HI, I have gone through the documentation provided in Cognigy site on embedding Webchat Widget on websites.
For Eg: in order to embed a trial end point in a website all I have to do is add below script. And the endpoint URL& token differs based on the organization(endpoint.abc.com).
<!-- Initialize the Webchat towards a Cogngiy Endpoint via initWebchat() -->
And if someone/attacker use this script and endpoint details in other web application they can also spin up the whole Chat Widget and can establish connection to our Cognigy AI instances by pass whole authentication mechanism.
How can we restrict this is there any authentication/tracking mechanism I can place before executing the flow to check if the request is coming from my site not from any attacker?
You can use information in the browser's storage in the flow, and based on this information continue the flow or not.
An example to get browser's language can be found here: https://support.cognigy.com/hc/en-us/articles/360022044759-Get-the-user-s-browser-language but you can catch other information like username, domain etc too