Installing Churnkey

Details for developers on adding ChurnKey to your app

Adding the ChurnKey Module

The following code will add the ChurnKey module under the window.churnkey namespace so that you can later initialize the offboarding flow for your customers. Place it in the HTML <head> element.

<script>
!function(){
if (!window.churnkey || !window.churnkey.created) {
window.churnkey = { created: true };
const a = document.createElement('script');
a.src = 'https://assets.churnkey.co/js/app.js?appId=YOUR_APP_ID';
a.async = true;
const b = document.getElementsByTagName('script')[0];
b.parentNode.insertBefore(a, b);
}
}();
</script>

Server Side Authentication (HMAC)

Server side verification is in place to make sure all customer requests that ChurnKey makes on your behalf are authorized. This is put in place by using a server side generated HMAC hash on the Stripe customer id.

Concretely, before the ChurnKey flow is triggered, you should send a request to your server which (a) verifies that the request is valid - typically using whatever authorization guards you already have in place for user actions and then (b) hashes that customers Stripe id using the SHA-256 hashing function.

Below are snippet examples of how this hash can be generated in different backend languages.

Node.js
Python (Django)
Ruby (Rails)
PHP
Go
Java
Node.js
const crypto = require("crypto");
const user_hash = crypto.createHmac(
"sha256",
API_KEY // Your Churnkey API Key (keep this safe)
).update(CUSTOMER_ID).digest("hex"); // Send to front-end
Python (Django)
import hmac
import hashlib
email_hash = hmac.new(
API_KEY, # Your Churnkey API Key (keep safe)
CUSTOMER_ID, # Stripe Customer ID
digestmod=hashlib.sha256
).hexdigest() # Send to front-end
Ruby (Rails)
OpenSSL::HMAC.hexdigest(
"sha256",
API_KEY, # Your Churnkey API Key (keep safe)
CUSTOMER_ID # Stripe Customer ID
) #send to front-end
PHP
<?php
echo hash_hmac('sha256', CUSTOMER_ID, API_KEY); // Stripe Customer Id
?>
Go
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
)
func main() {
hash := hmac.New(sha256.New, API_KEY)
hash.Write(CUSTOMER_ID)
hex.EncodeToString(hash.Sum(nil))
}
Java
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class Test {
public static void main(String[] args) {
try {
String secret = API_KEY; // API Secret
String message = CUSTOMER_ID; // Stripe Customer Id
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] hash = (sha256_HMAC.doFinal(message.getBytes()));
StringBuffer result = new StringBuffer();
for (byte b : hash) {
result.append(String.format("%02x", b));
}
System.out.println(result.toString());
}
catch (Exception e){
System.out.println("Error");
}
}
}

Initializing the ChurnKey Flow

Once the HMAC hash has been generated, you can initialize and display the ChurnKey offboarding flow by calling window.churnkey.init('show'). Typically, you will attach an event listener to a "cancel" button.

document.getElementById('cancel-button').addEventListener('click', function () {
// SEE SERVER SIDE AUTHENTICATION ABOVE FOR HMAC_HASH
window.churnkey.init('show', {
customerId: 'CUSTOMER_ID',
authHash: 'HMAC_HASH',
appId: 'YOUR_APP_ID',
mode: 'live',
})
})