Security signature

Generate secret and keep your data safe.
Written by Konstantine
Updated 9 months ago

If you use our User Authentication Mode and you don’t want the pre-chat/offline forms to be displayed in your chat widget, you can still ensure that no one is able to send any random data through your widget. This can be done by generating a special secret and utilizing a security signature on your backend.

To create this signature you need to generate the secret in your HelpCrunch account (Settings page → Security):

When the secret is generated, you can create a signature on you backend with its help. To do that, you need to JSON encode a user data from your request, concatenate it with the secret, make an MD5 hash of it, and add this hash/signature to the init or updateUser method. Here is the PHP example:

 

<?php
    $user = [
        'email' => '[email protected]',
        'name' => 'The Name',
        'user_id' => '12345',
        'phone' => '+49123221312',
    ];
    $signature = md5(json_encode($user) . 'your organization secret');
?>
HelpCrunch('init', 'your organization domain', {
  appId: 'c2c067be-6678-4d0a-8c1c-4f9fad8e4b91',
  user: {
    email: '<?= $user['email'] ?>',
    name: '<?= $user['name'] ?>',
    user_id: '<?= $user['user_id'] ?>',
    phone: '<?= $user['phone'] ?>'
  },
  signature: '<?= $signature ?>'
});

Did this answer your question?