Identify Logged-in Users

If your site has authentication, call identify() after login to attach trusted profile data to the current visitor. The AI then knows who it's talking to and can pull data from your CRM, order history, or account.

Vanilla JS

widget.identify({
  externalUserId: "user_42",
  name: "Alex Example",
  email: "[email protected]",
  phone: "+491701234567",
  company: "Example GmbH",
});

externalUserId is the only field you really need — that's the join key to your own database. Everything else helps the AI personalize.

React / Next.js (script-tag-style via event)

The <BitPalmAgent /> component doesn't expose a ref by design. Instead, dispatch a browser event from anywhere in your app:

"use client";
import { useEffect } from "react";
 
export function IdentifyOnLogin({ user }: { user: User | null }) {
  useEffect(() => {
    if (!user) return;
    window.dispatchEvent(
      new CustomEvent("bitpalm-identify", {
        detail: {
          slug: "your-agent-slug",
          externalUserId: user.id,
          name: user.name,
          email: user.email,
        },
      })
    );
  }, [user]);
 
  return null;
}

The widget listens for bitpalm-identify on window and forwards the data.

Script-tag integrations

Same event pattern as React above. Call from anywhere in your page after login:

window.dispatchEvent(
  new CustomEvent("bitpalm-identify", {
    detail: {
      slug: "your-agent-slug",
      externalUserId: "user_42",
      name: "Alex Example",
      email: "[email protected]",
    },
  })
);

Signed identify (verified data)

For high-trust use cases (compliance, verified actions in chat), you can sign the identify payload server-side. The widget forwards the signature to BitPalm, which verifies it before trusting the data.

widget.identify({
  externalUserId: "user_42",
  email: "[email protected]",
  signature: "<HMAC-SHA256 of payload>",
  signedAt: 1715354400, // unix seconds
  signatureVersion: "v1",
});

Backend recipe (Node):

import crypto from "crypto";
 
const secret = process.env.BITPALM_IDENTIFY_SECRET; // from dashboard
 
function sign(payload: Record<string, string>) {
  const signedAt = Math.floor(Date.now() / 1000);
  const message = JSON.stringify({ ...payload, signedAt });
  const signature = crypto.createHmac("sha256", secret).update(message).digest("hex");
  return { ...payload, signature, signedAt, signatureVersion: "v1" };
}

The same BITPALM_IDENTIFY_SECRET lives in your dashboard → Settings → Embed.

Calling identify multiple times

Safe and additive. Later calls merge with earlier ones — pass only the fields that have new values:

widget.identify({ externalUserId: "user_42", email: "[email protected]" });
// later, after they update their phone in your settings:
widget.identify({ phone: "+491701234567" });

The widget keeps the original externalUserId and adds the phone.

See also