userIdSignature property

String? get userIdSignature
inherited

HMAC-SHA256 hex digest of userID keyed by the project's identity_secret, computed on the host app's backend and forwarded here.

The chat backend verifies this server-side before serving /api/chat/* for the given userID. Without it, anyone who reads the install snippet HTML can pair the public projectSecretKey with an arbitrary userID and read that user's history.

Optional for backwards-compat with projects that haven't yet enabled identity_verification_required in the dashboard's Data & Privacy section; required once that toggle is on.

NEVER bake the identity_secret itself into the SDK or the host app's binary — compute the signature on your backend and ship only the resulting digest. See the dashboard's Install tab for backend-side snippets in Node, Python, and Ruby.

Implementation

String get projectSecretKey;/// HMAC-SHA256 hex digest of [userID] keyed by the project's
/// `identity_secret`, computed on the host app's backend and
/// forwarded here.
///
/// The chat backend verifies this server-side before serving
/// `/api/chat/*` for the given [userID]. Without it, anyone who
/// reads the install snippet HTML can pair the public
/// [projectSecretKey] with an arbitrary [userID] and read that
/// user's history.
///
/// Optional for backwards-compat with projects that haven't yet
/// enabled `identity_verification_required` in the dashboard's
/// Data & Privacy section; required once that toggle is on.
///
/// NEVER bake the `identity_secret` itself into the SDK or the
/// host app's binary — compute the signature on your backend and
/// ship only the resulting digest. See the dashboard's Install
/// tab for backend-side snippets in Node, Python, and Ruby.
String? get userIdSignature;