Securing Chatbot authentication using JWT

Updated
  • Updated on Feb 10, 2026
  • 2 minute(s) read
Prev Next

Plans supporting this feature: Business (add-on) Enterprise (add-on)

JSON Web Token (JWT) is an open standard used to securely transmit information between parties as a JSON object. It allows for authentication and information exchange, ensuring that the data sent is verified and trusted. By implementing JWT for the Eddy AI Chatbot, you can create a secure environment for your private and mixed projects, protecting sensitive information from unauthorized access.

NOTE

To know more about the languages supported by Eddy AI, click here.

You can implement an authentication configuration for the Eddy AI Chatbot using JWT, ensuring a secure environment for Private and Mixed projects.

  1. Navigate to AI Chatbot (Frame image) in the left navigation bar in the Knowledge base portal.

  2. Click Create Eddy AI Chatbot.

    Alternatively, click the Customize () icon to modify an existing chatbot.

  3. Navigate to the Security () tab under General module.

  4. Click the accordion to expand the JWT section and Enable JWT toggle.

  1. Client ID: The client ID will be your project’s ID.

  2. Chatbot ID: Since multiple chatbots may exist, a Chatbot ID is provided for their unique purposes.

  3. Token endpoint: This is the HTTP endpoint used to obtain an access token using an authorization code.

  4. Client secret: Click Regenerate to generate the client secret. Ensure you save this for future use, as it will apply to all chatbots created moving forward.

NOTE

The Client Secret is required for all future JWT-enabled widgets. It will not be stored within Document360, so keep it securely.

   e. Authorize URL: Paste the authorized URL from your knowledge base widget webpage.

Configuration settings for JWT in Document360, highlighting required fields and save option.

Embed the authorized URL within your code and paste it into the Script section of your webpage to implement a secure, authenticated Chatbot. This setup will prevent unauthorized third-party access. By following these steps, you can successfully implement JWT authentication for the Eddy AI Chatbot, ensuring a secure environment for your projects. After configuring your chatbot, test the setup thoroughly to ensure that everything functions correctly.

NOTE

For more information on implementing the auth endpoint, read the article on Managing the Knowledge base widget.  

FAQ

What should I check if I encounter issues during authentication?

If you experience authentication issues, ensure the following:

  • The client secret and token endpoint are correctly configured.

  • The user is authenticated before making a request to the endpoint.

What are common pitfalls to avoid when implementing JWT?

Here are a couple of common pitfalls to watch out for:

  • Failing to save the client secret after regeneration can lead to authentication failures.

  • Misconfiguring the token endpoint can prevent successful token retrieval.

What should I do if I lose my client secret?

You will need to regenerate a new client secret and update your configuration accordingly.

How can I verify that JWT authentication is working?

Test the authentication flow by attempting to access the Eddy AI Chatbot and checking for the correct access token response.

Related articles