Secure embebed web chat Channel

[yimialejoh]

Hi, We want to embed the web chat channel in our web page. we have the script code to insert, but we are worried because anyone that inspects the web page can see the code (token and channelId) and can implement it in other web sites.

Can you help us with any ways of making it private?, It's really important to us for security matters.

[dbousque]

Anything that runs on your browser can be inspected and reproduced somewhere else :) We could prevent the webchat of your bot from loading on an other website than yours (through CORS). But then anyone could still have an other, similar in all respects, webchat and talk to your bot from an other website, since the requests made by the frontend to talk to the bot can be made from any server as well. Let me know if I can clear this up further, but the bottom line is that there is no way to guarantee with certainty that a request comes from a particular source on the internet.

[yimialejoh]

Thanks @dbousque, For the moment we download the webchat cdn (https://cdn.recast.ai/webchat/webchat.js) and we host it in our server in the cloud, from there we activate the firewall and only allow the desired ip. Do you see this right?

[dbousque]

Ah alright I see, your bot is not public right ? Are you in a testing environment ?

[yimialejoh]

It´s correct, it's a private bot. We want that only the chat bot server host can make request to recast api and other that can see and embebed the script can not.