Web SDK vs. Edge Network API for website events

Question

Hi!

Greetings for the day. We are implementing CJA for a leading Healthcare client. We are currently in the discovery phase, where we propose that they start with the CNAME approach using the Web SDK.

Given that the CNAME approach is also not full-proof with browsers like Safari, they also want us to explore the Edge Network API for a future-ready implementation. They don't have CDP, and for now, they will only be sending web events (website interactions)-related data to AEP. What I understood is that the API is useful for environments that do not support Web or Mobile SDK, but we can deploy the Web SDK JS on their website. They are considering the advantage of a secure and authenticated way to send sensitive data to the platform via the API, but they only have the website/clickstream data at the moment, which I believe will go through the unauthenticated endpoint (or can we use the authenticated endpoint here?).

I believe sending events data for 1000s of website users via the API is not a good approach. Also, from where will we be executing these API calls, directly on the client side/user's browser? But, that's also not fully safe, right? Like, we can see requests to adobedc.net from the browser. What's the best practice here? Should we even think of the API for web events?

bjoern__koth · Answer

So, a couple of things here.You are talking about sensitive Healthcare information (which is highly sensitive and usage in dashboard is critical and should be checked with your legal department first). They should definitely give you an idea of which fields are even legally allowed to be used in any form of dashboard.CNAMEThe CNAME was historically used to “cloak” requests to Adobe, and in return have a first-party cookie set.Safari detects the CNAME to point to Adobe, and hence treating the cookie and limiting its lifetime to 7 days.This affects Analytics as well as Adobe Experience Platform (“kndctr”) cookies alike.Now, what you can do here is implement a servlet on your own server that writes a so-called “FPID” cookie that is written in the response. Since your server is writing the cookie, no browser can limit its lifetime.Within your Edge network datastream, you can then enable the FPID cookie to take precedence over the regular Adobe cookies, effectively having a cookie that outlasts all of their cookies.Labeling Sensitive DataIf given green light by legal, you can onboard this data into separate datasets that you can then connect to CJA (create a separate schema for this, and make sure to apply DULE data governance labels, especially C8 and C12 to prevent specific fields from being used in data views, see also this blog).Some more key aspectsyour datasets must have a primary identity / person ID that is present in the web data as well to stitch it.in order to hide certain fields from this

CNAME

Labeling Sensitive Data

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded