Authentication of personalized tracking events

At the moment we are only processing anonymized data. Soon, we would like to enable personalized tracking in our project, i,e, tracking events with a user id. However, we are facing multiple challeges:

  • We want to receive personalized tracking data (events with user id) only from verified users.
  • Furthermore, we would like to make sure to stop receiving events from these users once they have withdrawn their consent.

Do we need to setup a separate collector endpoint for personalized tracking events.
Is there any update on Authenticated Events? This sounds like a very useful feature.

Hi @mgloel,

You might find this blog on anonymous tracking useful - it details how to toggle anonymous tracking on and off when a user grants or revokes consent.

There is no need for a separate collector endpoint, server-side identifiers may also be switched on and off using these settings, at the event level.

Is there any update on Authenticated Events? This sounds like a very useful feature.

You can track progress of everything we currently have scheduled on our public roadmap.

However, I’m not aware of the feature you’re referencing here. Is there an existing issue/feature request somewhere?

Great, thanks for the quick reply.

I was referring to this issue: Placeholder for Verified Events · Issue #1139 · snowplow/snowplow · GitHub but it was closed some time ago.

Ah I see - I had forgotten about this idea.

It seems that it’s not on the roadmap at the moment, but Paul’s suggestions in the other thread at least offer some solutions to implement authentication within what’s already available. :slight_smile:

I just read the post. It’s very interesting indeed but is there something comparable for the android tracker?
We are using snowplow mostly for tracking within mobile applications.

Hi @mgloel

If you are referring to this post:

This isn’t ready out-of-the-box but what Paul explained can be applied to the mobile trackers too. On Android tracker you can attach a custom context (with auth token or a public key) to all the events (you can use Global Contexts feature for that), and adding an enrichment in your pipeline you can check the event source reliability.

This old post (for JS tracker but applicable to mobile trackers too) explains how to create a custom context.

From your initial post:

The Android tracker can be paused and resumed at runtime, so you could manage the consent of the user in your app and stop the event tracking when they withdrawn their consent.


Perfect, thanks a lot for the clarification. :slight_smile:

1 Like