Secure Mode

Secure Mode enables identity verification to protect your customer’s information and conversation history.

It provides an additional layer of security to Beacon’s live chat by preventing malicious agents from impersonating legitimate users.


To enable Secure Mode you’ll first need to generate a SHA-256 HMAC code on your server.

In the examples below, the “secret_key_from_beacon_config” referenced is found in your Beacon settings in Help Scout. To find your secure key:

  1. Head over to Manage ➝ Beacon, then click the Contact tab in the left hand sidebar.
  2. Under the Contact Form section, you will find the Support history security setting.
  3. Clicking the toggle button will reveal the key. Be sure to click Save to save your settings and key.

The Rails and PHP examples below show you how to create the HMAC signature directly in your server-side template file. The rest of the examples show you how to create the signature on your server-side script, which you will then need to pass as the signature attribute of the Beacon('identify') call in your template, like so:

window.Beacon('identify', {
  name: 'user_full_name',
  email: 'user_email',
  signature: 'signature',


window.Beacon('identify', {
  name: "<%= escape_javascript( %>",
  email: "<%= escape_javascript( %>",
  signature: "<%=


window.Beacon('identify', {
  name: <?php echo json_encode($user->name); ?>,
  email: <?php echo json_encode($user->email); ?>,
  signature: "<?php
    echo hash_hmac(


import hashlib
import hmac
import base64

For Python 2.x use:
message = bytes("").encode('utf-8')
secret = bytes("secret_key_from_beacon_config").encode('utf-8')

For Python 3.x use:
message = bytes('', 'utf-8')
secret = bytes('secret_key_from_beacon_config', 'utf-8')

signature =, message, digestmod=hashlib.sha256).hexdigest()


using System;
using System.Security.Cryptography;

private static string HashHmac(string message, string secretKey)
  System.Text.Encoding encoding = System.Text.Encoding.UTF8;
  using (HMACSHA256 hmac = new HMACSHA256(encoding.GetBytes(secretKey)))
    var msg = encoding.GetBytes(message);
    var hash = hmac.ComputeHash(msg);
    return BitConverter.ToString(hash).Replace("-", "").ToLower();

var signature = HashHmac("", "secret_key_from_beacon_config");


import crypto from 'crypto'

const signature = crypto
  .createHmac('sha256', 'secret_key_from_beacon_config')