Documentation

Authorization

User authorization in Watchers' Social SaaS Platform secures access to chat rooms and user data. Two main methods are offered:

  1. Authorization with an Encrypted User IDThis method involves passing an encrypted user ID via a GET parameter, ensuring security against unauthorized access attempts like guessing or brute-forcing.
  2. OAUTH Authorization. Watchers supports OAUTH as an authorization method, allowing for secure and efficient user verification.

Authorization with an Encrypted User ID

This method involves passing an encrypted user ID via a GET parameter, ensuring security against unauthorized access attempts like guessing or brute-forcing.

Authorization scheme

How it works:

For authorization, the encrypted user ID is transferred in the URL when opening a room, as shown below:

https://web.stage.watchers.io/?roomId=[Room ID]&userId=[Encrypted User ID]&apikey=[API key]

userId is encrypted by the Partner using a mutually agreed method. Watchers will decrypt this using a secret key.

User ID Encryption

You can encrypt GET parameter userId using aes-256-ecb encryption method

And encode encrypted result to base64, urlencode and transmit it by GET parameter.

Scheme

If users try to transmit any data without correct secret key encryption - decryption will be failed

users can’t guess any other userID or enter to chat without registration or try to avoiding the product which the chat was integrated

Example encryption service code

https://gitlab.com/watchershub/aes-example

Secret Key requirements

We use 256 bit secret key and AES ECB type of encryption, secret key should be 32 symbol length.

OAUTH Authorization

Watchers supports OAUTH as an authorization method, allowing for secure and efficient user verification.

Enabling OAUTH Authorization

You can enable this authorization method through the Admin Panel.

Overview of the OAUTH Scheme

The OAUTH scheme used by Watchers involves passing an authcode instead of a userid. This authcode should be a one-time use code to enhance security.

Requirements for Implementation

This authorization type necessitates an API endpoint on the partner’s side to exchange the authcode for a userid. The URL for this API endpoint must be entered in the Admin Panel.

API Endpoint Details

Request data:

{ "authCode" : "123456789" }

Response requirement:

{"userId" : "987654321" }

Setting up this endpoint ensures that the authorization code provided during user interaction is exchanged securely and efficiently for a userid, which is then used within the Watchers platform to identify and authenticate the user.