Secure Mode

Secure mode enables identity verification to protect your user’s information and conversations. It provides an additional layer of security to Beacon’s live chat by preventing malicious agents from impersonating legitimate users.

Usage

To enable Secure Mode you’ll first need to generate a SHA-256 HMAC code on your server. Examples for generating an HMAC signature for your application are:

Ruby

window.Beacon('identify', {
  name: "<%= user.name %>",
  email: "<%= user.email %>",
  signature: "<%=
    OpenSSL::HMAC.hexdigest(
      'sha256',
      'JNbSzXIEonCFiiOepXyMtcXlTMVjtWX7wFZbiME4',
      user.email
    )
  %>"
})

Python/Django

window.Beacon('identify', {
  name: "{{ request.user.name|escapejs }}",
  email: "{{ request.user.email|escapejs }}",
  signature: "{{
    hmac.new(
      'JNbSzXIEonCFiiOepXyMtcXlTMVjtWX7wFZbiME4',
      request.user.email,
      digestmod=hashlib.sha256
    ).hexdigest()
  }}"
})

PHP

window.Beacon('identify', {
  name: <?php echo json_encode($user->name); ?>,
  email: <?php echo json_encode($user->email); ?>,
  signature: "<?php
    echo hash_hmac(
      'sha256',
      $user->email,
      'JNbSzXIEonCFiiOepXyMtcXlTMVjtWX7wFZbiME4'
    );
  ?>"
})

NodeJS

import crypto from 'crypto';

// Generate the signature
const signature = crypto.createHmac('sha256', secretKey)
  .update(user.email)
  .digest('hex');

Once the signature is generated on your server, it then needs to be passed to Beacon via your webpage content. Use the identify method from our Javascript API to provide a signature attribute.

Beacon('identify', {
  name: 'Steve Aoki',
  email: 'steve@aoki.com',
  signature: '2fe4d4a5963f28b77737c091c436096beee0b74fabb9fcdcd2a4d8859d2099a3'
})