userIdSignature property
HMAC-SHA256 hex digest of userID keyed by the project's
identity_secret, computed on the host app's backend and
forwarded here.
The chat backend verifies this server-side before serving
/api/chat/* for the given userID. Without it, anyone who
reads the install snippet HTML can pair the public
projectSecretKey with an arbitrary userID and read that
user's history.
Optional for backwards-compat with projects that haven't yet
enabled identity_verification_required in the dashboard's
Data & Privacy section; required once that toggle is on.
NEVER bake the identity_secret itself into the SDK or the
host app's binary — compute the signature on your backend and
ship only the resulting digest. See the dashboard's Install
tab for backend-side snippets in Node, Python, and Ruby.
Implementation
String get projectSecretKey;/// HMAC-SHA256 hex digest of [userID] keyed by the project's
/// `identity_secret`, computed on the host app's backend and
/// forwarded here.
///
/// The chat backend verifies this server-side before serving
/// `/api/chat/*` for the given [userID]. Without it, anyone who
/// reads the install snippet HTML can pair the public
/// [projectSecretKey] with an arbitrary [userID] and read that
/// user's history.
///
/// Optional for backwards-compat with projects that haven't yet
/// enabled `identity_verification_required` in the dashboard's
/// Data & Privacy section; required once that toggle is on.
///
/// NEVER bake the `identity_secret` itself into the SDK or the
/// host app's binary — compute the signature on your backend and
/// ship only the resulting digest. See the dashboard's Install
/// tab for backend-side snippets in Node, Python, and Ruby.
String? get userIdSignature;