Signature
Parameters
Your application’s unique identifier for this user. This is the ID from your own database — a UUID, numeric ID, or any string that uniquely identifies the user.Max length: 512 characters.Do not pass PII (email, name) as the
userId. Use the attributes object for those values if needed for targeting.Key-value pairs describing the user. Values must be
string, number, or boolean.Attributes are used in targeting rules — for example, show a flow only to users with plan: "free", or only to role: "admin" users.Supported value types:string—"grow","admin","2024-09-01"number—42,3.14boolean—true,falseundefined— silently ignored (attribute is not set)
Examples
Basic identification
With attributes
Re-identification after plan change
Callidentify() again whenever user attributes change. Zenstep merges the new attributes with the existing identity — it does not replace the full object.
Attribute targeting reference
Once you’ve calledidentify(), attributes are available in targeting rules under User Attribute condition type.
| Attribute key | Example value | Targeting use |
|---|---|---|
plan | "free" | Show upgrade prompt only to free users |
role | "admin" | Show admin-only onboarding |
company | "Acme Corp" | Show enterprise-specific flows |
seats | 5 | Numeric comparison (seats < 10) |
trialExpired | false | Boolean match |
When to call identify
Callidentify() as early as possible after the user authenticates — typically on every page load for authenticated sessions, not just on login. This ensures Zenstep always has the latest user state even after a page refresh.
Anonymous users
Beforeidentify() is called, Zenstep tracks the browser session under an auto-generated anonymous ID. Flows with targeting rules requiring user attributes will not show to anonymous users — but flows with no targeting or URL-only targeting will show to everyone.
Privacy notes
userIdis hashed using HMAC-SHA256 before being stored in Zenstep’s analytics. The raw ID is never stored.- Attributes are stored in Zenstep only if you explicitly pass them. Do not pass sensitive PII (passwords, payment info, government IDs).
- Zenstep is GDPR-compliant. See the data deletion API to implement user deletion requests.