Identity verification helps ensure that chats between you and your users are kept private and that one person cannot impersonate another. We strongly recommend all Infoset customers to set up and enable identity verification.

How does identity verification work?

You'll need to generate an encrypted hash (HMAC) on your server using SHA256 and provide this hash in the Infoset live chat installation code with the userHash parameter.

When identity verification is enabled for a chat widget, Infoset won’t accept requests for a logged-in user without a valid userHash. The userHash is calculated using a private key, which you should never share. No third party can generate a valid userHash without your private key, so they can’t impersonate your users.

How do I set it up?

  1. Go to Settings > Chat Settings
  2. Find the chat widget you want to enable identity verification for, click the edit icon
  3. Open the Security tab, where you'll find your Private Key
  4. Create a SHA256 HMAC of the visitor id using the chat widget's private key on your server (never do it on the client-side otherwise your private key will be exposed), and dynamically put it in your Infoset live chat boot code, example:
    InfosetChat('boot', {
      widget: {
        apiKey: 'pFz...', // your api key
      visitor: {
        id: <visitor_id>,
        userHash: <sha256_hmac_of_visitorid>,
        ...., // other visitor parameters
  5. When everything's working fine, check Require identity verification from the Security tab of the chat widget edit page to enforce identity verification
    (not suggested until you test your set up and make sure everything works)

Troubleshooting common issues

If you’re having trouble setting up identity verification or just want to confirm that it’s working, visit any page in your web app with the Infoset live chat installed and check if it loads.

If it doesn’t load, then take a look at your browser console and you should see an error explaining the specific issue.

Some possible causes:

  • Are you sending a visitor id or email along with the userHash? If you just send the userHash, the identity verification check will fail.
  • Are you generating the hash with the correct data? If you’re sending both visitor id and email, your userHash must be generated with the id. If you’re sending just an id, your userHash must be generated with that id. If you’re sending just the email address, your userHash must be generated with that email address.
  • Is this the latest version of your code? If this is an older version of your app, or your JavaScript code is cached you might not be sending a userHash with your user data in which case the live chat won’t load.

If you're still having issues, reach out to us via live chat and we’ll be happy to help!