Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Identity management for the Container REST service

Updated on August 4, 2022

The Web and Mobile channels support using identity matching to uniquely identify and track anonymous users when making Next-Best-Action decisions. The Container service supports using browser-based identity matching (such as Pega's identity matching, or a third-party identity solution), as well as server-side OAuth authentication.

Pega Customer Decision Hub

Browser-based identity matching

Browser-based identity matching is used when the Container service is deployed on a company web site as an unauthenticated service that runs on a customer's browser. In this case, the service uses browser cookies and the customer ID to identify an individual and present personalized content in the real-time container. The matching has the following stages:

  1. Check if identity matching is enabled using the MKTLoadCustomerFromIdentityMatch Dynamic system setting.
  2. Check if the SubjectID is provided.
  3. Check if the ExternalID is provided.
  4. Look up SubjectID from ExternalID or MKTID.

Pega Customer Decision Hub provides native identity management functionality. You can also use a third-party solution to track anonymous users and link them to identified profiles based on their past actions, such as logging in, clicking on an email link, or completing a form.

Pega identity matching

In order to use the Pega identity matching, set the MKTLoadCustomerFromIdentityMatch Dynamic System Setting to true. Once enabled, Pega Customer Decision Hub will automatically generate a unique ID and place a MKTID cookie in the users' browser.

The MKTID cookie will contain the unique identifier and all interactions will be captured using this ID. If the Container service passes the SubjectID (representing identified customer), the Container service will automatically create an association between the MKTID and the SubjectID. This allows Pega Customer Decision Hub to merge the anonymous and identified profiles and behaviors and make a Next-Best-Action decision based on the combined history.

Third-party matching

You can also leverage an existing third-party identity management solution with the Container service. The optional ExternalID parameter of the service is used for the third-party identifier. If only the ExternalID is provided then all interaction history will be captured using this identifier. If the SubjectID and the ExternalID are both provided, an association between these will be created and the SubjectID will be used to capture the interaction history.

OAuth authentication

For cases where the Container service is deployed on a server instead of running in a browser, browser-based identity matching is not used. Instead, Pega Customer Decision Hub supports server-to-server OAuth 2.0 authentication through the PegaCDHSecuredContainer service package.

In order to use OAuth 2.0 authentication, create an instance of OAuth 2.0 client registration, and then use the generated Client ID and Client Secret to allow the external application to access Pega Customer Decision Hub. For more information, see Creating and configuring an OAuth 2.0 client registration.

  • Previous topic Triggering a real-time container with the Container REST service
  • Next topic Making custom Strategy Result properties available for real-time container data flows

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us