# Verify your users Enforce identity verification to prevent other from pretend to be (third party) for entertainment or fraud logged-in users. Generate an HMAC with SHA256 whenever a user logs into your app. Most web frameworks will have a method or library to help you do this. You'll need your app’s secret key and the email of the currently logged-in user. **Secret Key**\ \ For example, in Ruby on Rails we can generate our HMAC using a method called `OpenSSL::HMAC.hexdigest`, where the first parameter is the name of a hash function (we use SHA256), the second is your secret key, and the third is your user’s email. ```javascript OpenSSL::HMAC.hexdigest( 'sha256', # hash function '', # secret key (keep safe!) current_user.email # user's email address ) ``` {% hint style="info" %} Keep your secret key safe! Never commit it directly to your repository, client-side code, or anywhere a third party can find it. {% endhint %} To set up identity verification, you'll need to generate an HMAC on your server for each logged-in user and set in acquireIO SDK. {% hint style="info" %} This must be called before `setAccount:` takes place and must pass same email in `setVisitor:`. {% endhint %} ```javascript [[AcquireIO support] setVisitorHash:<_Nonnull String your_hmac_of_email>]; ``` First, you need to add email id in set visitor method in SDK for uniquely identify your users. Note that if you set only visitor hash and email is not set then acquire can't identify visitor. So you need both method to verify visitor hash. ```javascript [[AcquireIO support] setVisitor: phone: andEmail:]; ``` ### **Logout visitor** If you have set visitor hash (HMAC digest) and visitor just logged out from account and need to manage user integrity with agent, call method logoutVisitor to remove all acquire data from your app related to visitorHash. This must call method to logout from acquireIO support: ```javascript [[AcquireIO support] logoutVisitor]; ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.acquire.io/master/ios/verify-your-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.