# Important information and recommendations ## User identifier **⚠** It should be unique per user - the user ID cannot be recycled from one user to another.\ \ \&#xNAN;**⚠** It should be max 255 characters.\ \ \&#xNAN;**⚠** If you don’t respect these guidelines, iAdvize will consider all visitors as one and the same visitor. We will then associate all the conversations of visitors with the same user ID. This creates a confidentiality issue: visitors will then have access to the content of each-other's conversations, including text and attachments. ## Token encryption When you generate a JWE which contains your user identifier, your library to generate this token should support A256GCM and RSA\_OAEP\_256 for creating the JWE. The inner JWS must be signed with RS256. ## Private Key storage We store our private key using an external security tool call Vault, so our private key is not exposed through our code or any database access. ## About the external id usage (extId) The visitor authentication system fully replaces the usage of the "ExtID". Then, if you use the visitor authentication system in an authenticated space of your website, you have to ensure that you are not using the "ExtID" system in parallel. ## Sending visitor data in the JWT token In addition to the **userId** claim, an optional **visitorData** claim can be added to the JWT. This is how it would look like, before encryption:
EncodedDecoded
eyJhbGciOiJSUzI1NiJ9.eyJodHRwczpcL1wvaWFkdml6ZS5jb21cL
3VzZXJJZCI6InRlc3RfZG9jdW1lbnRhdGlvbiIsImh0dHBzOlwvXC9
pYWR2aXplLmNvbVwvdmlzaXRvckRhdGEiOnsiY291bnRyeSI6IkZyY
W5jZSIsImZpcnN0TmFtZSI6IkphbmUiLCJsYXN0TmFtZSI6IkRvZSI
sInppcENvZGUiOiI0NDAwMCIsImFkZHJlc3MiOiI5IHJ1ZSBOaW5hI
FNpbW9uZSIsInBob25lTnVtYmVyIjoiKzMzNjUxMjI5ODU2IiwiY2l
0eSI6Ik5hbnRlcyIsImVtYWlsIjoiamFuZS5kb2VAZW1haWwuY29tI
n0sImlzcyI6Imh0dHBzOlwvXC90ZXN0LmlhZHZpemUuY29tIiwiZXh
wIjoxNjkxNTg4NzA3fQ.YrR0AisAbXzdcF7IGdKb4DGR0JOudaBS5E
s78YW_K3x65WfGlQhktYlgKud0AH8AgVi7EDb7aAWy5-9kuwezuqnL
CBBsaUBWJSkSN2OxVh0tSylNEKPIOYRlEG2lS6Fwlo_UdFkKQ1SIBG
jSEcPqepVwO58od6GlY5yjcTlOF6dj7RyON4KRxRir0wP6yCbZi2oa
4IS_beilJvS9ymZO-8zRnGHKS-J_xqqhpTkz8lF11Wb0UQz1ML16nq
uTIHLTzYO4e5UqdK0BUCIe0ivla6r5YQR5HYYhCKssvycqFdYh4mWF
lSziFkB-HKxbWCz-qbugkxvMicTXvEzwO-fELg

{
"https://iadvize.com/userId": "test_documentation",
"iss": "https://test.iadvize.com",
"https://iadvize.com/visitorData": {
"country": "France",
"firstName": "Jane",
"lastName": "Doe",
"zipCode": "44000",
"address": "9 rue Nina Simone",
"phoneNumber": "+33651229856",
"city": "Nantes",
"email": "jane.doe@email.com"
},
"exp": 1690376935
}

Detail here


It may contain the following fields, all optional strings: ``` address city country email firstName lastName phoneNumber zipCode ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.iadvize.dev/use-cases/visitor-experience/authenticated-messaging/web-backend-implementation/important-information-and-recommendations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.