Verified identity

The agent knows who it is talking to

An email address typed into a chat box proves nothing. A signed token from your own application proves everything. Pass one, and the agent can safely act on a customer’s real account.

  • Your app signs a token with a secret only you and the agent share
  • Require verified identity, or accept anonymous visitors too
  • Rotate the secret at any time without redeploying the widget
Your app signs a token

{

"sub": "usr_8842",

"email": "[email protected]"

}

Signed with your agent's shared secret. Rotatable at any time.

Verified

Maya K.

Pro plan · customer since 2024

Cancel my subscription

I can do that for you, Maya. Your Pro plan renews on 3 August.

What verification unlocks

Once the agent can trust who it is speaking to, a whole class of conversation becomes safe to automate that would otherwise have to go to a human.

Cryptographic proof, not a claim

Your application signs a token with a shared secret. The agent verifies the signature. A visitor cannot impersonate a customer by typing their email address.

Act on real accounts

Cancel a subscription, check a balance, change an address. Actions that touch a specific customer record are only safe once identity is proven.

Required or optional

Insist on a verified token before the agent will engage, or accept anonymous visitors and simply know more about the ones who are signed in.

Rotatable secrets

Generate a new shared secret whenever you need to. The old one stops working and nothing about the widget install has to change.

Update identity mid-session

A visitor who logs in halfway through a conversation becomes verified from that point, without starting a new chat.

Context your team can see

When a conversation reaches a human, they already know which customer it is, and do not have to ask them to confirm their account.

How it works

  1. 01

    Generate a shared secret

    One secret per agent, created in your dashboard. It never leaves your server.

  2. 02

    Sign a token for the logged-in user

    Your backend mints a short token carrying the user’s ID and email, signed with that secret, and hands it to the widget.

  3. 03

    The agent verifies it

    The signature is checked before anything else happens. From then on, the agent knows precisely who it is speaking to.

Verified identity in depth

The problem nobody notices until it is expensive

Consider a support agent that can cancel subscriptions. A visitor opens the chat and says: "I am [email protected], please cancel my plan." Should the agent do it?

Obviously not. An email address typed into a chat box is a claim, not a credential. Anyone can type anyone’s email address. Any agent that acts on account-specific requests based on what a visitor asserts about themselves is one determined person away from a serious incident.

The usual response to this is to refuse to automate anything sensitive, and route every account-related question to a human. That works, and it also means the AI is only allowed to handle the questions that were not costing you very much anyway.

What a signed token actually proves

Your application already knows who is logged in. It authenticated them. The problem is that the chat widget, running in the browser, has no way to trust anything the browser tells it.

A signed identity token closes that gap. Your backend takes the user it has already authenticated, puts their ID and email into a token, and signs it with a secret shared only with your agent. The widget passes the token along. The agent verifies the signature before it does anything with the contents.

A forged token fails the signature check. A copied token belongs to whoever it was minted for. The visitor cannot manufacture one from the browser, because the secret is on your server and never goes near the client. That is the entire security property, and it is enough to make account-specific automation safe.

The shared secret lives on your server and never goes near the browser. A forged token fails the signature check, and a visitor cannot manufacture one.

Required, or just useful

Identity can be optional or required, and both are legitimate designs.

Optional is right for a marketing site with a logged-in area: anonymous visitors still get help, and signed-in customers get an agent that knows their plan and their history without asking. Required is right for a customer portal, a WHMCS client area, or anywhere the agent is only ever meant to be talking to real customers. There, the agent will not engage without a valid token.

You can also update identity part-way through a conversation. If someone starts chatting anonymously and then logs in, they become verified from that point, in the same thread. They do not have to start again.

Identity can be required, in which case the agent will not engage without a valid token, or optional. It can also be updated mid-conversation, when someone logs in part-way through.

The pairing that makes this worth doing

On its own, verified identity is a nice piece of context. Combined with agent actions, it is the thing that lets you automate the expensive half of your support queue.

The pattern is simple. The action gives the agent the ability to call your API. The identity token tells the agent which customer to call it *for*, with proof. Together they let you safely say: this agent may cancel the subscription of the person it is talking to, because it knows, cryptographically, who that is. Without the identity half, that same action is a liability. Rotate the shared secret whenever you need to, and nothing about your widget installation has to change.

An action gives the agent the ability to call your API. A verified identity tells it which customer to call it for, with proof. Without the identity half, that same action is a liability.

Frequently asked questions

What is verified user identity?

It is a way for your own application to prove to the agent who a visitor is. Your backend signs a short token containing the logged-in user’s ID and email using a secret shared with your agent, and the agent verifies that signature before trusting it. It turns an unverifiable claim into cryptographic proof.

Why is this needed? Cannot the visitor just tell the agent who they are?

They can, and it proves nothing. Anyone can type anyone else’s email address into a chat box. Without a signed token, an agent that acts on account-specific requests is trusting an unverifiable claim, which is not safe for anything that touches a real customer record.

Can I require visitors to be identified?

Yes. Identity can be set to required, in which case the agent will not engage without a valid signed token, or optional, in which case anonymous visitors are still helped and signed-in ones simply get a better-informed agent.

What happens if someone logs in halfway through a chat?

Their identity can be updated mid-session. They become verified from that point onwards, in the same conversation. There is no need to start a new chat.

What if my shared secret is exposed?

Rotate it. You can generate a new secret at any time from the dashboard, which immediately invalidates the old one. Nothing about your widget installation needs to change.

Does this work with agent actions?

Yes, and that is the main reason to use it. An action gives the agent the ability to call your API. A verified identity tells it which customer to call it for, with proof. Together they make it safe to automate account-specific requests such as cancellations and refunds.

Keep exploring

Let the agent handle the account questions too

Prove who the visitor is, and the expensive half of your support queue becomes safe to automate.