ttp-agent-sdk 2.34.14 → 2.36.0

package/ENHANCED_WIDGET_GUIDE.md

@@ -7,29 +7,14 @@ The `TTPChatWidget` provides extensive customization options while maintaining s
 ```javascript
 import { TTPChatWidget } from 'ttp-agent-sdk';
 
-// Minimal configuration with signed URL (uses all defaults)
+// Minimal configuration (uses all defaults)
 new TTPChatWidget({
   agentId: 'your_agent_id',
-  signedUrl: 'wss://speech.talktopc.com/ws/conv?signed_token=eyJ...' // Direct signed URL
+  appId: 'your_app_id'
 });
 ```
 
-Or use a function to fetch the signed URL:
-
-```javascript
-new TTPChatWidget({
-  agentId: 'your_agent_id',
-  signedUrl: async () => {
-    const response = await fetch('/api/get-session', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ agentId: 'your_agent_id' })
-    });
-    const data = await response.json();
-    return data.signedUrl;
-  }
-});
-```
+The SDK connects directly using `agentId` + `appId`. For production, configure a domain whitelist in your TTP dashboard.
 
 ## Complete Configuration Options
 
@@ -38,14 +23,10 @@ new TTPChatWidget({
 ```javascript
 {
   agentId: 'your_agent_id',           // Required: Your agent ID
-  signedUrl: 'wss://speech.talktopc.com/ws/conv?signed_token=...'  // Required: Signed URL (string or async function)
+  appId: 'your_app_id'                // Required: Your app ID
 }
 ```
 
-**Signed URL Options:**
-- **Direct string**: `signedUrl: 'wss://speech.talktopc.com/ws/conv?signed_token=...'`
-- **Function**: `signedUrl: async () => { const data = await fetch(...); return data.signedUrl; }`
-
 ### Icon/Image Configuration
 
 ```javascript
@@ -219,18 +200,10 @@ position: {
 ```javascript
 import { TTPChatWidget } from 'ttp-agent-sdk';
 
-// Get signed URL from backend
-const response = await fetch('/api/get-session', {
-  method: 'POST',
-  headers: { 'Content-Type': 'application/json' },
-  body: JSON.stringify({ agentId: 'my_agent_123' })
-});
-const data = await response.json();
-
 const widget = new TTPChatWidget({
   // Required
   agentId: 'my_agent_123',
-  signedUrl: data.signedUrl, // Use signed URL directly
+  appId: 'my_app_456',
   
   // Custom icon (company logo)
   icon: {

package/GETTING_STARTED.md

@@ -30,15 +30,7 @@ npm install ttp-agent-sdk
     // Initialize the voice widget
     TTPAgentSDK.AgentWidget.init({
       agentId: 'your_agent_id',
-      signedUrl: async () => {
-        const response = await fetch('/api/get-session', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ agentId: 'your_agent_id' })
-        });
-        const data = await response.json();
-        return data.signedUrl;
-      }
+      appId: 'your_app_id'
     });
   </script>
 </body>
@@ -96,30 +88,19 @@ const voiceSDK = new VoiceSDK({
 
 **Note**: This method is unsecured as the agent ID is visible in network traffic.
 
-### Method 2: Signed Link (Production)
+### Method 2: Domain Whitelist (Production)
 
-For production applications, use signed link authentication:
+For production applications, configure a domain whitelist in your TTP dashboard to restrict which domains can use your agent:
 
 ```javascript
 const voiceSDK = new VoiceSDK({
-  websocketUrl: 'wss://speech.bidme.co.il/ws/conv?signed_token=eyJ...'
-  // No agentId needed - server validates signed token
+  websocketUrl: 'wss://speech.talktopc.com/ws/conv',
+  agentId: 'your_agent_id',
+  appId: 'your_app_id'
 });
 ```
 
-To get a signed URL from your backend:
-
-```javascript
-async function getSignedUrl(agentId, variables = {}) {
-  const response = await fetch('/api/get-session', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ agentId, variables })
-  });
-  const data = await response.json();
-  return data.signedUrl;
-}
-```
+The server validates the connecting domain against the configured whitelist. No backend endpoint needed.
 
 ## Configuration Options
 
@@ -143,7 +124,7 @@ const voiceSDK = new VoiceSDK({
 ```javascript
 TTPAgentSDK.AgentWidget.init({
   agentId: 'your_agent_id',           // Required
-  signedUrl: 'wss://speech.talktopc.com/ws/conv?signed_token=...', // Required - Signed URL (string or async function)
+  appId: 'your_app_id',               // Required - Your app ID
   variables: {                        // Optional - dynamic variables
     userName: 'John Doe',
     page: 'homepage'
@@ -195,54 +176,20 @@ voiceSDK.on('error', (error) => {
 });
 ```
 
-## Backend Integration
+## Security
 
-### Required Backend Endpoint
+### Domain Whitelist (Production)
 
-Your backend needs to provide a session endpoint that returns a signed WebSocket URL:
-
-```javascript
-// Example Express.js endpoint
-app.post('/api/get-session', async (req, res) => {
-  const { agentId, variables } = req.body;
-  
-  // Validate user authentication
-  const user = await authenticateUser(req);
-  if (!user) {
-    return res.status(401).json({ error: 'Unauthorized' });
-  }
-  
-  // Generate signed URL
-  const signedUrl = await generateSignedUrl({
-    agentId,
-    userId: user.id,
-    appId: user.appId,
-    variables
-  });
-  
-  res.json({ signedUrl });
-});
-```
+For production deployments, configure a domain whitelist in your TTP dashboard to restrict which domains can connect to your agent. The SDK connects directly using `agentId` + `appId`, and the server validates the connecting domain.
 
-### Signed URL Generation
+No backend endpoint or token generation is required.
 
-The signed URL should contain a JWT token with the following claims:
+### Configuration Steps
 
-```javascript
-const jwt = require('jsonwebtoken');
-
-function generateSignedUrl({ agentId, userId, appId, variables }) {
-  const token = jwt.sign({
-    agentId,
-    userId,
-    appId,
-    variables,
-    exp: Math.floor(Date.now() / 1000) + (60 * 60) // 1 hour expiry
-  }, process.env.CONVERSATION_SECRET_KEY);
-  
-  return `wss://speech.bidme.co.il/ws/conv?signed_token=${token}`;
-}
-```
+1. Go to your TTP dashboard
+2. Navigate to your agent settings
+3. Add your production domain(s) to the allowed domains list
+4. The SDK will authenticate automatically via domain validation
 
 ## Examples
 
@@ -393,9 +340,9 @@ function VoiceChat() {
    - Verify audio format compatibility
 
 4. **Authentication Errors**
-   - Verify signed token is valid and not expired
-   - Check secret key configuration
-   - Ensure agent ID exists in backend
+   - Verify agent ID and app ID are correct
+   - Check domain whitelist configuration
+   - Ensure your domain is whitelisted in the TTP dashboard
 
 ### Debug Mode
 

package/README.md

@@ -17,7 +17,7 @@ A comprehensive JavaScript SDK for voice interaction with AI agents. Provides re
 - ⚛️ **React Components** - Ready-to-use React components
 - 🌐 **Vanilla JavaScript** - Works with any JavaScript framework
 - 🎯 **Event-driven** - Comprehensive event system for all interactions
-- 🔒 **Multiple Authentication Methods** - Support for signed links and direct agent access
+- 🔒 **Secure Authentication** - Direct agent access with domain whitelist for production
 - 📱 **Responsive Widget** - Pre-built UI widget for quick integration
 
 ## Installation
@@ -46,17 +46,19 @@ await voiceSDK.connect();
 await voiceSDK.startRecording();
 ```
 
-### Method 2: Signed Link (Production)
+### Method 2: Domain Whitelist (Production)
+
+For production, configure a domain whitelist in your TTP dashboard. The SDK uses the same `agentId` + `appId` configuration — the server validates the connecting domain.
 
 ```javascript
 import { VoiceSDK } from 'ttp-agent-sdk';
 
 const voiceSDK = new VoiceSDK({
   websocketUrl: 'wss://speech.talktopc.com/ws/conv',
-  // No agentId needed - server validates signed token from URL
+  agentId: 'your_agent_id',
+  appId: 'your_app_id'
 });
 
-// Connect using signed URL
 await voiceSDK.connect();
 ```
 
@@ -64,38 +66,10 @@ await voiceSDK.connect();
 
 ```html
 <script src="https://unpkg.com/ttp-agent-sdk/dist/agent-widget.js"></script>
-<script>
-  // Get signed URL from your backend first
-  const response = await fetch('/api/get-session', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ agentId: 'your_agent_id' })
-  });
-  const data = await response.json();
-
-  // Use the signed URL directly
-  new TTPAgentSDK.TTPChatWidget({
-    agentId: 'your_agent_id',
-    signedUrl: data.signedUrl
-  });
-</script>
-```
-
-Or use a function to fetch the signed URL:
-
-```html
 <script>
   new TTPAgentSDK.TTPChatWidget({
     agentId: 'your_agent_id',
-    signedUrl: async () => {
-      const response = await fetch('/api/get-session', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ agentId: 'your_agent_id' })
-      });
-      const data = await response.json();
-      return data.signedUrl;
-    }
+    appId: 'your_app_id'
   });
 </script>
 ```
@@ -221,18 +195,21 @@ const voiceSDK = new VoiceSDK({
 
 **Security Risk**: Agent ID is visible in network traffic.
 
-### 2. Signed Link (Secured - Production)
+### 2. Domain Whitelist (Secured - Production)
 
 **Use Case**: Production applications where security is critical.
 
+Configure a domain whitelist in your TTP dashboard. The SDK uses the same `agentId` + `appId` — the server validates the connecting domain.
+
 ```javascript
 const voiceSDK = new VoiceSDK({
-  websocketUrl: 'wss://speech.bidme.co.il/ws/conv?signed_token=eyJ...'
-  // No agentId needed - server validates signed token
+  websocketUrl: 'wss://speech.talktopc.com/ws/conv',
+  agentId: 'agent_12345',
+  appId: 'app_67890'
 });
 ```
 
-**Benefits**: Secure, cost-controlled, and production-ready.
+**Benefits**: Secure, cost-controlled, and production-ready with no backend endpoint needed.
 
 ## Message Format
 
@@ -636,7 +613,6 @@ The tool checks parameters in this order:
 See the `examples/` directory for complete usage examples:
 
 - `test-text-chat.html` - TTP Chat Widget with customizable settings
-- `test-signed-link.html` - Widget with signed link authentication
 - `react-example.jsx` - React component usage
 - `vanilla-example.html` - Vanilla JavaScript usage
 

package/WORDPRESS_WIX_GUIDE.md

@@ -161,9 +161,13 @@ add_action('wp_footer', 'ttp_voice_agent_script');
 
 ## Production Setup (Recommended)
 
-For production, use **signed links** instead of exposing agent IDs. Here's how:
+For production, configure a **domain whitelist** in your TTP dashboard to restrict which domains can use your agent. The SDK connects directly using `agentId` + `appId` — no backend endpoint is needed.
 
-### WordPress / Wix with Signed Links
+### WordPress / Wix with Domain Whitelist
+
+1. Go to your TTP dashboard
+2. Add your domain (e.g., `yourwebsite.com`) to the agent's allowed domains
+3. Use the same widget code as above — no changes needed
 
 ```html
 <script src="https://cdn.talktopc.com/agent-widget.js"></script>
@@ -171,26 +175,12 @@ For production, use **signed links** instead of exposing agent IDs. Here's how:
   new TTPAgentSDK.TTPChatWidget({
     agentId: 'agent_f676e962a',
     appId: 'app_bQHDFqydfNPl75MZNijXc4dUyHGqnHeX9e5l',
-    behavior: { mode: 'unified' },
-    
-    // Use signed URL from your backend
-    signedUrl: async () => {
-      const response = await fetch('https://your-backend.com/api/get-session', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ 
-          agentId: 'agent_f676e962a',
-          appId: 'app_bQHDFqydfNPl75MZNijXc4dUyHGqnHeX9e5l'
-        })
-      });
-      const data = await response.json();
-      return data.signedUrl;
-    }
+    behavior: { mode: 'unified' }
   });
 </script>
 ```
 
-**Note:** This requires a backend endpoint that generates signed URLs. Contact TTP support for backend integration assistance.
+**Note:** Domain whitelist configuration ensures only authorized domains can connect to your agent. Contact TTP support for assistance.
 
 ---