For sensitive applications, we recommend that our customers use our secure authentication mechanism to ensure that users are who they say they are. When identifying users in this manner, you'll need to use a secret on your application's backend in order to generate a cryptographically secure hash that should be passed intoCohere.identify.
Creating the hash
We provide example HMAC generation code for common web programming languages. If your backend language is not listed here, we'd be happy to add instructions. Please contact us at [email protected]
We will provide you with an authentication secret that you will need to store securely on your backend. DO NOT STORE THIS SECRET IN VERSION CONTROL OR EXPOSE IT ON ANY PUBLICLY FACING ASSETS.
Once we send this secret over to you, Cohere.identify calls will not work without the identityHash attribute.
Next, you will need to return the token for an identified user, either with an authenticated endpoint (in the case of an SPA) or inside the response itself.