Identity verification

First, set the signature property in the Talk.Session object to the HMAC-SHA256 hash of the current user id, signed with your TalkJS secret key. Often it's a one-liner you can copy and paste.

For example, with PHP you can use something like the following:

1<?php $user = $database.getUser(12345); ?>
2var me = new Talk.User(
3    <?php echo json_encode(array(
4        "id" => strval($user->id),
5        "name" => $user->name,
6        "email" =>  $user->email,
7        "photoUrl" => $user->photoUrl,
8        "welcomeMessage" => "Hey, let's have a chat!"
9    )); ?>
10);
11
12window.talkSession = new Talk.Session({
13    appId: "YOUR_APP_ID",
14    me: me,
15
16    // this is the line that it's all about:
17    signature: "<?= strtoupper(hash_hmac('sha256', strval($user->id), 'YOUR_SECRET_KEY')) ?>"
18});

Replace YOUR_APP_ID and YOUR_SECRET_KEY with the data you can find on the Settings page of your dashboard.

You can find your secret key in the Settings page of your dashboard.

Test the solution. If TalkJS loads without errors, you can enable identity verification in your dashboard, so that any request without a valid signature gets blocked.

For code samples that demonstrate how to create a signature in multiple languages, see the TalkJS examples GitHub repository.

Check out the tutorial on how to ban a user from all chats for more information. The tutorial uses identity verification together with disabling browser synchronization to ensure the integrity of your user's data.

If you get stuck, get in touch and one of the TalkJS developers will be happy to help.