16

JavaScript API

Last Update 2 maanden geleden

How to maximize the widget when a website loads How to maximize the widget after a trigger Delaying the tawk.to widget using JavaScript Customizing your z-index with the JavaScript API Vue 2

How to generate a hash for JavaScript API

The instructions below are for desktops and laptops only.

Using a hash with your JavaScript API calls is a great way to secure your customers’ data on your tawk.to chat widget.

A hash is a powerful security feature that encrypts your secret key and user ID into a string of characters that unauthorized parties cannot read.

These functions in our JavaScript API accept the hash as an attribute:


In this guide, we’ll show you how to get your secret key and generate the hash.

First, get the secret key

Follow these steps to get your secret key:


1. Log in to your tawk.to account.


2. On your dashboard, select the property you need the key for. Hover over the property name to ensure you’ve selected the correct one.

3. Click the gear icon on the top menu to go to the Administration panel.

4. On the Administration menu, select Overview.

5. Scroll down to JavaScript API.

6. Enable Secure Mode.

7. Click the following icon to copy the Key:

You’ll need this key for the next section where we generate the hash.

Generating the hash

You can use any encryption service of your choice to generate a hash. In this example, we show you how to do this using Crypto.js. The relevant libraries are available at:
https://cryptojs.gitbook.io/docs

https://www.npmjs.com/package/crypto-js


Follow these steps to generate the hash:

1. Copy the following code into the <head> section of your website’s HTML:

2. Copy the following function into your JavaScript file. This function handles the generation of the hash value.

3. Replace secretKey with the key copied from your tawk.to dashboard.

If you’re using the hash with the login() function, please note:
After logging in, it may take up to a few seconds for your customer’s conversations to appear.

Error codes
These are the possible error codes you might encounter:
Error codeDescription
400Bad Request Error
This indicates an error in your function’s attributes. Check your code and re-send the request.
401Unauthorized Error
This indicates that
  • The user ID doesn’t match the encrypted hash value, or
  • Secure Mode isn’t enable in your tawk.to dashboard.

Check your code and re-send the request.
500Internal Server Error
This indicates our servers are currently busy. Try re-sending the request.

These error codes will appear in the developer’s console of your web browser.

That’s it! Now your customers’ data sent via API calls are encrypted, protecting them from unauthorized access.


Should you encounter any challenges or have further questions, please reach out to us. 

If you have feedback about this article, or if you need more help:

Was this article helpful?

2 out of 2 liked this article

Still need help? Message Us

Related Articles

People also read

Behind the scenes: Your widget, your way with the JavaScript API

People also read

Setting a visitor’s name and email in the Pre-Chat Form using JavaScript API