Pylon
Knowledge BaseWebsiteChangelogBook a DemoLogin
  • Getting Started
    • Introduction
    • Quick Start
    • Slack Setup
    • Channel Configuration
    • User Guide
  • Support Workflows
    • Omnichannel Support
    • Issues
      • Views
      • Statuses
      • Message Editor
      • Copilot
      • Internal Threads
      • Proactive Issues
      • Translation
      • Bulk actions
      • Issue Groups
    • SLAs
    • Support Hours
    • CSAT
    • Ticket Forms
    • Assignment Rules
      • User Status
    • Email
  • Platform
    • Custom Fields
    • Required and Conditional Fields
    • Tags
    • Teams
    • Triggers
      • Logs & History
    • Macros
    • Command Search
    • Roles & User Management
    • Training Data
    • Ask AI
  • AI Agents
    • Overview
    • Build
      • Resources
    • Test
  • Knowledge Base
    • Overview
    • Articles & Collections
      • Editor
      • Copilot
      • Templates
      • Collaboration
    • Knowledge Gaps
    • Styling & Customization
    • Custom Authentication
    • Search
    • Translation
  • Customer Portal
    • Overview
    • Styling & Customization
    • Access Control
    • Portal Experience
    • Custom Authentication
  • In-App Chat
    • Overview
    • Styling
    • Functionality
    • Chat Experience
    • Chat Setup
    • Identity Verification
    • JavaScript API
  • Account Management
    • Accounts
    • Views
    • Notebooks
      • Blocks
    • Highlights
    • Fields
    • Copilot
    • Activities
      • Custom Activities
  • Reporting & Analytics
    • Analytics
    • Default Dashboards
    • Custom Dashboards
  • Broadcasts
    • Overview
    • Create a Broadcast
    • Analytics
  • Integrations
    • CRM
      • Salesforce
      • Hubspot
      • Attio
      • Pipedrive
    • Ticketing
      • Linear
      • GitHub Issues
      • Asana
      • Jira
    • Alerting
      • PagerDuty
      • Opsgenie
    • Chat
      • Slack
        • Internal Threads
        • Collect Data
        • Support Ticket Flow
        • Welcome Message
        • Bookmarks
        • Onboard Employees
        • Left Company
        • Slack Community
      • Microsoft Teams
      • Discord
    • Incident Management
      • incident.io
    • Call Recording
      • Gong
      • Fathom
      • Grain
      • Fireflies
  • Data Warehouse
    • Snowflake
    • BigQuery
  • Developer
    • API
      • Authentication
      • Errors
      • API reference
        • Attachments
        • Accounts
          • Activities
          • Highlights
        • Contacts
        • Custom Fields
        • Issues
        • Knowledge Base
        • Me
        • Messages
        • Tags
        • Teams
        • Ticket Forms
        • User roles
        • Users
      • External IDs
    • Custom Apps
    • Embedded Iframes
    • Webhooks
Powered by GitBook
On this page

Was this helpful?

  1. In-App Chat

Identity Verification

Use identity verification to secure your chat from user impersonation

PreviousChat SetupNextJavaScript API

Last updated 7 months ago

Was this helpful?

For an added layer of security, verify the identity of the user sending a message through the chat widget to prevent your customers from manually changing their email in the frontend to impersonate each other.

Pylon is not unique on this front - because a user's identity in the chat is determined client-side, any chat is susceptible to users spoofing their email.

Adding identity verification is optional, but encouraged.

  1. Generate an Identity Secret

    Generate it and save it, this will be the only time you will see this key.

    If you lose your key you’ll need to regenerate it and replace the key later.

  1. Setup Backend

    In your backend, hash the user’s email address using HMAC-SHA256 with the secret you just generated.

    Here are some code snippets to help:

const { createHmac } = require("node:crypto");

const secret = "GENERATED_IDENTITY_SECRET";
const email = "CHAT_USER_EMAIL";

const secretBytes = Buffer.from(secret, "hex");
const verificationHash = createHmac("sha256", secretBytes)
  .update(email)
  .digest("hex");
import hmac
import hashlib

def sign_message_with_hmac(message, secret):
    secret_bytes = bytes.fromhex(secret)
    signature = hmac.new(secret_bytes, message.encode(), hashlib.sha256).hexdigest()
    return signature
package auth

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
)

func SignMessageWithHMAC(message, secret string) (*string, error) {
	secretBytes, err := hex.DecodeString(secret)
	if err != nil {
		return nil, errors.New("unable to decode secret")
	}

	h := hmac.New(sha256.New, secretBytes)
	h.Write([]byte(message))
	signature := h.Sum(nil)

	signedMsg := hex.EncodeToString(signature)

	return &signedMsg, nil
}
  1. Send this hash to the Frontend and set it on the window object:

    window.pylon.chat_settings.email_hash = HMAC_HASH
here