Authenticating users securely
For sensitive applications, we recommend that our customers use our secure authentication mechanism to ensure that users are who they say they are. When identifying users in this manner, you'll need to use a secret on your application's backend in order to generate a cryptographically secure hash that should be passed into Cohere.identify.

Creating the hash

We provide example HMAC generation code for common web programming languages. If your backend language is not listed here, we'd be happy to add instructions. Please contact us at [email protected]
We will provide you with an authentication secret that you will need to store securely on your backend. DO NOT STORE THIS SECRET IN VERSION CONTROL OR EXPOSE IT ON ANY PUBLICLY FACING ASSETS.
Once we send this secret over to you, Cohere.identify calls will not work without the identityHash attribute.
Next, you will need to return the token for an identified user, either with an authenticated endpoint (in the case of an SPA) or inside the response itself.
Python 3
Node.js
Ruby
1
import hmac
2
import hashlib
3
import json
4
5
hmac.new(
6
b"COHERE_AUTHENTICATION_SECRET_HERE",
7
bytes(
8
json.dumps(
9
{"id": user_id, "displayName": user_name, "email": user_email},
10
separators=(",", ":"),
11
),
12
encoding="utf-8",
13
),
14
digestmod=hashlib.sha256,
15
).hexdigest()
16
Copied!
1
import crypto from "crypto";
2
3
crypto
4
.createHmac("sha256", "COHERE_AUTHENTICATION_SECRET_HERE")
5
.update(
6
JSON.stringify({ id: userId, displayName: userName, email: userEmail })
7
)
8
.digest("hex");
9
Copied!
1
OpenSSL::HMAC.hexdigest(
2
'sha256',
3
'COHERE_AUTHENTICATION_SECRET_HERE',
4
JSON.generate({'id': user_id, "displayName": user_name, "email": user_email })
5
)
6
Copied!

Authenticating the user

When calling Cohere.identify, pass in the authHash attribute along with the other identifying data for the user:
1
Cohere.identify({
2
id: "user_id",
3
displayName: "First Last (555-555-555)",
5
authHash: await (await fetch('/generate-auth-hash')).text()
6
})
Copied!
The user will then be identified with Cohere their attributes will be searchable.
After the secure authentication mechanism is enabled, all identify calls that lack or have an invalid authHash will fail.
Last modified 12d ago