Decagon AI
Comment on page

Authenticating Users

By default, Decagon does not authenticate users. To authenticate users, first contact us to enable this feature and send you a secure private key.

Generating an authentication token

You should first use the private key you were given to generate a token authenticating the user. This must be done on a backend server. Since the private keys cannot be exposed to end users, this cannot be done on a web client.
To generate a token, use the following Python snippet (or it's equivalent in another language):
import hashlib
import hmac
import time
def get_token(user_id, private_key):
epoch = int(time.time())
message = user_id + str(epoch)
signature =
return {
'user_id': user_id,
'epoch': epoch,
'signature': signature
Tokens are valid for 24 hours. After this time, a new token must be generated.

Authenticating the user on the frontend

Every time the user is identified on the frontend, you must also pass in the token object that was generated above as part of the metadata.
user_id_authentication: {
user_id: ...,
epoch: ...,
signature: ...