Overview
The Authentication Token allows you to prevent unauthorised use of the Userlane snippet by adding authentication and verification steps. When included into Userlane snippet, the token is passed to API during initialization to authenticate users from the first request and provide an additional security layer.
How it works
This token verifies a User at the moment of their first request to Userlane, adding an extra layer of security. It is in addition to - not a replacement for - the Public ID.
This piece to include into Userlane snippet:
Userlane('init', '<property-id>', { clientToken: '...' });
Key points:
Tokens are optional - omit if not needed.
if activated then each request from assistant to API
will be accompanied with token
Token itself is generated & saved by customer (below is described how to do so in Portal), separate per each app
If you have multiple apps with deployed Userlane - you cans set up separate token for each
Use short-lived tokens, rotate regularly.
Never log or expose tokens in unsecured locations.
If provided, the token is validated before any User data is processed.
Benefits
Heres' the key benefits the token gives to the customers.
Enhanced security:
In this era of the rapid boom of the external 3rd party AI agents that could hypothetically retrieve sensitive internal info with the requests to the API’s.
Better compliance:
If you're running a business in highly regulated industries which have stricter policies and it could be very useful for you since it adds an additional security layer
How to activate it?
In order to save and activate the authentication token you should have access to the Portal and have Admins rights
Do these steps to get therte:
- Sign in to Portal
- Go to Settings -> Application Settings -> Snippet Setup
- Come up with token, save it
- Then run the command described above to insert saved token into snippet
- Finally, turn the toggle ON
