I am running into an issue using the 'login' method on the JS Api

So I am trying to use the login method on the JS Api and I am running into an error, in the network tab the login request returns an error 400 with this message
I am passing in a hash generate like this from python
hmac.new(JsApiKey.encode('utf-8'), str(user.User["userData"]["accountUid"]).encode('utf-8'), hashlib.sha256).hexdigest()
and I am calling the method with the following args
'hash': '{{ user.userData.Tawkhash }}', 'name': '{{ user.userData.username }}', 'email': '{{ user.userData.email }}', 'userId' : '{{ user.userData.accountUid }}',

Any help would be amazing.


I think you have to first of all verify the API key then Check Hash Generation, Validate Request Parameter and Debugging the request.

I’m having the same problem

I’ve been having this same issue, and from looking at the React / Vue packages for the tawkto JS API it seems this login call doesn’t have the best support.

I’ve been able to find a workaround. You should have the login call only set the hash, email and username and userId. Trying to set any other details makes it give the bad request error.

Additionally, the properties should also be done as proper object names in JS, rather than as string objects. For example:

hash: 'custom_hash_ab12d',
userId: 1234,
name: 'joe mama',
email: 'example@mail.com',

Overall, this makes the call seem a bit redundant, honestly.

The only other option is to use the setAttribute call to supply the email username and hash seems to work more reliably. The issue with this method is it doesn’t allow you to use the built-in attributes like telephone and User ID. Instead, trying to set these just recreates them as custom attributes which feels a bit wonky.

Hopefully, the login call gets more documentation / support for intended use, or the setAttribute call is updated to allow for setting the built-in attributes rather than just creating custom ones.

EDIT: added an extra bit that was required for the login call.

1 Like

I had the same error. I just removed the name and email from the parameter and it worked:

  hash : 'MyHashCode',    // required
  userId : 'Myid',  
}, function(error) {
  // do something if error

I do not know why this is so, I hope the developers will answer

1 Like

Hello, I’m one of the developers at tawk.to.

You can try following these steps to solve the issue:

  1. Ensure that Secure Mode is enabled for the Javascript API. You can check this in the tawk.to Dashboard > Administration > Overview.

  2. Use the API key that is located next to Secure Mode.

  3. For the hash, use HMAC and Sha256, and pass it as a hex string.

Here’s an example code snippet that demonstrates how to achieve this using Crypto JS for hashing. You can also use other libraries if you prefer. You can find the code example in my codepen for reference.

I hope this helps! Let me know if you have any questions.



It is still not working for me. I am using the React library… console.log(e) logs “UNAUTHORIZED_API_CALL”, that message is documented nowhere. Would appreciate any help. :slight_smile:

function hashInBase64(userId) {
var hash = CryptoJS.HmacSHA256(userId, TAWK_API_KEY)
return CryptoJS.enc.Hex.stringify(hash)

    const hash = hashInBase64(myshopifyDomain)
        userId: myshopifyDomain,
        name: myshopifyDomain,
        email: contactEmail,
      function (e) {
1 Like

The secure mode is on and i am still getting the same error, here is my code

I’m sorry but the codepen example doesn’t work. The console returns:


And when starting the conversation he asks me for my name, email and phone number.

I’m working with Secure Mode.

Any updates here? Facing the same issue using JS

me too, set Security mode already

any update? issue still exists.