We are trying to maintain chat history by using ymAuthenticationToken parameter.
Since this ymAuthenticationToken is passed as static meaning every user is going to have a unique hash token.
What if this token is leaked, any other person can pass this in the chatbot as parameter and render the chat history of the victim.
So we are generating new token for each user with some time context . Example below
{"ymAuthenticationToken": "hashed-token-useremail-todays-date"}
Wanted to understand is this approach correct or there exists a better way to handle this security concern.
1 Like
Hi Pranav,
You have pointed a good point.
We are working on the revised version of the YmAuthenticationToken where it would be taken care.
Client need to share a new token after certain interval of time and post that old token would be of no use.
We would share the doc once it has been implemented.
Is there any timeline when this feature will be available for use.
Again would it possible to delete history linked to YmAuthenticationToken be deleted after defined hours say 24hours.
Timeline:
β It would be live by march 2023
Is the feature live now ?
@Pranav_Prashant yes, it is live