I am not a developer of any type but am trying to understand if risk exists by embedding a Call Center live chat link on a page of our comapny web site that requires user authentication to reach. Is that live chat link truely contained to that page and only accessible by clicking the link from that page….. or is there a way to engage the live chat link directly given enough knowledge of the underlying url or api keys or something?
Any high level info on this question would be greata nd I can use to inform my team and continue research.
Zoom Contact Center web chat SDK is by design available to the internet and to any website where your Zoom account’s ZCX Web SDK tag is installed.
If you want to lock down web chat to only authenticated users, based on the login on your website, we would recommend that you implement Consumer Authentication into your Zoom Contact Center web chat Flows.
If your requirement is to only allow web chat for authenticated users, then in your Zoom Contact Center web chat Flow, you will want to check the value of the global variable global_system.Engagement.authenticationStatus. Only if this variable is true will you allow consumers to continue in web chat. Implementing the Consumer Authentication feature, and checking this variable in your Flow, will allow you to ensure that only authenticated users can start a web chat.