Jodo World Widget SDK Docs | Jodo Documentation Hub

Overview

JodoWidgetAPI is a tool that enables developers to embed real-time interaction capabilities into web applications, including chat, voice calls, video calls, screen sharing, cobrowsing, document sharing, and location sharing. The SDK is event-driven: actions produce callback events that should be handled by the integrating application.

Audience

Developers integrating JodoWidgetAPI into web applications.

Purpose & scope

This documentation describes prerequisites, installation, configuration, integration steps, API methods, callback events, technical specifications, and security guidance required to integrate the widget SDK into a webpage.

Any details not explicitly defined are marked as Not specified in source document.

System / feature description

Core capabilities

Session initialization with optional conversation history and optional routing to a specific user/team via specific_user_id.
Chat messaging with delivery/read acknowledgments and typing indicators.
Voice / video calling including accept/reject flows, mute/unmute, start/end lifecycle events.
Screen sharing with accept/reject and start/end events.
Cobrowsing start/stop plus custom cobrowse data push and license-related events.
Document sharing via URL-based transfer (HTTPS recommended).
Location sharing via latitude/longitude plus a static map image URL.
External data push to enrich sessions (product, geo, device, analytics fields, etc.).
Custom CSS via external CSS file URL applied to the widget.
SDK version retrieval via a version method and callback event.

High-level security architecture (conceptual)

The documented security architecture follows a layered model:

Client layer: End user browser & host web application; widget SDK runs inside the host page.
Transport layer: HTTPS (TLS) and WSS/HTTPS used for network communication.
Widget gateway: API key validation, domain/IP restrictions, rate limiting & throttling, request authentication.
Session & identity layer: session token validation, unique user mapping, message sequencing, replay prevention.
Communication services: chat; voice/video (WebRTC / LiveKit); screen share / cobrowse; document & location exchange.
Security & compliance controls: TLS encryption in transit; PII masking & redaction; consent enforcement; file validation & scanning; audit logging.
Backend & data storage: encrypted session data and transcripts; access-controlled logs; configurable retention policies.

Prerequisites

Access requirements

Access to the JodoWidgetAPI server: https://myjodo.jodoworld.com/
API key (akey) and service key (skey) provided by JodoWorld support.

Dependencies

ext_integration-2.0.js (also referenced as ext_integration-v2)
Example path: /jodowidgetapi/js/ext_integration-2.0.js

Not specified

Supported build systems, package managers, integrity hashes, and version pinning mechanisms are Not specified in source document.

Installation

Download and setup

Ensure you have access to the JodoWidgetAPI server.
Obtain the required API key and service key from JodoWorld support.

Installation steps

Include the widget integration script in your webpage.
Configure an extdata object containing API credentials and UI element IDs.
Add the required HTML elements for voice, video, screen sharing, etc.

Credential exposure risk

API keys and service keys must not be hard-coded into public repositories. For enterprise deployments, use backend-issued short-lived tokens and apply domain/IP restrictions and rotation policies.

Configuration

Configuration options

Parameter	Type	Example	Description
akey	Text	"YOURAPIKEY"	Your API key.
skey	Text	"YOURSERVICEKEY"	Your service key.
serverpath	Text	https://jodostaging.avhan.com:4443	Base path to the JodoWidgetAPI server endpoint used by the SDK.
voicediv	Text	"ext_voice_outerdiv"	ID of the HTML element used for voice UI container.
videodivremote	Text	"ext_remoteview"	ID of the HTML element used for remote video rendering.
videodivself	Text	"ext_selfview"	ID of the HTML element used for local/self video rendering.
screensharediv	Text	"ext_screenshare_outerdiv"	ID of the HTML element used for screen sharing UI container.
imagecapturediv	Text	"ext_imagecapture_outerdiv"	ID of the HTML element used for image capture UI container.
callbackfn	Function name (string)	"eventcallback"	Callback function invoked by the SDK when events occur.

HTML structure requirements

The exact required HTML markup for the containers (voice/video/screenshare/etc.) is Not specified in source document; only the element IDs are defined via configuration.

Setup & usage instructions

1) Define extdata configuration

<script>
var extdata = {
  akey: "YOUR_API_KEY",
  skey: "YOUR_SERVICE_KEY",
  serverpath: "https://jodostaging.avhan.com:4443",
  voicediv: "ext_voice_outerdiv",
  videodivremote: "ext_remoteview",
  videodivself: "ext_selfview",
  screensharediv: "ext_screenshare_outerdiv",
  imagecapturediv: "ext_imagecapture_outerdiv",
  callbackfn: "eventcallback"
};
</script>
<script src="https://myjodo.jodoworld.com/jodowidgetapi/js/ext_integration-2.0.js"></script>

2) Initialize a session

Session initialization starts a new session and can include any prior conversation history to provide context to the connected agent. Callback events indicate whether the session is connected to a live agent, if no agent is available, if all agents are busy, or if errors occur.

// Method calling
let return_value = jodosessioninit();

Session initialization with conversation history

let return_value = jodosessioninit({
  "name": "Satej",
  "conversation": [
    {
      "type": "visitor",
      "message": "chat with an expert",
      "timestamp": "05 Aug 2024 07:35 PM"
    },
    {
      "type": "chatbot",
      "message": "Please enter your name.",
      "timestamp": "05 Aug 2024 07:35 PM"
    }
  ]
});

Specific routing

If specific_user_id is configured, the requested user or team ID is passed during session initialization to connect to that specific user/team.

API reference

This section lists methods exposed by the SDK, including expected parameters, return codes (where specified), and related callback events. Callback handling is centralized in the configured callback function (see Event callbacks).

Session & chat methods

Start session

Initializes a new session with a chatbot and attempts to connect the session to a live agent. Accepts an input JSON object which may include prior conversation history.

Method calling: let return_value = jodosessioninit();
Return value: Not specified in source document
Primary callback media/eventtype: session / (e.g., widgetInit, plus allocation states)

Field	Example	Meaning
eventdata.type	"WS"	Transport/type marker.
eventdata.media	"session"	Media category for event routing.
eventdata.eventtype	"widgetInit"	Event type emitted for widget/session initialization.
eventdata.systemcallid	"56238452374573443"	Unique ID for every session.
eventdata.loadmethod	"custom"	Widget loading method.
eventdata.startwithmedia	chat	When load method is autostart, start with this media.
eventdata.isPSTN	0 / 1	Indicates start with PSTN call.
eventdata.messageid	"fdhhdf347dfsj"	Unique message ID.
eventdata.msg	"Session Connected to Emma"	Message indicating event result (agent connection example).
eventdata.timestamp	"2025-08-21 11:52:49"	Event timestamp.

{
  "eventdata": {
    "type": "WS",
    "media": "session",
    "eventtype": "widgetInit",
    "systemcallid": "56238452374573443",
    "loadmethod": "custom",
    "startwithmedia": "chat",
    "timestamp": "2025-08-21 11:52:49",
    "msg": "Session Connected to Emma"
  }
}

Send chatbot data

Pushes chatbot context (visitor identity and conversation array) into the session.

Method calling: let return_value = ChatBotDataPush(data);
Input: data is a JSON array.
Return codes: 0 (Empty data), 1 (Success), 3 (Invalid JSON)
Callback: session / ChatBotDataPush

Field	Required	Type	Example	Description
name	Yes	Text	"Emma"	Name of the visitor.
conversation[i].type	Yes	Text	"visitor" / "chatbot"	Participant type for each message.
conversation[i].message	Yes	Text (255)	"Please enter your name."	Message content.
conversation[i].timestampd	Yes	Text	1722880500	Unix timestamp value.
specific_user_id	Yes	Text	"dmliaGFfam9kb0Bhdmh...=="	Unique user ID / team ID for routing.

{
  "eventdata": {
    "media": "session",
    "eventtype": "ChatBotDataPush",
    "messageid": "56238452374573443",
    "timestamp": "2025-08-21 11:52:49"
  }
}

Send chat message

Sends a chat message through the active session.

Method calling: let result_value = jodoInitBOT.SendChatMessage("Hello");
Input: Text (max 255 characters)
Return codes: 1 (Success), 2 (Invalid chat data), 3 (Message exceeds 255 characters)
Callback: chat / messagesent

{
  "eventdata": {
    "media": "chat",
    "eventtype": "messagesent",
    "Status": 1003,
    "timestamp": "2025-08-21 11:52:49",
    "messageid": "56565gjhkhkj56t"
  }
}

End session

Ends the current session.

Method calling: jodoInitBOT.EndSession();
Callback: session / ended

{
  "eventdata": {
    "media": "session",
    "eventtype": "ended",
    "status": 1003,
    "timestamp": "2025-08-21 11:52:49",
    "msg": "Session Ended"
  }
}

Send message read acknowledgments

Sends read receipts for multiple messages at once by passing an array of message IDs.

Method calling: jodoInitBOT.SendMessageReadACK(messageidsArray);
Parameters: messageidsArray (Array<string>) – An array of unique message IDs to mark as read.
Return codes / callback: Not specified in source document

Voice, video, screenshare methods

Start voice call

Method calling: jodoInitBOT.StartVoiceCall();
Return codes: 1 (Success), 2 (Failure)
Callback: voice / start

End voice call

Method calling: jodoInitBOT.EndVoiceCall();
Callback: voice / End

Start video call

Method calling: jodoInitBOT.StartVideoCall();
Callback: video / start

End video call

Method calling: jodoInitBOT.EndVideoCall();
Callback: video / End

Start screensharing

Method calling: jodoInitBOT.StartScreenshareCall();
Callback: screenshare / start

End screensharing

Method calling: jodoInitBOT.EndScreenshareCall();
Callback: screenshare / End

Start voice call directly

Starts a voice call directly without following a chat-first flow.

Method calling: jodoInitBOT.StartWithVoiceMedia();
Callback: voice / start

Start video call directly

Starts a video call directly without following a chat-first flow.

Method calling: jodoInitBOT.StartWithVideoMedia();
Callback: video / start

Accept / decline voice call request

Accept: jodoInitBOT.AcceptVoice();
Decline: jodoInitBOT.DeclineVoice();
Callback: voice / accepted or rejected (request events documented); sample blocks in source show inconsistencies and should be treated as illustrative only.

Accept / decline video call request

Accept: jodoInitBOT.AcceptVideo();
Decline: jodoInitBOT.DeclineVideo();
Callback: video / accepted or rejected

Accept / decline screenshare request

Accept: jodoInitBOT.AcceptScreenShare();
Decline: jodoInitBOT.DeclinescreenShare();
Callback: screenshare / accepted or rejected

Document, location, and external styling/data methods

Send document (URL-based)

Sends a document by URL.

Method calling: jodoInitBOT.SendDocument(docURL);
Input: docURL (Text) – URL of the document.
Return codes: 1 (Success), 2 (Invalid URL)
Callback: documentpush / sent

Send location

Sends a location using latitude, longitude, and a static map image URL.

Method calling: jodoInitBOT.SendLocation(latitude, longitude, staticMapImage);
Return codes: 1 (Success), 2 (Invalid URL)
Callback: locationpush / sent

Apply external CSS

Loads an external CSS file URL to customize the widget UI styling.

Method calling: jodoInitBOT.GetExternalCSS(CSS_FILE_URL);
Parameters: CSS_FILE_URL (string) – Full URL path to the custom CSS file.
Return codes / callback: Not specified in source document

jodoInitBOT.GetExternalCSS("https://jodostaging.avhan.com:4443/widget_test/chatbotext.css");

CTA clicked

Method calling: jodoInitBOT.CTAClicked();
Return codes / callback: Not specified in source document

Send external session data

Pushes external data into the session (product, geo, analytics, etc.).

Method calling: jodoInitBOT.sessionextdata(data);
Return codes / callback: Not specified in source document

jodoInitBOT.sessionextdata({
  "name": "Satej",
  "conversation": [
    {
      "product": "Canon EOS 1300D 18MP Digital SLR Camera",
      "product_price": 23385,
      "products_available": "Camera, Electronics, Kids, Phone, Sports,Books and moreCamera, Electronics, Kids, Phone, Sports,Books and more",
      "city": "Mumbai",
      "state": "Maharashtra",
      "zip_code": "400099",
      "google_analytics": 0,
      "location_type": "GEO",
      "gps_postal_code": "400028",
      "gps_country": "India",
      "gps_state": "Maharashtra",
      "gps_city": "Mumbai",
      "gps_country_code": "IN",
      "gps_latitude": 19.0251008,
      "gps_longitude": 72.843264,
      "gps_formatted_address": "12, West, Kasaravadi, Dadar, Mumbai, Maharashtra 400028, India",
      "startmedia": "chat",
      "startmediaid": 8
    }
  ]
});

Get SDK version

Method calling: jodoInitBOT.getVersion();
Callback: session / SDKVERSION
Return codes: Not specified in source document

Cobrowsing methods

Start cobrowsing

Method calling: jodoInitBOT.StartBrowsing();
Callback: cobrowse / start

Stop cobrowsing

Method calling: jodoInitBOT.StopBrowsing();
Callback: cobrowse / stop

Send custom cobrowse data

Sends custom data during a cobrowse session.

Method calling: jodoInitBOT.setCustomCoBrowseData(data);
Callback: cobrowse / customdata_success (or customdata_fail)

jodoInitBOT.setCustomCoBrowseData({
  "Secretdat": "fgdufvhsdfviuhsdfkvsdfkvjsbdfkjvbsdf"
});

Event callbacks

Callback function

The configured callback function (example: eventcallback(eventdata)) receives all events from the SDK. The integrating application should route handling based on eventdata.media and eventdata.eventtype.

Event data structure

eventdata.media: Media category (e.g., "session", "chat", "voice", "video", "screenshare", "cobrowse", "livekit", "form_data").
eventdata.eventtype: Event type string (e.g., "initialized", "messagereceived", "start").
eventdata.status: Numeric status code (when provided).
eventdata.msg: Message/data payload associated with the event.

Reference callback handler (example)

function eventcallback(eventdata) {
  console.log("Event data :: " + JSON.stringify(eventdata));

  switch (eventdata.media) {
    case 'session':
      switch (eventdata.eventtype) {
        case 'initialized':
          // widget initialized
          break;
        case 'allocated':
          // widget session allocated
          break;
        case 'notallocated':
          // widget session not allocated
          break;
        case 'allusersbusy':
          // widget agents are busy
          break;
        case 'PSTN':
          // PSTN event triggered
          break;
        case 'WebSocketNotConnected':
          // WebSocket connection fails
          break;
        case 'ControllerNotConnected':
          // controller connection lost
          break;
        case 'APINotConnected':
          // API unreachable or failed
          break;
        case 'APITimeout':
          // API call timeout
          break;
        case 'ChatBotDataPush':
          // chatbot data push
          break;
        case 'Missingmessageid_Sequence':
          // missing message id or sequence
          break;
        case 'SDKVersion':
          // SDK version tracked
          break;
        default:
          break;
      }
      break;

    case 'form_data':
      switch (eventdata.eventtype) {
        case 'feedbackform':
          // feedback form fields data
          break;
        case 'callbackform':
          // callback form fields data
          break;
        case 'welcomeform':
          // welcome form fields data
          break;
      }
      break;

    case 'chat':
      switch (eventdata.eventtype) {
        case 'messagereceived':
          console.log("Received Chat Message :" + eventdata.msg);
          break;
        case 'messagesent':
          break;
        case 'messagedeliveredack':
          break;
        case 'messagereadack':
          break;
        case 'agentnetworkdisconnected':
          break;
        case 'translation':
          break;
        case 'savecustomerdata':
          break;
        case 'typing':
          break;
        case 'voicenotesent':
          break;
        case 'voicenotreceived':
          break;
        case 'imagecapture':
          break;
        case 'metadata':
          break;
        case 'systemmessage':
          break;
        default:
          break;
      }
      break;

    case 'voice':
      switch (eventdata.eventtype) {
        case 'requestReceived':
          break;
        case 'accepted':
          break;
        case 'rejected':
          break;
        case 'initiated':
          break;
        case 'connecting':
          break;
        case 'answered':
          break;
        case 'start':
          break;
        case 'mute':
          break;
        case 'unmute':
          break;
        case 'End':
          break;
        case 'terminate':
          break;
        default:
          break;
      }
      break;

    case 'video':
      switch (eventdata.eventtype) {
        case 'requestReceived':
          break;
        case 'accepted':
          break;
        case 'rejected':
          break;
        case 'start':
          break;
        case 'mute':
          break;
        case 'unmute':
          break;
        case 'End':
          break;
        default:
          break;
      }
      break;

    case 'screenshare':
      switch (eventdata.eventtype) {
        case 'requestReceived':
          break;
        case 'accepted':
          break;
        case 'rejected':
          break;
        case 'start':
          break;
        case 'End':
          break;
        default:
          break;
      }
      break;

    case 'cobrowse':
      switch (eventdata.eventtype) {
        case 'start':
          break;
        case 'stop':
          break;
        case 'invalidLicenseKey':
          break;
        case 'terminate':
          break;
        case 'customdata_success':
          break;
        case 'customdata_fail':
          break;
      }
      break;

    case 'livekit':
      switch (eventdata.eventtype) {
        case 'enabled':
          break;
        case 'audioRequest':
          // Type 201 (audio only) / Type 206 (audio + video)
          break;
        case 'partyConnect':
          break;
        case 'videoRequest':
          break;
        case 'videostarted':
          break;
        case 'end':
          break;
        case 'partyAdded':
          break;
        case 'partyRemoved':
          break;
      }
      break;

    case 'documentpush':
      switch (eventdata.eventtype) {
        case 'sent':
          break;
        case 'received':
          break;
      }
      break;

    case 'locationpush':
      switch (eventdata.eventtype) {
        case 'sent':
          break;
        case 'received':
          break;
      }
      break;

    case 'imagecapture':
      switch (eventdata.eventtype) {
        case 'sent':
          break;
      }
      break;

    case 'sessionEnd':
      switch (eventdata.eventtype) {
        case 'chatTranscriptSuccess':
          break;
        case 'chatTranscriptInvalid':
          break;
        case 'feedbackSuccess':
          break;
        case 'missedcallSuccess':
          break;
      }
      break;

    default:
      break;
  }
}

Event taxonomy (media + event type + expected action)

Media	Event type	Description	Action / notes
session	initialized	Widget initialized successfully	Confirm widget readiness
session	allocated	Session allocated to an agent	Visitor connected to live agent
session	notallocated	No agent available	Show unavailability message
session	allusersbusy	All agents busy	Visitor enters waiting queue
session	PSTN	PSTN event triggered	Handle PSTN call state
session	WebSocketNotConnected	WebSocket disconnected	End session or retry connection
session	ControllerNotConnected	Controller not connected	Retry, fallback logic
session	APINotConnected	API server not reachable	Error handling
session	APITimeout	API call timed out	Show timeout message, retry
session	ChatBotDataPush	Data pushed to chatbot	Sync conversation data
session	ended	Session ended	Cleanup resources
chat	messagereceived	Message received from agent/server	Display in chat UI
chat	messagesent	Message sent by visitor	Confirm sent message
chat	messagedeliveredack	Delivery acknowledgment	Mark message as delivered
chat	messagereadack	Read acknowledgment	Mark message as read
chat	agentnetworkdisconnected	Agent disconnected	Notify visitor
chat	translation	Translated message received	Show translated + original message
chat	savecustomerdata	Customer data saved	Store visitor’s info
chat	typing	Typing indicator	Show typing dots in UI
chat	voicenotesent	Voice note uploaded successfully	Show confirmation
chat	voicenotreceived	Voice note failed	Show error
chat	imagecapture	Image captured & sent	Show in chat/media UI
chat	metadata	Metadata received	Store extra technical info
chat	systemmessage	System-generated message	Show system alert
voice	requestReceived	Voice call request received	Show accept/reject UI
voice	accepted	Voice call accepted	Start session
voice	rejected	Voice call rejected	Notify caller
voice	initiated	Voice call initiated	Update status to “Connecting”
voice	connecting	Voice call connecting	Ringing/dial tone
voice	answered	Voice call answered	Call active
voice	start	Voice session started	Enable media stream
voice	mute	Call muted	Update mute icon
voice	unmute	Call unmuted	Update mute icon
voice	End	Voice call ended	Cleanup session
voice	terminate	Call terminated	Force close session
video	requestReceived	Video call request received	Show accept/reject prompt
video	accepted	Video call accepted	Connect video stream
video	rejected	Video call rejected	Notify sender
video	start	Video session started	Show video player
video	mute	Video muted	Disable audio/video
video	unmute	Video unmuted	Enable audio/video
video	End	Video session ended	Cleanup UI
screenshare	requestReceived	Screenshare request received	Prompt user to share screen
screenshare	accepted	Screenshare accepted	Start sharing
screenshare	rejected	Screenshare rejected	Notify requester
screenshare	start	Screenshare started	Enable screensharing
screenshare	End	Screenshare ended	Stop sharing
documentpush	sent	Document sent	Upload confirmation
documentpush	received	Document received	Show download option
locationpush	sent	Location sent	Sent confirmation
locationpush	received	Location received	Display on map
imagecapture	sent	Image captured & sent	Show image preview
sessionEnd	chatTranscriptSuccess	Chat transcript saved successfully	Store transcript
sessionEnd	chatTranscriptInvalid	Transcript invalid	Show error
sessionEnd	feedbackSuccess	Feedback submitted successfully	Show confirmation
sessionEnd	missedcallSuccess	Missed call recorded	Update call log
cobrowse	start	Cobrowsing started	Enable cobrowsing session
cobrowse	stop	Cobrowsing ended	Stop cobrowsing session
cobrowse	invalidLicenseKey	Invalid license key	Show error / block session
cobrowse	terminate	Cobrowsing terminated	Force close session
cobrowse	customdata_success	Custom data sent successfully	Confirm data push
cobrowse	customdata_fail	Custom data not sent	Show failure message
livekit	enabled	Livekit service enabled	Confirm service readiness
livekit	audioRequest	Audio permission/request (Type 201 audio only / Type 206 audio+video)	Request media permissions
livekit	partyConnect	Audio party connected	Show connected state
livekit	videoRequest	Video request initiated	Prepare video connection
livekit	videostarted	Video streaming started	Show video player
livekit	end	Room disconnected	Cleanup resources
livekit	partyAdded	Participant added (trackSubscribed)	Show participant in session
livekit	partyRemoved	Participant removed (trackUnSubscribed)	Remove participant from session
form_data	callbackform	Callback form fields received	Populate callback form on external UI
form_data	feedbackform	Feedback form fields received	Populate feedback form on external UI
form_data	welcomeform	Welcome form fields received	Populate welcome form on external UI

Helper functions

The following helper function names are listed; their implementations are Not specified in source document.

chatmsgreceived(message): Displays a chat message.
documentmsgsent(message): Displays a document sent message.
documentmsgreceived(data): Displays a document received message.
locationmsgsent(message): Displays a location sent message.
imagecapturesent(): Displays an image capture sent message.
imagecapturemsgreceived(message): Displays an image capture received message.

Status codes

The following status codes and meanings are defined.

Status code	Status overview	Explanation
22	Process Details Not Found	The requested process details could not be found. This might indicate an issue with the process ID or the process itself.
23	Unique User ID is Blank	The unique user ID provided is empty or missing. Ensure that a valid user ID is included in the request.
24	Unique User is Not Found	The unique user ID provided does not match any existing user in the system. Verify the user ID and ensure it is correct.
25	Agent Not Logged In	The agent is not currently logged in. The agent must log in before performing this action.
26	Reconnect Same Session	The system is attempting to reconnect to the same session. This might occur if the session was interrupted or ended unexpectedly.
27	Customer Code Not Found	The customer code provided could not be found. Ensure that the customer code is correct and exists in the system.
28	Team Not Found	The specified team could not be found. Verify the team ID or name and ensure it exists in the system.
29	PSTN Allowed	The Public Switched Telephone Network (PSTN) is allowed for this operation. This might be relevant for voice or video calls.
30	Process Not Working	The requested process is not currently operational. This might indicate a system issue or maintenance.
1001	Connected With @AgentName	The session has successfully connected with the specified agent. The agent's name is included in the message.

Status code coverage

A complete enumeration of all possible status codes is Not specified in source document.

External data parameters

External data fields can be pushed into the session (example usage shown in sessionextdata). The following parameter list is provided as a reference.

Field ID	Name	Example value
4001	service_name	0
4002	api_key	e763f560e120b316ea7ea4f2de646d780e64457c160c
4003	ip_address	122.170.11.82
4004	browser	Chrome
4005	browser_version	137.0.0.0
4006	device_used	PC
4007	os	Linux x86_64
4008	click_time	2025-06-26 16:40:09
4011	language	english
4018	country_code	IN
4019	country_name	India
4020	customer_bandwidth	3170
4028	longitude	72.8774
4029	latitude	19.076
4030	page_url	https%3A%2F%2Fjodostaging.avhan.com%3A4443%2Fjodoteam%2F
4031	product	Canon EOS 1300D 18MP Digital SLR Camera
4034	product_price	23385
4035	products_available	Camera, Electronics, Kids, Phone, Sports,Books and moreCamera, Electronics, Kids, Phone, Sports,Books and more
4036	city	Mumbai
4037	state	Maharashtra
4038	zip_code	400099
4041	uniqueuserid	c2F0ZWpfam9kb0Bhdmhhbi5jb20=
4045	google_analytics	0
4048	location_type	GEO
4056	gps_postal_code	400028
4059	gps_country	India
4060	gps_state	Maharashtra
4061	gps_city	Mumbai
4062	gps_country_code	IN
4063	gps_latitude	19.0251008
4064	gps_longitude	72.843264
4065	gps_formatted_address	12, West, Kasaravadi, Dadar, Mumbai, Maharashtra 400028, India
4066	startmedia	chat
4067	startmediaid	8

Sensitive data handling

External data may include PII, location data, device/browser metadata, and conversation transcripts. Minimize transmission to what is strictly required, mask/redact sensitive fields (passwords, OTPs, government IDs, payment details), and avoid logging sensitive data on the client side.

Best practices

Initialize the widget session with JSON-formatted conversation history and customer name to provide context for agents and chatbots.
Verify status codes and callback parameters after each action to enable robust error handling and user feedback.
Limit chat message length to 255 characters to avoid transmission errors and truncation.
Secure API keys and restrict service keys to authorized use only; ensure credentials are not exposed or misused.
Include the required integration script and configure it with valid API and service keys.
Explicitly define HTML element IDs for voice, video, and screenshare containers and reference these IDs during configuration.
Implement callback functions to process SDK events for real-time updates, call connectivity, error messages, and notifications.

Platform compatibility

Browsers: Chrome (137.0.0.0) and other modern browsers; use latest versions for optimal compatibility.
Operating systems: Linux x86_64, Windows, and Mac (actual support depends on browser capabilities and correct HTML element setup).
Backend: Requires access to https://myjodo.jodoworld.com.
Dependency: Requires the ext_integration-v2 JavaScript library and correct HTML configuration.

Media feature prerequisites

Exact camera/microphone permission prompts and browser policy behavior are Not specified in source document and depend on the user agent and browser configuration.

Security

This section describes security architecture, controls, and recommended practices for secure usage of the SDK, including authentication, data protection, media privacy, and enterprise compliance considerations.

Transport & network security

All communication between the client SDK and servers MUST use HTTPS (TLS 1.2 or higher).
WebSocket connections are established over secure WebSockets (WSS).
Plain HTTP or unsecured WebSocket connections are not supported.
Certificate validation is enforced by default to prevent man-in-the-middle (MITM) attacks.

Recommendation

Enforce HTTPS at the browser and server level and disable mixed-content loading.

Authentication & authorization

akey (API Key) and skey (Service Key) are unique credentials issued by JodoWorld and identify the integrating application and authorized services.

API keys must never be hard-coded in public repositories.
Keys should be domain restricted and IP restricted (where applicable), and rotated periodically.
Recommended architecture: generate short-lived, signed session tokens from your backend and use the backend-issued token to initialize the widget instead of exposing long-lived keys directly.

Session security

Each session is uniquely identified using systemcallid and messageid.
Sessions are ephemeral and terminate on explicit EndSession(), network disconnect, timeout, or system failure.
Session IDs are validated server-side.
Replay attacks are mitigated using unique message IDs and event sequencing.
Session re-use across users is not permitted.

User identity & data validation

uniqueuserid is used for session routing and agent mapping.
Encoding (e.g., Base64) is used for transmission but does not constitute encryption.
Recommendation: use cryptographically signed identifiers (JWT or equivalent) with expiry timestamps and audience/issuer validation.
Avoid transmitting raw customer identifiers when not required.

Data protection & privacy

All payloads are encrypted in transit using TLS.
The SDK may transmit PII, location data, device/browser metadata, and conversation transcripts.
Best practice: minimize PII transmission, mask/redact sensitive fields (passwords, OTPs, government IDs, payment details), and avoid logging sensitive data on the client side.

Media security (voice, video, screenshare) & cobrowsing controls

Media sessions require explicit user consent through accept/reject events.
Media streams are session-bound, time-limited, and automatically terminated on session end.
Host application should mask sensitive UI elements (passwords, OTP fields) during screenshare and cobrowsing.
Cobrowsing should be restricted to allowed domains and pages.
Users can terminate screenshare or cobrowse sessions at any time.

Document & file transfer security

Document sharing is URL-based and must use secure (HTTPS) endpoints.
The SDK does not store documents permanently on the client.
Recommended controls: file type allowlists (PDF, PNG, JPG), file size limits, malware scanning, and time-bound or signed URLs.
Avoid sharing publicly accessible URLs containing sensitive data.

Rate limiting & abuse prevention

Server-side rate limiting is applied to session creation, message sending, and media initiation.
Recommended enhancements: client-side throttling for rapid message submission and repeated call initiation attempts; monitor abnormal patterns for abuse detection.

Error handling & secure failures

Security-relevant events include APINotConnected, APITimeout, WebSocketNotConnected, and invalidLicenseKey.

No sensitive data is exposed in error responses.
Sessions are safely terminated on critical failures.
Clients should display generic error messages to users.

Logging, auditing & compliance

System events and session activity are logged for troubleshooting, auditing, compliance, and security monitoring.
Recommendations: define log retention policies, mask PII in logs and analytics, ensure compliance with applicable regulations (DPDP, GDPR).

Key security design principles

Zero Trust at client layer
Least privilege access
Consent-driven media sharing
Short-lived sessions
Defense-in-depth controls
Audit-first architecture

Security FAQs

Q1. How is data secured during transmission?

All communication is encrypted using HTTPS (TLS 1.2+) and WSS. Unencrypted connections are not supported.

Q2. Are API keys exposed on the client side?

API and service keys are required for SDK initialization. For enterprise deployments, use backend-issued short-lived session tokens, apply domain/IP restrictions, and rotate credentials periodically.

Q3. How are users authenticated and identified?

Each session is associated with a unique session identifier (systemcallid) and a unique user identifier (uniqueuserid). For higher security, use signed identifiers (JWT or equivalent) with expiry and validation checks.

Q4. Is any Personally Identifiable Information (PII) stored?

The SDK may process PII only when explicitly provided by the integrating application (e.g., name, location, device metadata, chat transcripts). Best practice: minimize PII collection, mask sensitive fields, avoid storing unnecessary personal data.

Q5. How is voice, video, and screensharing secured?

Media requires explicit user consent (accept/reject), is session-bound and time-limited, and terminates automatically when the session ends. Screensharing/cobrowsing should exclude sensitive fields (passwords, OTPs).

Q6. Can agents access user data without consent?

No. Interactive features require explicit user initiation or acceptance. Users can terminate sessions at any time.

Q7. How is document sharing secured?

Documents are shared via secure HTTPS URLs. Recommended controls: file type allowlisting, file size limits, malware scanning, time-bound/signed URLs. The SDK does not permanently store shared documents on the client.

Q8. How does the platform prevent session hijacking or replay attacks?

Controls include unique session IDs per interaction, message sequencing and validation, and automatic session termination on disconnects or errors.

Q9. Are logs and audit trails maintained?

Yes. System events, session activity, and error conditions are logged for troubleshooting, audit/compliance, and security monitoring. Logs should be access-controlled, masked for sensitive data, and retained per defined policy.

Q10. How does the SDK support DPDP / GDPR compliance?

The SDK supports data minimization, purpose limitation, consent-based processing, and secure data handling. The integrating organization remains the Data Fiduciary / Controller and defines retention periods, erasure workflows, and cross-border transfer policies.

Q11. What happens in case of a security incident?

For API failures, network issues, or security-related errors, the SDK terminates sessions safely, does not expose sensitive data, and triggers specific error events for handling. Incident response and regulatory notifications follow organizational policies.

Q12. Is the SDK compliant with ISO 27001 or SOC 2?

The SDK architecture and controls are aligned with ISO 27001 and SOC 2 principles. Formal certification depends on the hosting environment and operational controls of the deploying organization.

Q13. Can security controls be customized for enterprise deployments?

Yes. Enterprise deployments can enable custom authentication mechanisms, restricted domains and IPs, enhanced logging and monitoring, and custom data masking rules.

Q14. Who owns the customer data?

The integrating organization retains full ownership of customer data. The platform processes data only to deliver requested services and does not use it for unrelated purposes.

Q15. How often are security controls reviewed?

Security controls are reviewed periodically, updated to address emerging threats, and improved through monitoring, testing, and audits.

Glossary

Term	Explanation
API	Application Programming Interface — set of functions and protocols for building and integrating software applications.
Callback	A function passed as a parameter and executed after a certain event or operation occurs, used to handle asynchronous events from the SDK.
Chatbot	Automated chat agent that interacts with users via text, simulating human conversation.
Conversation	A sequence of messages exchanged between the visitor and chatbot or agent.
Event	An occurrence or action detected by the SDK, triggering a callback function with details.
Media (event)	Type of communication session – e.g., chat, voice, video, screenshare, etc.
Message ID	Unique identifier appended to each message or event for tracking and referencing.
PSTN	Public Switched Telephone Network — traditional telephone service network.
Session	An active connection representing an ongoing interaction between the user and the service.
SDK	Software Development Kit — collection of software tools and libraries for building applications using the API.
Sequence Number	A number indicating the order of messages, ensuring proper sequence and synchronization.
Status Code	Numeric code representing the outcome of an operation or event (e.g., success, failure).
WebSocket	Communication protocol for persistent, bi-directional communication between client and server, used for real-time events.

Constraints, assumptions & limitations

Constraints

Chat message length must not exceed 255 characters.
Transport must use HTTPS (TLS 1.2+) and WSS; unsecured HTTP/WS is not supported.
Document sharing is URL-based; document endpoints should be HTTPS.
Media actions require explicit user consent via accept/reject workflows.

Assumptions

The integrating application provides UI containers (by ID) for media rendering and controls.
The integrating application implements an event callback function and handles all event types relevant to the UX.
The integrating application is responsible for PII minimization, masking, and compliance processes (retention, erasure, transfer).

Limitations

Exact UI/DOM markup requirements beyond element IDs are Not specified in source document.
Exact return values for several methods (e.g., getVersion(), GetExternalCSS(), CTAClicked(), sessionextdata()) are Not specified in source document.
Full list of all status codes beyond those documented is Not specified in source document.
Formal compliance certification status depends on the deployment environment and operational controls, not solely on the SDK architecture.

Do not treat Base64 as encryption

Encoding (e.g., Base64) is used for transmission but does not provide confidentiality. Use cryptographically signed identifiers (JWT or equivalent) and enforce expiry/validation.