Secure Mode

Secure Mode enables identity verification to protect your customer’s information and conversation history.

It provides an additional layer of security to Beacon’s live chat by preventing malicious agents from impersonating legitimate users.

Usage

To enable Secure Mode you’ll first need to generate a SHA-256 HMAC code on your server.

In the examples below, the “secret_key_from_beacon_config” is found in your Beacon config screens in Help Scout. Once you’re viewing the config for your Beacon, go to the Messaging screen, find the “Support history security” section and click the Advanced radio button. Now click Save. Your secret key will be revealed.

Examples for generating an HMAC signature for your application are:

Ruby

window.Beacon('identify', {
  name: "<%= user.name %>",
  email: "<%= user.email %>",
  signature: "<%=
    OpenSSL::HMAC.hexdigest(
      'sha256',
      'secret_key_from_beacon_config',
      user.email
    )
  %>"
})

Python/Django

window.Beacon('identify', {
  name: "{{ request.user.name|escapejs }}",
  email: "{{ request.user.email|escapejs }}",
  signature: "{{
    hmac.new(
      'secret_key_from_beacon_config',
      request.user.email,
      digestmod=hashlib.sha256
    ).hexdigest()
  }}"
})

PHP

window.Beacon('identify', {
  name: <?php echo json_encode($user->name); ?>,
  email: <?php echo json_encode($user->email); ?>,
  signature: "<?php
    echo hash_hmac(
      'sha256',
      $user->email,
      'secret_key_from_beacon_config'
    );
  ?>"
})

C#.NET

using System;
using System.Security.Cryptography;
        
private static string HashHmac(string message, string secretKey)
{
    System.Text.Encoding encoding = System.Text.Encoding.UTF8;
    using (HMACSHA256 hmac = new HMACSHA256(encoding.GetBytes(secret)))
    {
      var msg = encoding.GetBytes(message);
      var hash = hmac.ComputeHash(msg);
      return BitConverter.ToString(hash).ToLower();
    }
 }

 var SERVER_GENERATED_SIGNATURE = HashHmac("email@email.com", "secret_key_from_beacon_config");

Once the signature is generated on your server, it then needs to be passed to Beacon via your webpage content.

window.Beacon('identify', {
  name: 'Steve Aoki',
  email: 'steve@aoki.com',
  signature: SERVER_GENERATED_SIGNATURE
})

NodeJS

import crypto from 'crypto';

// Generate the signature
const SERVER_GENERATED_SIGNATURE = crypto.createHmac('sha256', secret_key_from_beacon_config)
  .update(user.email)
  .digest('hex');

Once the signature is generated on your server, it then needs to be passed to Beacon via your webpage content. Use the identify method from our Javascript API to provide a signature attribute.

Beacon('identify', {
  name: 'Steve Aoki',
  email: 'steve@aoki.com',
  signature: 'SERVER_GENERATED_SIGNATURE'
})