User Verification

Make sure your users are who they claim to be with identity verification. Enforce identity verification to prevent other from pretend to be (third party) for entertainment or fraud logged-in users.

Generate an HMAC with SHA256 whenever a user logs into your app. Most web frameworks will have a method or library to help you do this. You'll need your app’s secret key and the email of the currently logged-in user.

Secret Key

[YOUR_SECRET_KEY]

Then, choose the server-side language or framework you are using:

Your code to generate an HMAC for your app is:

hash_hmac(
  'sha256', // hash function
  $user->email, // user's id
  '' // secret key (keep safe!)
);

Your code to generate an HMAC for your app is:

OpenSSL::HMAC.hexdigest(
  'sha256', # hash function
  '', # secret key (keep safe!)
  current_user.email # user's email
)

Your code to generate an HMAC for your app is:

import hmac
import hashlib

hmac.new(
  '', # secret key (keep safe!)
  request.user.email, # user's email
  digestmod=hashlib.sha256 # hash function
).hexdigest()

For example, in Ruby on Rails we can generate our HMAC using a method called OpenSSL::HMAC.hexdigest(), where the first parameter is the name of a hash function (we use SHA256), the second is your secret key, and the third is your user’s user_email.

OpenSSL::HMAC.hexdigest(
  'sha256', # hash function
  '', # secret key (keep safe!)
  current_user.email # user's email
)

Note: Keep your secret key safe! Never commit it directly to your repository, client-side code, or anywhere a third party can find it.

Visitor Authentication

For visitor authentication you can use this run following code asap you load acquire init.js script or before that, and add a new attribute user_hash and assign the HMAC code along with user's email or any other details to cofing object.

To get HMAC code, login acquire dashboard and open this: https://app.acquire.io/widget/customize and Chat widget code in Choose Visitor authentication.

Important : Use HMAC only Server side not use client side and Keep your secret key safe! Never commit it directly to your repository.

<script type="text/javascript">
	window.acquire=window.acquire||[];
	acquire.push({
		user_hash:'INSERT_HMAC_VALUE_HERE',
		userDetails:{
			email:'customer@example.com', //EMAIL
		}
	});
</script>

Logout visitor

If you have set visitor hash (HMAC digest) and visitor just logged out from account and need to manage user integrity with agent, call method logoutVisitor() to remove all acquire data from your app related to visitorHash. This must call method to logout from acquireIO support:

acquireIO.logoutVisitor()

Once you've called logout visitor, it will destroy current user's session and start again guest user's session as it was before.

in case you've already started acquire widget and guest visitor is already started its session, that case you can still use above code or also following function to make user login back.

acquireIO.loginVisitor('USER_HASH',{email:'user@example.com'})

PreviousConversation NextQuick Link Support

Last updated 5 years ago