Regarding the integration with Magento, can we have some details? Magento version and API documentation, how can we know if Amelia is starting a session with a user that's authenticated. One way would be that Amelia gets an ID when the conversation is started and she can then query Magento's API with that. This ID should expire soon (10 seconds) to make it secure. We could look at SSO integration as well.
Regarding Magento/SSO integration this is our documentation. Amelia would need an Identity Provider ("IdP") that provides authentication services. It seems that Magento itself does not have the possibility of acting as an IdP so it would have to be another system to you provide.
One alternative to this would be to have the sites where Amelia is integrated to send Amelia some sort of unique ID that she can use to call an API hosted by CanSat to fetch user information (full name, email, phone, etc...). The downside of this method is that the ID would have to be protected with a short expiry time (perhaps 10 seconds) so that it cannot be extracted from the page and used maliciously. This could be made more secure by having the API server from your end only accept requests from Amelia IP addresses. We could also secure that using Amelia's Integration Services Client; this would be out of scope on this first phase of the project but it could be implemented in the long run.
upwork.com/messages/rooms/room_7725f00c5ed18ba32b7c46f038311707/story_48ae14327b5721fa566db98c9d0e9794
upwork.com/messages/rooms/room_7725f00c5ed18ba32b7c46f038311707/story_58dd43e49ec2c7804eb336718efc5207
https://www.upwork.com/messages/rooms/room_7725f00c5ed18ba32b7c46f038311707/story_6961444525e918dc580c888819c2d917
upwork.com/messages/rooms/room_7725f00c5ed18ba32b7c46f038311707/story_377315d7165fc540a704be761ea8e2ad