Identity Verification

Secure your widget and prevent impersonation using HMAC-SHA256 signatures.

Highly Recommended

Identity verification is required for the Advanced plan and is crucial if you have logged-in users.

How it Works

When a logged-in user accesses your site, your backend should generate a unique signature using your Identity Secret. The widget sends this signature to Sela, which verifies it before granting access to the user's conversation history.

Generating the HMAC

You need to generate an HMAC-SHA256 hex digest of the user's email (or unique ID).

Node.js Example

backend.js

const crypto = require('crypto');

const secret = 'YOUR_IDENTITY_SECRET_FROM_DASHBOARD';
const userEmail = 'user@example.com';

const hash = crypto
  .createHmac('sha256', secret)
  .update(userEmail)
  .digest('hex');
  
// Send this 'hash' to your frontend...

Python Example

backend.py

import hmac
import hashlib

secret = b'YOUR_IDENTITY_SECRET'
email = b'user@example.com'

hash = hmac.new(secret, email, hashlib.sha256).hexdigest()
# f5d6...

Client-Side Implementation

Pass the generated hash to the widget via data attributes.

html

<script 
  src="https://sela.oyaps.com/widget.js" 
  data-org-id="..."
  data-user-email="user@example.com"
  data-user-hash="GENERATED_HMAC_HASH"
></script>

Quick Links

Introduction Quick Start Core Concepts Widget Configuration Identity Verification Customization API Reference

Documentation

Getting Started