Set Up User Authentication for Logged In Website Visitors
Give your users peace of mind with identity verification. Protect your conversations and prevent account impersonation by adding these elements to your Acquire Widget Code.
Note: Authentication is only possible for website visitors who are logged into your application. If a visitor is not a user—meaning they do not have a user ID or email address associated with an account—you cannot authenticate them.
In this article:
- Why User Authentication Matters
- How User Authentication Works
- How to set up User Authentication
Why Authenticating Users Matters
Data privacy is important to every organization. Authentication provides an added layer of security against malicious actions like impersonating users or accessing conversations.
While user authentication isn’t necessary for using the widget, we strongly recommend it if you’re chatting with users.
How User Authentication Works
There are three parts to user authentication in Acquire. The first is an encrypted user_hash (HMAC) that is generated on your servers via SHA256. This HMAC is added to your capture script and associated with a secret key. This secret key is how Acquire knows the chat is coming from your user and not an impersonator.
How to Set Up User Authentication
Step 1: Navigate to Settings > Installation and Setup > Web Widget > User Authentication.
The first code snippet contains your secret key for generating an HMAC. Select ID or email based on how you identify users. Add this to your codebase.
Note: Keep your secret key safe! Never commit it directly to your repository, client-side code, or anywhere a third party can find it.
Step 2: Add the user_hash attribute with the HMAC value to your capture code. Push the code live and user authentication will be enabled.