With the Chat Window API, you can use BoldChat's Data Validation to ensure that incoming chats originate from a trusted app user, and pass information from your servers to operators using BoldChat without potentially exposing it to your app users. Validated data is passed in the "Secured" parameter when calling the createChat method. The data itself should be encrypted on your servers using PGP.
Validated chat information that the API passes must always contain two parameters used by BoldChat:
- The type parameter ensures that BoldChat only accepts PGP encrypted strings generated by your servers for use by the API, and no other purpose.
- The APIKey parameter should be base64 encoded before being encrypted, so that it has the exact same value as the one passed in the Authentication header of any API call.
For example, if you want to flag an app user as a VIP customer, the string to PGP encrypt is the following:
The VIPCustomer value then appears in the BoldChat Operator Client. This can be trusted since the value was encrypted by your own servers, not by the app, and it can only be decrypted by BoldChat servers.
If you want to include a mix of validated and unvalidated information from both the server and the app, you must also add an Unsecured parameter to the PGP encrypted string to list the parameters that are allowed to be passed as unsecured. To continue the previous example, if you also want to include an email address in the createChat call then the PGP encrypted string is the following:
When a chat window requires validated chats, all parameters to the chat window are ignored unless explicitly listed in the Unsecured parameter.