User Verification in Messaging for Web
To learn about and set up User Verification, see User Verification in Salesforce Help.
Configure your web client so you can personalize and secure the conversation between a verified user and an agent. See the Messaging for Web Event Listeners reference for details.
-
Add event listeners for
onEmbeddedMessagingReady
andonEmbeddedMessagingIdentityTokenExpired
to your website’s code or to the Code Snippet. See Get Started With APIs for Messaging for Web.When you receive an
onEmbeddedMessagingReady
event, the API is ready for requests. -
After you receive an
onEmbeddedMessagingReady
event, pass your identity token to the API by using thesetIdentityToken
method.Create the identity token and set its expiration time with the authorization mechanism of your choice.
Call this method for every tab or window where you want the user to have an authenticated conversation. Because the identity token is stored in the browser’s memory, you must call this method after a page refresh. JWTs must be signed using the RS256 or RS512 algorithms.
The conversation button is rendered after the API receives a valid identity token. The API generates a Salesforce authorization token when the user clicks the button, and the session starts.
The Salesforce token has a separate expiration time, determining how long the session stays active. You can edit this expiration time in Messaging Settings in Setup in the Authorization Token Expiration Time for Verified Users field. The default is 60 minutes.
-
If you interact with the web client after both the Salesforce token and the identity token have expired, the client dispatches the
onEmbeddedMessagingIdentityTokenExpired
event, but you can keep the session active. To keep the session active, send a new identity token to the API within 30 seconds of theonEmbeddedMessagingIdentityTokenExpired
event by using thesetIdentityToken
method as before. -
When the user logs out, call the
clearSession
method. This method clears all messaging and user data from all tabs and windows.You don't have to call the
clearSession
method. When the client doesn’t receive a new identity token within 30 seconds of dispatching theonEmbeddedMessagingIdentityTokenExpired
event, the client clears the session. -
Listen for the
onEmbeddedMessagingReady
event again to know when the API is ready for another conversation.
This sample code shows how to implement the key steps that verify a user for a messaging conversation. To determine where to add this code to your web page, see Get Started With APIs for Messaging for Web. For more code snippet settings, see the settings reference documentation.
Call setIdentityToken
for every tab or window where you want access to the authorized messaging conversation. Call clearSession
when the user logs out.
If your Messaging for Web deployment is on an Experience Cloud site, follow the instructions in Salesforce Help to add JavaScript code to the head markup section of your site. See Configure a Messaging for Web Deployment in an Experience Builder Site in Salesforce Help.