Seamlessly unify user profiles with Captain Up

Finally, user integration. You can now seamlessly integrate and sync your users’ accounts in your system with their Captain Up accounts.

Like an iceberg, most of this feature is below the surface. It gives you methods to send Captain Up your user data directly, from your code. This includes both directly adding users to Captain Up and directly updating their Captain Up data.

Why should you care?

  • You can now seamlessly unify users’ profiles in your system with Captain Up
  • Users can now sign up without connecting Facebook or Twitter
  • You can now activate Captain Up for all registered users across your apps and sites

Setting up user integration

The recommended way to sync user data is from the client side, and there are API routes as well. You can read the API reference for how to use those.

For the client-side method, you simply have to add the `user` configuration option when initializing Captain Up. This will sync users’ data one at a time. You have to supply a unique ID for each user from your system, and you can optionally specify other fields, from basics such as name and profile picture through any custom field you want.

The code should look something like this:

// Captain Up Configuration
captain.up({
  // Your API key
  api_key: '510c4052d06c26129b000002',
  // Enable cookie sessions
  cookie: true,
  // Sync the user details to Captain Up
  user: {
    // The user's unique ID on your site or app
    id: 'guid-in-your-app',
    // The user name
    name: 'Captain Up',
    // The user profile picture, a full URL
    image: 'https://example.com/user-profile-picture.png',
    // Any custom field you want.
    favorite_color: 'blue'
  }
});

Security

The client side is unsecure, and savvy users can easily change the data sent, allowing them to potentially edit their profiles directly, including any back-end fields.

To avoid this, we have also added a secure user integration option, which you have to switch on in your admin panel to use. Captain Up will then require all user integration requests to be correctly signed.

Read more about correctly signing user data, and client-side user integration in general, in the JavaScript Reference.

Onwards and upwards!

We know many of you were eagerly waiting for this update, and we look forward to seeing all the wonderful things you will do with it. Good luck, and never hesitate to reach out to us.

Security: Captain Up Response and Update to OpenSSL Heartbleed

On April 7th, the OpenSSL project has published a Security Advisory detailing a severe zero-day vulnerability in its encryption software, used by a sizable percentage of the internet. The exploit is called “Heartbleed” and it can potentially allow attackers to retrieve sensitive information from any server accepting SSL connections.

We have patched the vulnerability in our service infrastructure and have taken further efforts to mitigate any potential risks.

We have no reason to believe any Captain Up accounts were compromised.

Steps We’ve Taken

Here’s some more details on the actions we took:

– We’ve upgraded our infrastructure to a fixed release of OpenSSL.

– We’ve generated new certifications for all of our SSL endpoints.

– We’ve replaced all the secert keys across our system.

– All user sessions were reset.

– We’re conducting a comprehensive security review of every system that might have been affected.

What You Can Do

We have no indication that the “Heartbleed” exploit was used against our service. However, due to the wide nature of this issue, we highly recommend you to reset your Captain Up password, as well as reset your password in any other service you use that contains sensitive information.

We take your security extremely seriously. If you have any questions or concerns, contact us on Twitter or email us at team@captainup.com