Link back to your app

Email and SMS notifications can include a link back to your site, the 'inbox URL', which you can configure on the Notifications page of the TalkJS Dashboard. You can set up the inbox URL to link directly to the relevant conversation or location.

If you are using an inbox page on, you can give this inbox URL an optional parameter that preselects the appropriate conversation, for example

In the email settings on your dashboard, you can then use template macros to make TalkJS build the appropriate link as follows:{{}}.

You can also make the Inbox URL lead straight to the page about a product or order, and embed a chatbox or pop-up widget there. In this case, you can build a link that contains the appropriate product or order ID.

If you used the order ID for a conversation ID then you can use a similar URL as above:{{}}.

If the conversation ID is different from the relevant order or product ID, then you can add a custom field to the conversation to identify the order or product. For example, you could pass {"productId": "12345"} when creating the conversation, and then configure the inbox URL as follows:{{conversation.custom.productId}}

Automatically logging in

To make it as easy as possible for a user to return to your site, you can add an authentication token to the inbox URL which automatically logs your user in.

To automatically log a user in, you could give the user a custom field called authToken which contains a cryptographically signed token. For example, a JSON Web Token that contains the user's ID and an expiry date. Set up the inbox URL as follows:{{}}&authToken={{user.custom.authToken}}.

Then, in the backend on your inbox page, check whether a valid authToken was passed. If a valid authToken was passed, you can log the user in before displaying the page.

Security considerations

Automatically logging in a user comes with security ramifications. If a user forwards their email with an auto-login-link to others, then others might be able to impersonate that user.

One way to mitigate the security risk of automatically logging-in a user is to allow automatic login only on expired user sessions, but not on devices that were never seen before. This way, a user automatically logs in on any device where they were logged in before, while new devices still need to log in the first time they use your app.

Another way to mitigate the security risk of automatically logging-in a user is to let users communicate in a single conversation only, if they had an invalid session but a valid authentication token. This way, users can quickly respond to messages or explore your platform further, without compromising security.