User Verification API
To learn about and set up User Verification, see User Verification in Salesforce Help (can be unavailable during release preview).
This section describes the steps you must take from your web client to ensure a personalized and secure conversation between a verified user and an agent. See the associated documentation for each step of this sequence.
- Before you initialize the API, add event listeners for two events.
onEmbeddedMessagingReady
notifies you when the API is ready for requests.onEmbeddedMessagingTokenExpired
notifies you if the identity token has expired. - At some point after the
onEmbeddedMessagingReady
event is dispatched, pass the identity token to the API using thesetIdentityToken
method. You must call this API for every tab or window where you want the user to have an authenticated conversation. Since the token is stored in the browser’s memory, you must also call this method after a page refresh. JWTs must be signed using the RS256 algorithm. - Before the identity token expires, refresh the token with your customer authentication server and pass the updated token to the Salesforce API using
setIdentityToken
. If the token expires before you callsetIdentityToken
, theonEmbeddedMessagingTokenExpired
event is dispatched and user data is cleared. - When the user logs out, call
clearSession
. This method invalidates the identity token and removes all user data from all tabs and windows.
Be sure to call setIdentityToken
for every tab or window where you want access to the authorized messaging conversation.
This sample code illustrates how you can implement the key steps of this sequence.
The Messaging for Web reference documentation describes these methods in more detail.