User Information

If the visitors on your website are authenticated users, you can optionally include their information so DeskDingo can keep track of that user's conversations for you. In order to do this securely, you will need to include a signed user token in the settings.

<script>
window.deskdingoSettings = {
  org: 'your_org_id',
  user: 'eyJpZCI6IjEyMyIsIm5hbWUiOiJKb2huIERvZSJ9.q9iTgu57JYBaf4bTHdW0q58aO6Zee6Wr7GgC4RL20d8=',
};
</script>
<script type="module" src="https://widget.deskdingo.com/index.js"></script>

User Token

This signed token has 2 parts - the claims and a signature - separated by a period ("."). To generate this token, take the following steps:

1. Retrieve your org's ID Verification Secret from the settings page under the heading "Identity Verification". This secret must be kept secret. Store it as you would any other sensitive information.

2. Stringify a JSON object with your user claims.

const user = {
  id: '123',
  name: 'John',
};
const userStr = JSON.stringify(user);
// {"id":"123","name":"John"}

3. Encode the string with base64url encoding (do not trim the trailing pad characters "=").

const userBase64Url = Buffer.from(userStr).toString('base64')
  .replace(/\+/g, '-')
  .replace(/\//g, '_');
// eyJpZCI6IjEyMyIsIm5hbWUiOiJKb2huIn0=

4. Create an HMAC of the encoded string from the previous step. And encode that as well with the base64url encoding (do not trim the trailing pad characters "="). This step must take place on your server, and not in a browser!

const crypto = require('crypto');
// the id verification secret from step (1)
// Don't actually embed this secret in your code, but programatically retrive from a vault or secrets manager.
const secret = '2e1873760618d6f2b6f08fd408b1ace20dd14d02a6d2c1ad082515fd16b34012';
const signature = crypto
  .createHmac('sha256', Buffer.from(secret, 'hex'))
  .update(userBase64Url)
  .digest('base64')
  .replace(/\+/g, '-')
  .replace(/\//g, '_');
// pbM6UrP+nsTp+C0jtcA74uFwO0owKutApO4U2vvqy38=

5. Create the user token by joining the results from steps (3) and (4) with a ".".

const token = `${userBase64Url}.${signature}`;
// eyJpZCI6IjEyMyIsIm5hbWUiOiJKb2huIn0=.pbM6UrP-nsTp-C0jtcA74uFwO0owKutApO4U2vvqy38=

User Information

The user claims must contain an "id" field. Our system will also recognize "email", "name", "pic" (url), and "metadata" (object). You can include any information you want in the metadata field.

See https://dashboard.deskdingo.com/setup for instructions.