SohojXDocumentation

Create a chat application

Wizard, origins, credentials, and rotation.

Each website or product that needs chat is one Chat application. On create you receive a public chat application id (cap_...), widget key (wk_...), and a server-only chatApplicationSecret.

Visitor and agent origins

Visitor origins control where the visitor widget and visitor APIs may run (browser CORS). Agent origins control where the agent embed may load. The platform host (APP_URL) is allowed automatically for pop-out and hosted chat pages.

Credentials

  • cap_... + wk_... — safe to expose in HTML embed snippets (visitor widget only).
  • chatApplicationSecret — server-side only; Bearer token for save-visitor and other developer server APIs.
  • Never put chatApplicationSecret in frontend code or the visitor widget.

Rotate secret

If the chat application secret is exposed, use Rotate secret in the dashboard and update your backend immediately.

Create a chat application · Central Auth Docs | SohojX Platform