Bootstrapper
The Maxymiser tag is a JS bootstrapper applied as a single line of HTML code. The JavaScript library is called mmapi.js and performs campaign requests on the website pages. To set up Oracle Maxymiser on your site, simply insert the Maxymiser tag into the global template for your website.
Inserting the tag
The tag has to be inserted into the global template of your site before the closing head tag (</head>), and before any other scripts.
You can copy and paste the tag from the CD API Deployment section in Site Settings. For example:
<script type="text/javascript" src="//service.maxymiser.net/cdn/maxymiser/4632b5/js/mmapi.js"></script>
Below is an example of how to insert the path to mmapi.js in your page source's head:
Rules for inserting the tag
- The protocol (http/https) has been deliberately omitted from the tag to force the browser to download the tag using the same protocol as the page that was downloaded.
- Make sure you insert the Maxymiser tag in the page before the closing head tag (</head>). If this is not possible, then insert the tag at the top of the <body> before any 'renderable' content.
- Deploy the Maxymiser tag without the async or defer attributes set.
- If the Maxymiser tag is deployed using a tag container, then:
- Run the tag container synchronously i.e. without the async or defer attributes set.
- Ensure that the tag container exists before the closing head tag and can be downloaded using the same protocol as the page.
- Ensure that the tag container deploys the Maxymiser tag in a synchronous manner abiding by points 1 and 2.
- If the Maxymiser tag is deployed via another script, then the script inserting the Maxymiser tag must abide by points 1 and 2 and must use document.write to insert the Maxymiser tag.
Using document.createElement and an insert or append command will make the Maxymiser tag run asynchronously, which means that the tag will not function as expected.
Verifying the integration
To verify that Maxymiser has integrated with your website successfully, check that requests to Maxymiser's server are visible using the network tab of your browser’s development tools. See the example below:
Configuring the tag
To configure the JavaScript library (mmapi.js), go to Site Settings > CD API Deployment to configure and deploy the JavaScript library as explained in the online help (Americas) / online help (EMEA).
The underlined areas are the options you need to configure. See the table after the code for a description of the options:
Below is a description of each option:
Option | Description |
storageType |
The type of storage used to store Maxymiser data. This usually will not change. Possible values:
For all Oracle Maxymiser cookies descriptions please visit the Cookies Explained article. The following options for cookies migration between formats are available:
|
cprefix (currently ignored) |
The prefix used for cookies/storage names. This usually will not change. The default value is 'mmcore' |
domain (required) |
The domain should match the domain of the site you created in the Maxymiser UI. Note that this does not necessarily have to match the actual domain name of the website; it only needs to match what is in the UI. |
baseContentUrl |
This is the base path the API libraries will be loaded from, such as mmpackage-1.0js. This usually will not change although the default value depends on your region:
|
cookie_domain (required) |
This is the cookie domain to use. This is usually the top-level domain for the site. For example: '.domain.com' (with a preceding dot) for physical domains 'www.domain.com', 'secure.domain.com' and 'sub.domain.com'. You can use the following code snippet to automatically calculate the proper cookie domain (in most cases): '.'+(location.hostname.match(/[^.]+\.(\w{2,3}\.\w{2}|\w{2,})$/)||[location.hostname])[0] |
srv |
This is the base URL for Content Generator requests. This usually will not change although the default value depends on your region:
|
async (required) |
This flag controls whether or not the first request to the Content Generator is made asynchronously. Leave this value as 'false' to prevent flickering of default content. Only set it to 'true' in the following cases:
Setting async to 'true' increases the risk of flicker.
|
executionMode |
This setting switches Content Generator response format, the following options for the value are available:
'eval' mode makes it easier to debug the code as it creates an individual script that doesn't affect other scripts, while 'inline' mode could stop executing the whole response due to a single syntax error. The latter though doesn't use either eval(), or new Function() for the code execution, that makes it more suitable for the websites that are utilizing Content Security Policy. These setting is available starting from CD API v.1.14 and CD API tag v.1.13.
|
beforeInit |
This option allows you to extend the default behavior of the core library (i.e. mmapi.js) with custom functions. beforeInit is an event triggered before the first Content Generator (CG) request on the page. See Extending the JavaScript Library for a description of the available functions. |
beforeRequest |
This option allows you to extend the default behavior of the core library (i.e. mmapi.js) with custom functions. beforeRequest is an event triggered before every CG request on the page. See Extending the JavaScript Library for a description of the available functions. |
afterResponse |
This option allows you to extend the default behavior of the core library (i.e. mmapi.js) with custom functions. afterResponse is an event triggered after every CG response. See Extending the JavaScript Library for a description of the available functions. |
afterResponseExecution |
This option allows you to extend the default behavior of the core library (i.e. mmapi.js) with custom functions. afterResponseExecution is an event triggered after every CG response has been executed by the core library. See Extending the JavaScript Library for a description of the available functions. |
Extending the JavaScript Library
You can extend the JavaScript Library (i.e. mmapi.js) to seamlessly process page or Content Generator (CG) data. Some cases where you may want to do this include:
- To Initialize site-specific campaigns that should be executed before the first CG request or before each request.
- To integrate single-page apps
- To integrate with 3rd-party analytics
- To transfer cross-domain cookies
- To gather custom attributes
You can use four events within the mmapi.js configuration to bind your handlers:
Event | Description | Arguments |
beforeInit | Triggered before the first Content Generator (CG) request on the page |
|
beforeRequest | Triggered before every CG request on the page |
|
afterResponse | Triggered after every CG response |
|
afterResponseExecution | Triggered after every CG response has been executed by mmapi.js |
|
To identify the format of the parameter and value, look at the query string parameters in the CG request (shown in the example below):
Brief arguments description
- getParam retrieves parameters from mmapi.js storage.
- setParam overrides any URL parameter.
- loader gives ability to turn off Maxymiser testing based on specific condition or switch to asynchronous request mode.
- genInfo stores CG response data.
getParam( name, storage ) → {String|undefined}
Retrieves a GET request parameter stored by mmapi.js storage.
Parameters
Name | Description | Type |
name |
Name of the GET parameter. You can only access stored parameters.
|
String |
storage |
Storage ID where the parameter is stored.
|
Integer |
Code example
setParam( name, value [, storage] )
Sets a GET request parameter using mmapi.js storage.
Parameters
Name | Description | Type |
name |
Name of the GET parameter. You can only access stored parameters.
|
String |
value |
Value of the GET parameter that is set automatically by mmapi.js |
String |
storage |
Optional storage ID where the parameter is stored.
The default value is 1. |
Integer |
Code example
loader.disable()
Cancels request to Maxymiser Content Generator. Testing becomes disabled for the current page.
Code example
loader.enable()
Triggers a request to Maxymiser Content Generator in case the tag has been disabled. Testing becomes enabled for the current page.
Could be used in a scenario when the decision on whether to apply testing needs to be postponed till some condition fulfilled.
Code example
loader.setAsync( isAsync )
Switches to asynchronous CG request mode for the current page. Request is made in synchronous mode by default.
Parameters
Name | Description | Type |
isAsync |
True or false value. If true – request will be made in asynchronous mode. |
Boolean |
Code example
loader.validateResponses( validator )
Validates CG response content to make decision whether to run it on the page or not.
Parameters
Name | Description | Type |
validator |
A function that decides whether to execute a response from Content Generator. |
Function |
Code example
genInfo → {Object}
Returns CG response data relevant to this page.
Self-hosting the tag
Maxymiser tag (mmapi.js) and the Campaign Design API library (CD API, mmpackage.js) are supplied as CDN-hosted files. We do not recommend self-hosting these unless there's a strict policy restricting the hosting of 3rd-party scripts.
The following benefits may no longer be available when self-hosting:
- The tag and the CD API library can be seamlessly updated through the Maxymiser UI
- The files are served through one of the world's largest CDNs, which implies low latency and stable connection
The tag and the CD API library are released and updated independently. The tag (mmapi.js) controls network requests and is configured per customer account. CD API (mmpackage.js) is a library of methods for building campaigns, it makes up a generic file used by all customers.
Self-hosting approach involves hosting and controlling both files yourself. You can then update them independently or together at your discretion once Maxymiser make new versions available. As additional benefit, self-hosting gives you control over the default caching policy (which is 30 minutes for mmapi.js and 1 year for mmpackage.js).
To start hosting both files you need to go through the following steps:
- Upload mmapi.js to your hosting server and make sure it is set up as described above (in the "Inserting the tag" section of the article)
- Upload the current version of mmpackage.js to a separate directory of your hosting, and then specify the path you used as "baseContentUrl" setting in the tag's JSON configuration section
Content Security Policy (CSP)
In case your website sends a Content-Security-Policy header or meta-tag, its value needs to include an exception for the service.maxymiser.net domain. Make sure you set the following values:
The CSP header value may need additional 'unsafe-eval' script-src exception for versions older than CD API v.1.14 and CD API tag v.1.13. To avoid having these exceptions, please update to the latest versions and use executionMode: 'inline' setting on the Maxymiser UI's "CD API Deployment" page.
Subresource Integrity (SRI)
Subresource Integrity feature is an optional feature that is supported and can be activated by adding "integrity" and "crossorigin" HTML attributes to the tag. Please note that if you utilize the integrity check, you need to maintain a valid hash of the resource. For example every time you are modifying the CD API tag in the Maxymiser UI, the SRI hash value should be re-generated and updated on all your site pages. More information on the topic is available at Subresource Integrity W3C specification.
Intelligent Tracking Prevention (ITP)
Note that this solution is not effective as of ITP 2.3 release. In case it was enabled for your site, please disable it in the Maxymiser tag configuration by removing -with-fallback from the storageType setting.
Apple have released an updated version of its Intelligent Tracking Prevention (ITP) with the latest updates to Safari on MacOS and iOS devices. ITP is aimed to protect user privacy by restricting the ability of advertisers and other services to track people around the web. In the latest ITP 2.* versions this is done by limiting the lifetime of first-party cookies to a 7-day window.
As a result, visitors using Safari are no longer recognized as "returning" if more than a week has passed from their last visit. Though it's hard to predict how many visitors will be affected and if there's a substantial impact on reporting, as it depends on the Safari browser userbase and their recency of visits on the site.
We have developed a workaround that replicates Maxymiser cookies into the browser’s localStorage. Every time a cookie is updated, it also gets a backup value to prevent ITP erasing it.
To switch it on, please set the storageType value to 'cookie-key-value-with-fallback' and update the Maxymiser tag to the latest version. This can be done on CD API Deployment page of the Maxymiser UI.
SameSite=Lax cookie attribute
Google have implemented a secure-by-default model for the Chrome browser cookies. It assumes any cookie should be protected from external resources (i.e., another site, a 3rd-party) if no access scope is specified for it. This means that scripts that are utilized in cross-domain scenarios may stop working due to previously set cookies being unavailable between domains for users on Chrome 80 or newer browsers.
Secure-by-default model sets SameSite=Lax cookies if those don't have the SameSite attribute defined, which can be interpreted as "Do not send the cookie with the following cross-origin requests: non-GET, AJAX, iframe, image, etc." Only cookies with the specified SameSite=None; Secure setting will be available and only via HTTPS connection.
In the scope of Campaign Design API there's only one solution that requires accessing cookies from another site – it's Cross-domain visitor ID transfer. So if you are using Solution #2: iFrame, make sure you have Maxymiser Tag v.1.16 at least, the tag is configured with storageType: 'cookie-key-value-secure' and all your website pages are accessible through HTTPS connection only.
Next steps
Get started by looking at the tutorial on how to develop your first campaign with the API.