Authentication
Regardless of how the chat conversation window is displayed to the user (via our Javascript SDK, an iframe, or with a custom-built client based on our HTTP API), it is possible to securely transfer customer identifiers to the Alcmeon inMessage backend.
These identifiers and the metadata associated with them can then be stored and displayed within the Alcmeon user interface to simplify the task of a brand's customer support agents. They are also sent back in any webhook-based notifications to make it possible for brand developers to match Alcmeon user identifiers with their internal customer identifiers.
This identification and authentication schema is based on the assumption that every conversation is associated with a unique stable customer id provided by brand developers. This customer id and its associated metadata are securely transfered via a JWT encrypted via a shared secret between the developers of the Brand and Alcmeon.
JWT custom claims
The JWT token should be encrypted with the HS256 JWT algorithm and the secret key obtained from [email protected]. This JWT token should contain the following custom claims:
| Name | Description |
| customer_id | A string that uniquely identifies the underlying customer account. |
| sms_notification_phone_number | If specified, a string that contains a phone number (with +XXX international prefix) to which sms notifications should be sent whenever a human sends a reply to this customer |
| name | A string which contains the customer's name to display in the Alcméon user profile |
| attributes | A list of key/value string pairs: If specified, a set of key/value metadata fields which will be associated with the customer and displayed on the user profile page in Alcméon. Example: [["age", "24"], ["City", "Paris"]] |
Updated 3 months ago