @@ function App() {
525
594
 
526
595
  ---
527
596
 
528
- ## 🎯 TypeScript Support
597
+ <h2 id="#typescript-support">🎯 TypeScript Support</h2>
529
598
 
530
599
  Full TypeScript support with type definitions.
531
600
 
@@ -559,12 +628,21 @@ cdp.track('purchase', eventProps);
559
628
 
560
629
  ---
561
630
 
562
- ## 📖 API Reference
631
+ <h2 id="#api-reference">📖 API Reference</h2>
563
632
 
564
633
  ### Constructor
565
634
 
566
635
  ```typescript
567
- new CdpLiteSdk(config: CdpConfig)
636
+ const config: CdpLiteSdk = {
637
+ apiKey: 'your-api-key',
638
+ secretKey: 'your-secret-key', // Required for security features
639
+ source: 'YourApp',
640
+ serviceName: 'YourService',
641
+ enableEncryption: true, // Enable encryption (default: true)
642
+ debug: true
643
+ }
644
+
645
+ const sdk = new CdpLiteSdk(config)
568
646
  ```
569
647
 
570
648
  ### Methods
@@ -583,7 +661,7 @@ new CdpLiteSdk(config: CdpConfig)
583
661
 
584
662
  ---
585
663
 
586
- ## 💡 Examples
664
+ <h2 id="#examples">💡 Examples</h2>
587
665
 
588
666
  ### E-commerce Tracking
589
667
 
@@ -696,7 +774,7 @@ cdp.track('form_submitted', {
696
774
 
697
775
  ---
698
776
 
699
- ## 🐛 Troubleshooting
777
+ <h2 id="#troubleshooting">🐛 Troubleshooting</h2>
700
778
 
701
779
  ### Events Not Sending
702
780
 
@@ -799,11 +877,30 @@ cdp.track('CHECKOUT');
799
877
 
800
878
  ## 🔒 Privacy & Security
801
879
 
802
- - SDK automatically generates anonymous IDs
803
- - User data is only sent after explicit `identify()` call
804
- - All data transmitted over HTTPS
805
- - API keys should be kept secure
806
- - Never commit API keys to version control
880
+ - 🔐 **AES-256-CBC Encryption** for sensitive user data
881
+ - 🔑 **HMAC-SHA256 Signatures** for request authentication
882
+ - 🆔 **Anonymous IDs** generated automatically
883
+ - 📊 **Selective Encryption** - only sensitive fields are encrypted
884
+ - 🔒 **HTTPS Only** - all data transmitted over secure connections
885
+ - 🔑 **Secret Key Protection** - never expose secret keys
886
+ - 🚫 **No Plain Text** - sensitive data never sent unencrypted
887
+
888
+ **Security Best Practices:**
889
+ ```javascript
890
+ // ✅ Use environment variables
891
+ const cdp = new CdpLiteSdk({
892
+ apiKey: process.env.CDP_API_KEY,
893
+ secretKey: process.env.CDP_SECRET_KEY
894
+ });
895
+
896
+ // ❌ Never hardcode keys
897
+ const cdp = new CdpLiteSdk({
898
+ apiKey: 'abc123', // DON'T DO THIS
899
+ secretKey: 'secret123'
900
+ });
901
+ ```
902
+
903
+ **📖 Full Security Guide:** [SECURITY.md](SECURITY.md)
807
904
 
808
905
  ---
809
906
 
@@ -814,9 +911,7 @@ MIT License - see LICENSE file for details
814
911
  ---
815
912
 
816
913
  ## 🤝 Support
817
-
818
- - **Email:** vinv@vega.com.vn
819
-
914
+ - 📧 Email: vinv@vega.com.vn
820
915
  ---
821
916
 
822
917
  ## 🎉 Quick Reference