Learn how to use a nonce (or secret) to provide security for Flow Socket websocket interactions

The nonce (or secret) is created to provide more security for websocket interactions. To enable it, go to your project and choose the Flow widget integration, select the advanced section, scroll down and check the box ENABLE CLIENT NONCE

How the nonce works

  • If you call us for the first time for a specific threadId you don't need to provide a nonce (secret) in response you will receive the nonce (secret) and you need to store it for this specific threadId
  • A nonce is linked to a threadId, that means if you change the threadId, you will receive a new nonce in the response
  • If you have a nonce for a specific threadId you'll need to provide it in the headers x-flowai-secret for any REST request
  • If you send a websocket message of the type message.send you'll need to send the nonce in the message payload with a key named nonce