Web2Chat Help center
All Collections
Getting Started
Security in your workspace
What is Identity Verification?
What is Identity Verification?

Learn about Identity Verification in Web2Chat.

Avatar of tanazmasaba06
Written by tanazmasaba06
Last updated Oct 30, 2024
In Web2Chat, Identity Verification is a security feature designed to protect user data by verifying the identities of users accessing your help desk and chat services. This feature prevents unauthorized access to conversations and personal information by ensuring that users can only view data associated with their verified identity.
Identity Verification works by generating a secure, unique hash for each user based on their ID or email address. This hash is then sent to Web2Chat each time a user accesses their account, confirming their identity and safeguarding their data. This guide will walk you through the purpose of Identity Verification, how it works, and the steps needed to implement it.

Why Use Identity Verification?

Identity Verification adds an extra layer of protection to your Web2Chat workspace by ensuring users’ conversations and personal information are visible only to them. Some of the key benefits include:
  • Enhanced Data Security – Helps prevent unauthorized access, protecting the integrity and privacy of user data.
  • Increased User Trust – Provides users with confidence that their data is secure and only accessible by them.
  • Industry Compliance – Meets security standards expected in various industries by ensuring user data is stored and shared securely.

How Identity Verification Works in Web2Chat

Web2Chat’s Identity Verification system works by generating a cryptographic hash based on a unique identifier for each user, such as their user ID or email address. This hash is created with a secret key from your Web2Chat settings, which is then included in each user request to verify identity.
Whenever a user logs in or accesses their account, Web2Chat compares the hash you’ve sent with the hash generated on its end. If the hashes match, the user’s identity is verified, allowing access to their conversations and personal data.

Implementing Identity Verification in Web2Chat

To set up Identity Verification in Web2Chat, follow these steps:
  1. Generate User Hashes
    • Use the secret key and each user’s unique identifier (either their user ID or email address) to generate a hash on your server. This hash serves as a secure fingerprint for each user, confirming their identity.
  2. Send the User Hash with Every Request
    • Every time a user logs in or interacts with Web2Chat, send this user hash (with the key user_hash) in your requests. Web2Chat will use this hash to verify the user’s identity and grant appropriate access.

Identity Verification Use Cases

Below are some use cases for identity verification.

Securing Personal Data in Conversations

With Identity Verification, Web2Chat ensures only verified users can access their conversation history and personal data, adding security to user interactions on your platform.

Protecting Sensitive User Information

This feature is particularly helpful for organizations handling sensitive or personal information. Identity Verification ensures users can’t access others’ data, reinforcing data privacy standards.

Strengthening User Authentication

Identity Verification also supports secure authentication by verifying users’ identity each time they log in. It’s a useful addition to any authentication systems you may have in place.

Troubleshooting Identity Verification

If you encounter issues with Identity Verification, here are some common troubleshooting tips:

Missing Hash Errors

If you receive an error about a missing hash, ensure you are generating a hash for each user using the Identity Verification secret in your Web2Chat workspace settings and an identifier like user ID or email. This hash should be included with every request.
To set up Identity Verification, server-side code changes may be required, so you might need assistance from whoever originally set up Web2Chat for your workspace. Once set up, remember to send the identifier you used for hash generation (either user ID or email) along with each request.

Invalid Hash Errors

If Web2Chat indicates that the hash sent is invalid, consider the following steps:
  1. Verify the Correct Secret KeyEnsure you’re using the exact Identity Verification secret from your Web2Chat settings. Each Web2Chat platform (Web, iOS, Android) may have unique secrets. The API key cannot replace this secret.
  2. Check User Identifier CompatibilityMake sure you’re sending the correct user identifier (user ID or email) alongside the hash. Web2Chat requires both the identifier and hash for verification.
  3. Confirm Correct Hash GenerationEnsure the user hash was generated with the correct identifier:
    • If sending both user ID and email, generate the hash using user ID.
    • If sending only user ID, generate the hash with user ID.
    • If sending only email, use the email address to create the hash.
  4. Use the Correct Key Name for HashSend the generated hash with the key user_hash. Renaming the key (e.g., web_user_hash) will lead to verification errors.
  5. Ensure Separate Configuration for Different EnvironmentsFor multiple environments, like [TEST] and production, each must be configured separately, as they have distinct secrets.
  6. Verify the Latest Version of CodeOutdated app or JavaScript code can sometimes prevent the user hash from being included in requests. Ensure your application is running the latest version to avoid such issues.
  7. Testing HashesUse the hash checker in Security Settings under your secret key to verify hashes if you suspect they aren’t generating correctly.
If problems persist, reach out to our support team through the Messenger. Provide details on the affected user and any errors appearing in your console to help us troubleshoot.

Frequently Asked Questions

  • Can I change my Identity Verification secret?Yes, you can reset your Identity Verification secret from Settings > Security Settings in Web2Chat. Be sure to update your server-side hash generation code with the new secret to prevent verification errors.
  • What should I use as a unique identifier?You can use either user ID or email to generate the hash. However, whichever identifier you choose, it must match the data sent in every request for accurate verification.
  • What if I have multiple environments?Each environment, such as production and [TEST], has a unique Identity Verification secret. Be sure to configure them separately and generate hashes using the respective secrets.
  • Can I manually verify my hashes?Yes, in Security Settings, there’s a hash checker tool beneath your secret key. Use it to verify that hashes generated by your code match the expected values.
For additional assistance, don’t hesitate to contact our support team.