Customer Experience Advanced


Scriplet is a mechanism used by Authentication Services like HSID and OptumID. Scriplet takes the UBRID and other information and make it available in a cookie.

<!DOCTYPE html>
        <meta charset="UTF-8">
        <title>Scriptlet Sample Code</title>
         <script type='text/javascript'>
           window.optumPageDataLayer = {
                  darids: ['UHG.Optum.Pixel.SelfService.Scriptlet']
             (function (cx, darids, a, m) {
               i = window;
               s = document,
               o = 'script',
               r = 'Rakanto',
               i['RakantoObject'] = r;
               i[r] = i[r] || function () {
                (i[r].q = i[r].q || []).push([1 *].concat(
               i[r].l = 1 * new Date();
               //Scriptlet Begin
                 _ClientSideData: {},
                 get() { return this._ClientSideData; },
                 set(value) {
                   this._ClientSideData = value;
                   var now = new Date();
                   var minutes = 30;
                   var expireTime = now.getTime() + minutes * 60 * 1000;
                   document.cookie = 'RakantoClientSideData=' + JSON.stringify(value) + '; expires=' + now.toUTCString() +';path=/';
               //Scriptlet End
               a = s.createElement(o), m = s.getElementsByTagName(o)[0];
      = 'rakanto';
               a.src = cx;
               if (darids){a.setAttribute('data-px-darids', darids)};
               a.async = 1;
               m.parentNode.insertBefore(a, m)
             Rakanto('sendCustomData', {}, {namespace:'UHG.Optum.Pixel.CXScriptTest.stage.CustomData',foo: 'bar'});
            <p>CX Script Scriplet Example!</p>

Custom Data Encryption

NOTE : This section explains how custom fields are handled in Pixel Apps.  The logic may change when we ecrypt the custom fields that cxscript would send to external API endpoint

When the user’s browser receives the CXScript Javascript, embedded within is a public key (randomly assigned by the script server, but for the OptumID API endpoint will additionally have whatever public key is provided). This public key is then used to encrypt the payload field of the custom data fields JSON, which is in the following format:

    "private_key_md5": “…”,
    "encryption_type": "rsa",
    "payload": [

Example :


The private_key_md5 field specifies a md5 hash of the private key corresponding to the public key used, which is then used by the CSE transformer to identify the appropriate key for decryption. The encryption_type field specifies the type of encryption used, by default currently RSA, but there are plans to support other encryption methods in the future The payload field is whatever custom fields are specified, encrypted, Base64 encoded, and split into chunks, into an array of 500 byte maximum strings

This whole JSON structure is then Base64 encoded into a message that is then sent by the browser, to both the CSE-Listener and whatever other API endpoints are specified.

In the CSE transformer, the following is the process to decode the custom data fields:

  • Base64 decode the message into JSON
  • Based on the private_key_md5 field and encryption_type field, select which key to use for decryption
  • Iterate through each chunk of the payload array:
    • Base64 decode the chunk
    • Decrypt using the previously determined key
    • Add the decrypted fields to custom data map
  • Process the custom data map

Multiple API endpoints

JSON format