Signed Interaction Data


Due to the fact interaction data is passed through JavaScript, it is inherently insecure and should not be used to pass through secure credentials.

To be able to verify the source of interaction data, it needs to be signed. That way, we can verify it came from a trusted source.

Note: Enabling signed interaction data means that unsigned data will no longer be able to pass through unless whitelisted.

To configure Signed Interaction Data, navigate to the Signing Keys page and provide an ECSDA public key.

To generate this key, you need to run

openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
openssl ec -in ec_private.pem -pubout -out ec_public.pem

in a unix-compatible terminal (Git Bash on Windows works as well).

Then, copy the contents of ec_public.pem and paste them into the signing keys field.

At that point, you will be able to sign data.

To sign information, you'll need to form a JSON array in the following format

    {"label": "INTERACTION_DATA_NAME", "data": "INTERACTION_DATA_CONTENT", "type": "string"},
    {"label": "INTERACTION_DATA_NAME1", "data": "INTERACTION_DATA_CONTENT1", "type": "string"},


Then you will need to sign it with the private key you just generated, with the algorithm set to ES256. This operation should be done in a secure context - for example, on your Backend server, after authenticating the user. To serialize this signature, use the CompactSerializer. This should result in a signed base64 string. To verify it against your public key you can use .

To pass this string, you can attach the :signed-interaction-data property to your Talkative element, or modify your TalkativeEngageApi.startChat() call to TalkativeEngageApi.startChat({signedInteractionData: 'signed-data-here'}).

Unsigned fields

If some fields are to remain unsigned, they will need to be added in to the unsigned fields page.

Last updated on 9th Feb 2021