Overview of Nonce
Learn how nonce provides a secured connection for your server, how to enable nonce, fetch a nonce, and open a connection.
The nonce (or secret) provides more security for WebSocket interactions between the web server and the Flow Socket API server.
How the nonce works
- If you make a call to Khoros Flow for the first time for a specific
threadId, you don't need to provide a nonce (secret) in response; you will receive the nonce (secret), and you need to save it for this specificthreadId. - A nonce is linked to a
threadId, which means if you change thethreadId, you receive a new nonce in the response. - If you have a nonce for a specific
threadId, you need to provide it in the headersx-flowai-secretfor any REST request. - If you send a websocket message of the
message.sendtype, you need to send the nonce in the message payload with a key named nonce.
Enabling the Nonce
To enable the nonce:
- Go to your project.
- Select Integration.
- Choose Web widget and API.
- Select the CUSTOMIZE section.
- Go to the Security section.
- Select the ENABLE CLIENT NONCE checkbox.
Fetching a Nonce
To retrieve a nonce, see Get a nonce.
Opening a connection
The socket URL fetched from the socket.info endpoint is for one-time use and is valid for 60 seconds. Ensure you are connected directly between a web server and a Flow Socket API server.
Message or Event Format
The message or event that you send or receive must be in JSON format.
{
"type": "...",
"payload": {
...
}
}
| Parameter | Description | Required |
|---|---|---|
| type | The message type. For example. message.send | Yes |
| payload | The body of the message | Yes |
Updated 3 days ago