• English
  • Español
  • Portugues
  • Français

Quiz Integration

Integrate Coremetrix quizzes seamlessly into your client app using the following two-fold process
  1. Client Authentication: Authenticate the client app using the identity API, accessible with the provided API key. Refer to the Identity API documentationfor details.
  2. Token Issuance: Coremetrix will issue an ID token containing various claims, including PUID and expiry date. The client app uses this ID token to generate the quiz URL and direct quiz takers to the quiz.
  3. Quiz Access:Quiz takers are directed to the quiz (via i-frame or redirect). Coremetrix validates the ID token; if valid and not expired, access to the quiz is granted. If the ID token is invalid or expired, a 401 Unauthorized response is returned to the quiz taker.

The quiz URL structure is as follows

EnvironmentLandingQuiz
Staginghttps://quiz-stg.coremetrix.com/landing/sandbox?jwt=JWT_TOKENhttps://quiz-stg.coremetrix.com/quiz/sandbox?jwt=JWT_TOKEN
Productionhttps://quiz.coremetrix.com/landing/sandbox?jwt=JWT_TOKENhttps://quiz.coremetrix.com/quiz/sandbox?jwt=JWT_TOKEN

Client Credentials Grant Flow:

Similar to the Client Credentials Grant Flow in OAuth 2.0, this authentication flow is suitable for scenarios where the client application itself needs access to resources without involving end-user interaction. It provides a secure means for your backend application to obtain an ID token and access the Coremetrix quiz on behalf of the client user (quiz taker).

webhook
  1. Client Authentication (Step 1): The client application (backend) authenticates itself directly with the identity service using its client credentials (API key). The (puid) (pseudonymised id) provided is the relevant customer identifier from your system.
  2. Token Issuance (Step 2):Upon successful authentication, the identity service issues an ID token to the client application.
  3. Quiz URL Construction (Steps 3-4):The client application constructs the quiz URL using the obtained ID token.
  4. Quiz Access (Steps 5-6): The client app directs the user to the quiz URL, and Coremetrix validates the ID token. If valid, access to the quiz is granted; otherwise, an unauthorized response is returned.

Data protection by design and default

Coremetrix limits what data is collected from individuals taking the quiz. All Coremetrix quizzes use the PUID to identify individual attempts that are passed to Coremetrix by the client. During this process, no personally identifiable information (PII) is provided to Coremetrix.

At no point in this process is any other personal data, such as name, date of birth, account number and address, shared with Coremetrix. The PUID is passed to Coremetrix as a query parameter in the quiz URL. This is the sole handover process. Only the client can match individuals to their respective PUID.

Coremetrix carries out the assessment against the PUID and then this is used by the client to request scores via the Coremetrix API.

The only data collected during the assessment process are individuals’ responses to quiz questions. Answers are provided by clicking on possible response options, in the form of pictures. The individual is informed that there are no right or wrong answers and to click on the option that they feel best represents him or her.

Quiz look and feel

If previously agreed, Coremetrix can create a custom branded quiz for the client. The client will have to provide the relevant brand guidelines, fonts, logos for the Coremetrix creative and design teams to design and build the quiz.

Brand pack requeriments:

  1. High resolution logo
  2. Colour schemes #HEX
  3. Fonts (if not freely available on the web please provide a .woff file)
  4. Hover (for any buttons)
  5. Tone of voice (if required)

The following parts of the quiz page are customizable

  1. Favicon
  2. Title
  3. Font
  4. Background
  5. Colour scheme
  6. Logo Buttons
  7. Hover

Directing individuals to the Coremetrix quiz

Depending on the type of project (as outlined in the Legal Basis for Processing policy) the individual will receive the URL via SMS, email or redirected from the client’s website to/shown the quiz in an iframe as part of the application process.

Quiz redirect

The quiz link can be shared in different ways with the customer. For example, a call to action (CTA), such as a “Start Quiz” button, could redirect the user to the Coremetrix domain, where they can complete the quiz.

Upon completion the user can be redirected back to the client’s website. This redirection can be used as a trigger to initiate an API call. We can also display a landing page at the beginning of the quiz and a thank you page at the end of the quiz.

Quiz iframe

An Inline Frame also referred as an iframe can be used to insert the Coremetrix quiz into your webpage. This approach will allow you to fully control the messaging/branding and navigation around the quiz itself.

The iframe can be applied by adding some simple html code to the existing webpages in the customer application.

More information about iframes can be found at: https://www.w3schools.com/tags/tag_iframe.asp

Place the following element where you want the iframe to be rendered:

<iframe src="$QUIZ_LINK" width="$WIDTH" height="$HEIGHT" frameborder="0"></iframe>

Replace the following variables

$QUIZ_LINK with the quiz URL: https://quiz.coremetrix.com/quiz/quiz_name?jwt=ID_TOKEN

See previous sections for more details on how to obtain the ID token.

with the width the iframe should span (px or %)

with the height the iframe should span (px or %)

Replace the following variables

QuizStagingProduction
Staging<iframe src=https://quiz-stg.coremetrix.com/quiz/sandbox?jwt=ID_TOKEN frameborder="0" lenght="960px "height="800px" /><iframe src=https://quiz.coremetrix.com/quiz/sandbox?jwt=ID_TOKEN frameborder="0" lenght="960px" height="800px" />

A separate integration via an API/Webhook provides the communication method for receiving the score.

Note: Coremetrix restricts the use of the <frame>, <iframe>, <object>, <embed>, or <applet> by default to remove the risk of Clickjacking. You will need to let Coremetrix know in advance on which domain you intent to use to render the quiz inside an iframe. Coremetrix will then whitelist this entries using the `frame-ancestors` CSP directive.

Quiz iframe – End of quiz notification event

When the quiz gets completed, or when a completed quiz gets re-loaded, a message will be posted from the iframe with “QUIZ_COMPLETE”. To access the message, insert an event listener in your webpage.

        
        window.addEventListener('message', receiveMessage, false);
        
        function receiveMessage(evt){
        if(evt.data = "QUIZ_COMPLETE"){
            //custom code
        }
        }
BACK