Identity verification
To protect your user's data, you can turn on identity verification. With identity verification, your backend sends a digital signature (a hex-encoded HMAC-SHA256 signature) of the current user's id
to TalkJS. This signature can't normally be forged, so it proves that the current user identified to TalkJS is really the user logged in to your platform.
If identity verification is enabled, TalkJS blocks any requests without a valid signature.
First, set the signature
property in the Talk.Session
object to the HMAC-SHA256 hash of the current user id
, signed with your TalkJS secret key. Often it's a one-liner you can copy and paste.
For example, with PHP you can use something like the following:
1<?php $user = $database.getUser(12345); ?>2var me = new Talk.User(3 <?php echo json_encode(array(4 "id" => strval($user->id),5 "name" => $user->name,6 "email" => $user->email,7 "photoUrl" => $user->photoUrl,8 "welcomeMessage" => "Hey, let's have a chat!"9 )); ?>10);1112window.talkSession = new Talk.Session({13 appId: "YOUR_APP_ID",14 me: me,1516 // this is the line that it's all about:17 signature: "<?= strtoupper(hash_hmac('sha256', strval($user->id), 'YOUR_SECRET_KEY')) ?>"18});
Replace YOUR_APP_ID
and YOUR_SECRET_KEY
with the data you can find on the Settings page of your dashboard.
You can find your secret key in the Settings page of your dashboard.
Important: Keep your secret key private and never include it in your frontend code.
Test the solution. If TalkJS loads without errors, you can enable identity verification in your dashboard, so that any request without a valid signature
gets blocked.
For code samples that demonstrate how to create a signature in multiple languages, see the TalkJS examples GitHub repository.
Check out the tutorial on how to ban a user from all chats for more information. The tutorial uses identity verification together with disabling browser synchronization to ensure the integrity of your user's data.
If you get stuck, get in touch and one of the TalkJS developers will be happy to help.