There is no restriction in where can PureCloud web chat widget be deployed to. This lack of restriction can potentially impact client organizations.
Potential impact
Facilitates website spoofing. Eg, having a chat widget actually working and creating interactions with an organization's contact center can sustantially increase a fake website's credibility.
Contact center exploitation. Targeted organizations can be potentially receiving more interactions than the actual contact center capacity.
The first thing that comes to my mind is a domain based restriction using Token Implicit Grant OAuth authentication. Then allowed widgets can be restricted to desired domains.
Thanks for your reply. Let me clarify if I unterstood correctly:
Taking into account the "customers" term as end-users initiating chat interactions, not our organization customers (as a partner). When you state "allow only authenticated web chat customers to initiate chats" you mean they must be authenticated to PureCloud? Most chat options are not meant to need authenticated users, sometimes customers need to ask simple questions.
Despite the needing of authenticated users or not. The web chat widget use should be restricted to allowed domains, following the first potencial impact shown in OP.
The planned feature will allow you to set up the chat widget such that only customers that are authenticated with your site (not PureCloud) will be able to initiate a session with an agent within PureCloud.
Got it. But you may consider particular cases where organizations websites doesn't even implement an authentication service, it is just an informative website intended to do an initial contact with their customers.
Yes, I agree. We do have future plans to allow you to simply restrict the domain, however that configuration option will not be a part of the initial authenticated chat that is coming soon.