Overview

Ticket authentication allows organizations to grant users access to the CommBox platform while bypassing standard authentication methods. The Ticket API returns a session cookie that is added to the login URL. By adding applicable parameters to the call or configuring it in the Privacy and Security module, you can limit the token’s life span or turn it into a one-time use.

Use Cases

Use-case A:
Allow a person to enter the CommBox platform under an existing agent.

Use-case B:
Allow a customer to enter the CommBox chat with their details encrypted in the ticket (called a silent login). Websites that use an initial identification process to enter the website can feed the ticket, avoiding a second authentication process for the chat.

Obtaining a Token

Example brand used: "Wispp"
Use the Ticket API:

POST https://api.wispp.com/auth/ticket

Authentication: Bearer Token (API Key)
Mandatory query parameters:
● Brand
● Username (Applicable only for agent authentication; found in the agent’s record)
● At least one strong identifier, such as email address, unique ID (from customer info), or phone number (including country code).

Request Body (raw format):

{
  "data": {
    "brand": "qawispp",
    "username": "eddie.d",
    "email": "eddiedoe053@gmail.com",
    "firstName": "Eddie2",
    "lastName": "Doe2"
  }
}

The API returns an authentication token string:

{
    "status": 200,
    "description": "Operation successful",
    "response_time": "2025-01-19T14:18:47.63079Z",
    "data": {
        "encpryptedString": "9M3Wg_fALiPm2gUeX2FinOJzCzlfrbUf1Ig7OcQVF2U8sjEwhQ0s_fec2C2ypa60iY8ifGRhh4mLVKPXVyIuwjegvnpIxkTWGfYEmdkTMLq9P1A_fRACgZtf7mcWPJMVFz1eTngM36yFV0rKSkBtY4aTjZf5p0g5dbEMuVbkGEkeMOE5TQtF3oxEKHZKDkYv51n0SNUyunnFx48tE2OMzvc6915iigisshk_f3ENY_f4lrcZ1Zr4yqFvP2M81x4MUQG06xB0gHjettXw7fww%3d%3d"
    }
}

Applying the Token to Bypass Authentication

Agent Login Bypass

To bypass the login page without entering the agent’s credentials, append the session cookie returned by the API to the login URL:

Format: Login URL / ?ta= / authentication token (without the quotation marks or the field name)

https://qawispp.wispp.com/login?TA=9M3Wg_fALiPm2gUeX2FinGOJz...

Customer Chat Access

To start the chat without manual identification, append the session cookie to the chat login page URL:

Format: Brand URL / chat / the channel ID in the encrypted code / ?ta= / authentication token (without the quotation marks or the field name)

https://apps.wispp.com/chat/nex9tHPKdBkD_fAfbuUPABg%3d%3d?ta=9M3Wg_fALiPm2gUeX...

Overriding Parameters

You can add the overrideUserInfo Boolean field to the request and set it to “true” to update the Customer Information section in the inbox. When the overrideUserInfo field is set to “false” (default), the token is used only for matching strong ID parameters.

Example Request:

{
  "data": {
    "brand": "qawispp",
    "email": "eddiedoe@gmail.com",
    "uniqueId": "12345678",
    "phone1": "9727181234567",
    "overrideUserInfo": true
  }
}

In our example, the original customer information pane included the following fields:

In the API call, we added the “unique Id” field while omitting the first and last name fields. The overriding field was set to “true”.

{
  "data": {
    "brand": "qawispp",
    "email": "eddiedoe@gmail.com",
    "uniqueId": "12345678",
    "phone1": "9727181234567",
    "overrideUserInfo": true
  }
}

Once logged in, the new customer information pane looks like this:

Management of Ticket Authentication

One-time Usage

To generate a single-use ticket, set the oneTimeUse Boolean field to true:
Example:

{
  "data": {
    "brand": "qawispp",
    "username": "eddie.d",
    "email": "eddiedoe053@gmail.com",
    "firstName": "Eddie2",
    "lastName": "Doe2",
    "oneTimeUse": true
  }
}

To enhance security, ticket issuance can be controlled through both the service interface and API requests. To do so, navigate to the Session management section of the Privacy and Security module.

When enabling the Enforce one-time use Ticket Authentication toggle, all Ticket Authentication APIs will return a one-time use token regardless of the parameters entered. This overriding layer of protection ensures the admin control over the issuing process.

Ticket Expiration

In the same section mentioned above, you can limit the token's life (by default, 5 minutes).
Remember to save all modifications at the bottom of the screen.

Exclusive Silent Login

For exclusive login via an authentication token, toggle on the Force silent login at the Chat’s Login section in the Channel settings.