What are the best practices to follow while embedding Webchat Widget in a website ?

HI, I have gone through the documentation provided in Cognigy site on embedding Webchat Widget on websites.

For Eg: in order to embed a trial end point in a website all I have to do is add below script. And the endpoint URL& token differs based on the organization(endpoint.abc.com).

<scriptsrc="https://github.com/Cognigy/WebchatWidget/releases/download/v2.20.0/webchat.js"></script>

initWebchat(

"https://endpoint-trial.cognigy.ai/787e0627fb249bbc2213f2c4856b4821e0838f963d752e6fa33396f912c014ba"

);

</script>

In my scenario ,once user login to our application after successful authentication the web page will initiate Webchat.

And if someone/attacker use this script and endpoint details in other web application they can also spin up the whole Chat Widget and can establish connection to our Cognigy AI instances by pass whole authentication mechanism.

How can we restrict this is there any authentication/tracking mechanism I can place before executing the flow to check if the request is coming from my site not from any attacker?

Didn't find what you were looking for?

New post

Was this post helpful?

0 out of 0 found this helpful

Comments

1 comment

Edwin Wortel
July 15, 2022 07:36

You can use information in the browser's storage in the flow, and based on this information continue the flow or not.

An example to get browser's language can be found here: https://support.cognigy.com/hc/en-us/articles/360022044759-Get-the-user-s-browser-language but you can catch other information like username, domain etc too

0

Please sign in to leave a comment.