Learn how to use a nonce (or secret) to provide security for Flow Socket websocket interactions
The nonce (or secret) is created to provide more security for websocket interactions. To enable it, go to your project and choose the Flow widget integration, select the advanced section, scroll down and check the box ENABLE CLIENT NONCE
How the nonce works
- If you call us for the first time for a specific
threadIdyou don't need to provide a nonce (secret) in response you will receive the nonce (secret) and you need to store it for this specificthreadId - A nonce is linked to a
threadId, that means if you change thethreadId, you will receive a new nonce in the response - If you have a nonce for a specific
threadIdyou'll need to provide it in the headers x-flowai-secret for any REST request - If you send a websocket message of the type
message.sendyou'll need to send the nonce in the message payload with a key named nonce