Deep Thoughts on Deep Linking

Enterprises all over the globe are focusing on initiatives to unify siloed customer identities for each brand into a single, global identity across all brands and digital properties in order to enhance customer experience and more easily personalize and customize marketing content.  Among other benefits, this enables a single “master view,” or “ 360-view,” of customers and identity-centric strategy for newsletter subscriptions and other marketing programs.

However, even with a single view, it isn’t always easy to present customers with a customized experience and few barriers to entry.  This is where the concept of “deep-linking” comes into play.

At it’s core, deep-linking refers to adding links in an emails, SMS messages or app notifications that take customers to particular pages, while also automatically logging that customer into the site. Deep-linking can also be leveraged to deliver messages about new products or services selected according to customers’ likes or purchase history, complete with links that automatically log them in and add products to their shopping carts.

Deep-linking can be applied to any industry vertical, not just ecommerce. Other examples of this practice may include:

  • Telecommunications providers offering service upgrades
  • Financial services firms promoting loans or insurance policies
  • Travel companies upselling room upgrades or trip insurance
  • Media companies promoting competitions
  • Entertainment companies selling concert or movie tickets
  • Sports venues selling gameday tickets.

In each of these cases, the goal is to remove barriers to entry and make it as easy as possible for customers to convert.

So, deep-linking provides a clever way to quickly authenticate and engage customers, but there are also risks that must be addressed by any team implementing this strategy. Perhaps the most obvious caveat to consider is how exactly how the link authenticates the customer.  It can’t include the customer’s password, so it must include an encrypted record that the server can verify, which includes:

  • The unique ID of the customer
  • Proof that the request was generated by the official site
  • A timestamp, or expiration time
  • Any other data that supports the use case

The server must be able to identify which customers should be logged in, and to verify that requests are generated by the official site, and not tampered with. This ensures that links can be trusted to log a customer in for a specific period of time. The expiration date or timestamp mitigates fraudulent behavior by requiring customers entering via expired links to log in using their password before continuing. This way, malicious users can’t gain access to customer accounts by capturing old emails, but customers can still use these older links for their intended purpose, so long as they have an account password.

As customer identity becomes more important, deep-linking is fast becoming integral to many companies’ digital marketing strategies.  We also expect it to become a common mechanism for managing preferences (such as unsubscribing from newsletters), content access, and group membership.

As with any customer-focused marketing program, the key to success in a deep-linking strategy is to build a great online experience while ensuring the privacy and security of customers. Get this right and the rewards for your business will be truly deep.

By Jason Richey

Meet us at

Adobe Summit
London, UK

May 10 - 11, 2017

View Event >