How can we prevent chat history from getting accessed by other users ? (Security Concern)

We are trying to maintain chat history by using ymAuthenticationToken parameter.

Since this ymAuthenticationToken is passed as static meaning every user is going to have a unique hash token.
What if this token is leaked, any other person can pass this in the chatbot as parameter and render the chat history of the victim.

So we are generating new token for each user with some time context . Example below

{"ymAuthenticationToken": "hashed-token-useremail-todays-date"}

Wanted to understand is this approach correct or there exists a better way to handle this security concern.

1 Like

Hi Pranav,

You have pointed a good point.
We are working on the revised version of the YmAuthenticationToken where it would be taken care.
Client need to share a new token after certain interval of time and post that old token would be of no use.
We would share the doc once it has been implemented.

Is there any timeline when this feature will be available for use.
Again would it possible to delete history linked to YmAuthenticationToken be deleted after defined hours say 24hours.

  1. Timeline
    β†’ @Siddhartha_paul can comment further

  2. Delete history after 24 hours
    β†’ No, this won’t be possible. But, why do you want to delete history?

β†’ It would be live by march 2023

Is the feature live now ?

@Pranav_Prashant yes, it is live