Identity Verification

For an added layer of security, verify the identity of the user sending a message through the chat widget to prevent your customers from manually changing their email in the frontend to impersonate each other. Pylon is not unique on this front - because a user’s identity in the chat is determined client-side, any chat is susceptible to users spoofing their email. Adding identity verification is optional, but encouraged.

Generate an Identity Secret Generate it here and save it, this will be the only time you will see this key. If you lose your key you’ll need to regenerate it and replace the key later.

Setup Backend In your backend, hash the user’s email address using HMAC-SHA256 with the secret you just generated. Note that the secret is a hex string and must be decoded to text before use. Here are some code snippets to help:

const { createHmac } = require("node:crypto");

const secret = "GENERATED_IDENTITY_SECRET";
const email = "CHAT_USER_EMAIL";

const secretBytes = Buffer.from(secret, "hex");
const verificationHash = createHmac("sha256", secretBytes)
  .update(email)
  .digest("hex");

Send this hash to the Frontend and set it on the window object:
```
window.pylon.chat_settings.email_hash = HMAC_HASH
```

Chat Setup

JavaScript API

⌘I

Getting Started

Support Workflows

Platform

AI Agents

Knowledge Base

Customer Portal

Chat Widget

Account Intelligence

Reporting & Analytics

Broadcasts

Integrations

Identity Verification