Feed Settings - Embedded Feed

  • Updated

The WorkTango Embedded Feed integration allows customers to display their company’s WorkTango activity feed on a page within their Intranet.


  • An Intranet environment that allows you to add custom code. This excludes Google Sites and many other hosted Intranet-as-a-service environments.
  • An experienced developer resource
  • A secret embedded feed key that is only known to you and WorkTango, provided by WorkTango. Our Support team can have one generated for you upon request.


Before starting, make sure you are able to calculate a keyed-hash authentication message code (HMAC) using the secret embedded feed key every time the embedding page is displayed or refreshed. Static links on plain HTML pages will not work, nor will one-off HMAC tokens from online HMAC generators.

By following these steps, you are creating an expiring URL. It is important for the URL to expire so that it can’t be reused after a short period time by someone who does not have access to your secret key. Also, the HMAC prevents someone from updating any part of the URL without the secret key. This ensures that only the pages you add the code to are authorized to make requests for the feed on your behalf.

  1. Create the URL for the embeddable feed with the needed parameters. format: https://[SUBDOMAIN].youearnedit.com/embed/feed?date=[DATE_TIME]&expire=[SECONDS]
  2. Create the HMAC by hashing the URL above, using SHA-256 and your secret key. The resulting digest must be a hexadecimal digest.
  3. Append the HMAC to the original URL to get the final signed URL. https://[SUBDOMAIN].youearnedit.com/embed/feed?date=[DATE_TIME]&expire=[SECONDS]&token=[HMAC]

You can now use the signed URL to generate an iframe in your intranet.

The following are the required query-string parameters:

  • date: [DATE_TIME]: The date the HMAC token was generated in ISO 8601 UTC format. ex: 20010101T010101Z
  • expire: [SECONDS]: An integer value representing the number of seconds after [DATE_TIME] that this signed request will expire. It is recommended that the expiration window should be a couple of minutes to allow for some time drift between your Intranet server and the YouEarnedIt servers. A value between 60 - 180 seconds is ideal, but as low as possible without triggering HTTP 422 errors.
  • token: [HMAC]: The calculated hexadecimal message digest using SHA-256 and your [FEED_KEY].


HMAC generation uses libraries that are standard in all modern languages and platforms. Examples for your given platform and language are readily available online.

If your secret embedded feed key should ever become compromised, please notify your the WorkTango Support team immediately so a new key can be generated for you.

All tokens should be sent as hexadecimal, not base64.

We currently only support embedded feeds on production YEI accounts. Sandbox accounts are not supported.

The date parameter must be in the format YYYYMMDDTHHIISSZ, e.g. 20010101T010101Z. Any other format will result in a bad parameter error.

*The documentation provided above is only applicable to the WorkTango Recognition & Rewards platform and does not apply to our Surveys & Insights solution.

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Article is closed for comments.