Is fcWidget api secure enough to pass customer's data and use that data to identify customer?

Here is our use case:
we have a customer who has already logged in to our site. On our site, the customer can send messages via the FreshChat widget.

In order to pass personal data of this logged in customer to FreshChat, I guess we could set the customer’s data as user property with the function window.fcWidget.user.setProperties() , however, with this approach, the data passing process is purely handled on the frontend. Would it be possible that the customer’s data passed through the widget functions, like window.fcWidget.user.setProperties(), be maliciously altered???

If it could be altered, would that means that I should implement extra security layer to ensure the authentication of the customer?

@shan Yes, it is possible to alter the values that are set via user.setProperties() by using the console on the browser.

If you are looking for a more secure way of handling this, Freshchat’s widget also supports JWT. That way the identity of the end user is always verified for each request and it cannot be tampered since that will make the token invalid.

You can contact support@freshchat.com for documentations and instructions on how to enable JWT for your Freshchat account.

1 Like