Skip to main content
Every session in AgentView belongs to a User. When you create a session without specifically pointing at any user, a new anonymous user will be created under the hood. 
const session = await av.createSession({ agent: "my_agent" });

console.log(session.user) // { id: "...", externalId: "...", token: "..." }
User object has 3 properties:
  • id - AgentView id
  • externalId - unique user id from host platform (for example Shopify), so that you can easily match users
  • token - user’s secure authentication token

Create user

You can create user manually using av.createUser 
const user1 = await av.createUser({ externalId: "..." }) // with external id
const user2 = await av.createUser() // without external id

Update user

You can update user manually using av.updateUser 
await av.updateUser({ id: "user_id", externalId: "new_external_id" });

Get user

You can fetch user by using id, external id or token: 
await av.getUser({ id: "user_id" })
await av.getUser({ externalId: "user_external_id" })
await av.getUser({ token: "user_token" })

Creating Sessions for specific user

You can create a session for a particular user: 
await av.createSession({ agent, userId: "user_id" });

Narrowing down scope

It you initiate AgentView client with API Key, this API Key grants you access to all the users: 
const av = new AgentView({
    apiUrl: "http://localhost:1990",
    apiKey: "your_api_key"
});

const user = await av.getUser({ id: "user_id" }); // access granted
In your Agent Endpoint you might want to narrow down the scope of the action to a specific user. You want to call av.getSession or av.createSession as a specific user, and if user doesn’t have permissions to the specific session or creating new one, the operation should throw an error. This provides a great security layer for your Agent Endpoint. It’s possible to do it by scope narrowing by using as method of AgentView class: 
const av = new AgentView({
    apiUrl: "http://localhost:1990",
    apiKey: "your_api_key"
});

const bob = await av.createUser();
const alice = await av.createUser();

const bobSession = await av.as(bob).createSession({ agent: "my_agent" }); // this session belongs to bob

await av.as(bob).getSession({ id: bobSession.id }); // access granted
await av.as(alice).getSession({ id: bobSession.id }); // (!) throws, it's not session from Alice
Under the hood as adds X-User-Token header to the API request with the user’s token to scope the request to the specific user.