Auth

You'll need to authenticate your requests to access any of the endpoints in the Chatness API. In this guide, we'll look at how authentication works. Chatness Platform offers two ways to authenticate your API requests: Org authorization and Contact authorization.

Org authorization

With the Org authorization, you will use a Bearer token containing the secret generated in your account to authenticate your HTTP requests as an organization. This method is intended to work within servers only, so you must never, in any circumstances, expose the generated secret for an organization.

Bots can only be accessed by an organization that owns it. So if you're a developer working for a company (i.e. invited member), you'll need to ask the bot owner to generate a secret for you.

Please don't commit your Chatness token to GitHub or anywhere else! If you suspect your secret has been compromised, you can revoke it anytime in your account settings.

Using the org token to search for contacts

import { Chatness } from '@chatness/server';

// obtain a `orgToken` from the Chatness app
const orgToken = 'your-org-token';

// obtain a `botId` from the Chatness app
const botId = 'your-bot-id';

// init the Chatness SDK
const chat = new Chatness({
  orgToken,
  botId
});

// search for contacts  
const { data } = await chat.contacts.search({
  page: 1,
  limit: 10,
  query: 'john'
});

console.log(data)

Contact authorization

In order to authorize a contact within your widget, your server should first request a session token by passing the contact id or email to the auth endpoint. Here's how to generate a session token for your contact:

Examples

  curl -X POST 'https://api.chatness.ai/v1/bots/{botId}/auth/contacts' \
       -H 'Accept: application/json' \
       -H 'Authorization: Bearer {orgToken}'
       -d id="{contactId}" \

A contact token will be generated with a validity period of 1 year. You can then pass down this token to your widget implementation and authenticate your visitors.

The generated contact token will look like the following and they can be exposed. We recommend generating a new token for each session only when needed. i.e. when users logs in your system, you can generate a new token and store it in your database, or even store locally in the browser's localStorage.

Contact session token example

{
  "data": {
    "token": "c:f34018111f0526dd64bf8f097494f6e4",
    "createdAt": "2023-12-08T00:00:00.000Z",
    "expiresAt": "2024-12-08T00:00:00.000Z"
  }    
}

Widget authorization

Once the contact is authorized and you have a token, you can pass it down to the widget implementation and authenticate your visitors so they can start an identified conversation with your bot.

The widget can then be authenticated by your frontend:

Examples

  // received token from your server
  const token = 'c:f34018111f0526dd64bf8f097494f6e4';

  // log the user in the browser
  await window.Chatness
        .auth
        .contacts
        .login({ token })

You don't need to call the login method everytime your app is loaded. We recommend calling it only once, when the user logs in your system, and then when they log out, revoke the session by calling the logout method.

Revoke authorization

To revoke the authorization of a contact in the browser, you can call the public API to log out them immediately. This will ensure the session within the widget is cleared out and refreshed as anonymous.

Examples

  // log the current user out
  await window.Chatness
        .auth
        .contacts
        .logout()

in case you're tracking the contact token in your database, you can also revoke the session from the server, this will automatically log the user out from the widget.

Attributes

  • Name
    token
    Type
    string
    Description

    The token for contact authentication within the widget

  • Name
    createdAt
    Type
    string
    Description

    Timestamp of when the token was created

  • Name
    expiresAt
    Type
    string
    Description

    Timestamp of when the token will expire

PUT/v1/bots/{botId}/auth/contacts

Create a contact token

This endpoint allows you to authenticate a contact. If successful, the response will contain a session token created for the contact you can then pass down to your widget implementation.

Required attributes

  • Name
    botId
    Type
    string
    Description

    The ID of the bot.

    • in pathname

Optional attributes

  • Name
    id
    Type
    string
    Description

    The contact id.

    • in body
  • Name
    email
    Type
    string
    Description

    The contact email.

    • in body

Request

PUT
/v1/bots/{botId}/auth/contacts
curl -X PUT '/v1/bots/{botId}/auth/contacts' \
  -H "Authorization: {orgToken}" \
  -d email="[email protected]"

{
  "data": {
    "token": "c:f34018111f0526dd64bf8f097494f6e4",
    "createdAt": "2023-12-08T00:00:00.000Z",
    "expiresAt": "2024-12-08T00:00:00.000Z"
  }          
}
DELETE/v1/bots/{botId}/auth/contacts/{contactToken}

Revoke a contact token

This endpoint allows you to revoke a contact token, useful for the logout action of your system. If successful, the response will contain a status 204.

When a session is revoked by the server, the logged session in a widget will automatically be cleared and refreshed as anonymous.

Required attributes

  • Name
    botId
    Type
    string
    Description

    The ID of the bot.

    • in pathname
  • Name
    contactToken
    Type
    string
    Description

    The contact token.

    • in pathname

Request

DELETE
/v1/bots/{botId}/auth/contacts/{contactToken}
curl -X DELETE '/v1/bots/{botId}/auth/contacts/{contactToken}' \
  -H "Authorization: {orgToken}"