Chat Widget

Add AI-powered customer support to any website with a single line of code.

Overview

The InnConnect Chat Widget is a lightweight JavaScript component that you embed on your website. Once installed, it gives your visitors an AI-powered support assistant that draws on your Knowledge Base to answer questions in real time. No server-side integration is required on your end.

The widget connects to the InnConnect platform using a site-scoped API key. All AI processing, session management, knowledge retrieval, and escalation logic runs on InnConnect's infrastructure. Your website simply loads the script.

Zero server-side setup

Paste one script tag before </body>. No backend changes, no webhooks, no dependencies to install.

Knowledge Base grounded

Responses are generated exclusively from your published KB articles using RAG. The AI does not answer from general knowledge.

Seamless escalation

When the AI cannot answer, the conversation is escalated to a human agent. The customer never has to start over.

Installation

Add two script blocks to your website's HTML, just before the closing </body> tag. The first block configures the widget, the second loads it.

<!-- InnConnect Chat Widget -->
<script>
  window.InnConnectConfig = {
    apiUrl: 'https://innconnect.io/api',
    apiKey: 'YOUR_API_KEY_HERE',
    primaryColor: '#E85D04',
    position: 'bottom-right'
  };
</script>
<script src="https://innconnect.io/widget/innconnect-widget.js" defer></script>

That is all that is required. The widget button appears immediately on page load and is ready to accept customer messages.

Finding your API key

Log in to the InnConnect admin panel.
Navigate to Sites in the sidebar.
Select the site you want to connect the widget to.
Open the Settings tab. Your API key is displayed at the top of the page.

Screenshot: Site settings page showing API key

Configuration

The widget is configured via the window.InnConnectConfig JavaScript object. Set the properties before loading the widget script.

Property	Required	Default	Description
`apiUrl`	Required	—	Base URL of the InnConnect API (e.g. https://innconnect.io/api).
`apiKey`	Required	—	Your site's API key (format: `sk_` followed by 32 characters). Found in admin panel under Sites → your site.
`primaryColor`	No	`#E85D04`	Hex colour for the widget launcher button and header. Matches your brand.
`position`	No	`bottom-right`	Launcher button position: bottom-right or bottom-left.

For deeper customization — system prompt, AI model, welcome message, primary color, escalation behavior — configure those settings in the admin panel under Sites → [Your Site] → Settings. Changes take effect immediately without modifying the embed code.

How It Works

Understanding the end-to-end message flow helps you debug issues and optimize your Knowledge Base for accuracy.

Widget lifecycle

Script loads — The widget script initializes by reading the window.InnConnectConfig object and fetches display configuration from GET /api/chat/config.
Customer opens widget — A new chat session is created via POST /api/chat/session. The session ID is stored in the customer's browser (localStorage), so the conversation persists across page navigations.
Customer sends a message — The widget sends the message to POST /api/chat/message with the API key in the X-API-Key header.
Server processes the message — Input is sanitized, escalation triggers are checked, a RAG search retrieves relevant KB articles, and the configured AI provider generates a response. The response is sanitized server-side before being returned.
Widget renders the response — Markdown is parsed and rendered with DOMPurify sanitization. Typing indicators provide visual feedback while the AI generates.

AI response pipeline

Step	What happens
1. Input sanitization	Customer message is validated, trimmed, and checked for malicious content.
2. Escalation check	Message is checked against configured escalation keywords and patterns.
3. RAG retrieval	Semantic vector search finds the most relevant published KB articles for the site.
4. Prompt assembly	System prompt, retrieved KB context (wrapped in delimiters), and conversation history are assembled.
5. AI generation	Mistral AI generates a response.
6. Output sanitization	The AI response is sanitized through `ContentSanitizer` (HTMLPurifier) before delivery.

Widget Features

Typing indicator

An animated indicator shows while the AI is generating a response, giving customers visual confirmation their message was received.

Quick reply chips

The AI can present quick reply buttons for common actions such as product inquiries or appointment booking, reducing friction for customers.

Markdown rendering

AI responses support rich formatting: headings, bold, lists, links, and code blocks. All rendered HTML is sanitized with DOMPurify.

Session persistence

Conversations survive page navigations. The session ID is stored in localStorage so customers can continue where they left off.

Conversation rating

After a conversation ends, customers are invited to rate the experience on a 1–5 star scale with optional feedback text.

Message reactions

Customers can give thumbs up or thumbs down on individual messages, providing granular feedback on AI response quality.

Screenshot: Chat widget open on a customer website

Escalation

When the AI determines it cannot adequately answer a question, or when the customer explicitly asks to speak to a human, the conversation is escalated. Escalated conversations appear in the admin panel under Escalations, where agents can review the full history and take over the chat seamlessly.

Automatic triggers

The AI escalates when its confidence is low, when configured escalation keywords are detected (e.g. "Ik wil een medewerker spreken"), or when it recognizes it cannot help further.

Seamless handoff

When an agent takes over, the customer sees a natural transition within the same conversation window. No page reload, no new chat, no lost context.

Notifications

Agents with the appropriate role receive in-app notifications and optional email alerts when a new escalation requires attention.

Sessions

Every chat interaction is tracked as a session. Sessions are the fundamental unit of conversation in InnConnect.

Property	Description
Session ID	UUID generated when the widget is first opened. Stored in the customer's browser via `localStorage`.
Persistence	Sessions survive page navigations within the same browser. Clearing browser data or using a different device starts a new session.
Visitor identification	Customers can optionally provide their name and email. This creates or links a CRM customer record, enabling cross-session customer tracking.
Message history	Full conversation stored server-side. Accessible to agents from the Escalations and CRM panels.

Session statuses

Status	Description
Active	Conversation is in progress. The customer can continue sending messages.
Escalated	AI has escalated to a human agent. Agents can respond from the admin panel.
Closed	Conversation has ended. The session is read-only and visible in analytics.

Conversation Rating

After a conversation ends, customers are invited to rate their experience. Ratings provide quantitative insight into AI performance and Knowledge Base quality.

Star rating — 1 to 5 stars, where 5 is excellent.
Tags — Optional predefined tags (e.g. "Helpful", "Too slow", "Wrong answer") for quick categorization.
Free-text feedback — Optional comment for detailed feedback.

Ratings are visible in the admin panel analytics. Aggregate scores appear on the Dashboard. Low-rated sessions can be filtered in the Escalations panel for review, making it easy to identify KB gaps and improve article quality.

Screenshot: Rating prompt in chat widget

API Reference

The chat widget communicates with InnConnect through a public REST API. All endpoints require the X-API-Key header with your site's API key. These endpoints are also available for custom integrations if you want to build your own chat interface.

Method	Endpoint	Description
GET	`/api/chat/health`	Health check endpoint. Returns 200 if the API is operational. No authentication required.
GET	`/api/chat/config`	Retrieve widget display configuration (colors, welcome message, language).
POST	`/api/chat/session`	Create a new chat session. Returns a session UUID.
GET	`/api/chat/session/{id}`	Retrieve session details including status and metadata.
POST	`/api/chat/session/{id}/end`	End a chat session. Triggers the rating prompt in the widget.
POST	`/api/chat/message`	Send a customer message and receive an AI-generated response.
GET	`/api/chat/history/{sessionId}`	Retrieve the full conversation history for a session.
POST	`/api/chat/session/{id}/rate`	Submit a conversation rating (stars, tags, feedback text).
POST	`/api/chat/message/{id}/react`	Submit a thumbs up or thumbs down reaction to a specific message.

Authentication: All widget API endpoints use the X-API-Key header for authentication. This is your site's public API key — it is scoped to a single site and can only access chat-related operations. It is safe to include in client-side code.

Security

The chat widget is a public-facing component running on third-party websites. InnConnect applies multiple layers of protection to ensure safe operation.

Domain allowlisting

Widget requests are only accepted from domains registered in your site's settings. Requests from unregistered origins are rejected.

CORS enforcement

Cross-Origin Resource Sharing headers are set to allow only your verified domains. Browser-enforced CORS prevents unauthorized cross-origin API calls.

Rate limiting

Chat message endpoints are limited to 20 requests per minute per session. Exceeding the limit returns HTTP 429 with a Retry-After header.

Input sanitization

All customer input is validated and sanitized server-side before processing. Malicious content is stripped before it reaches the AI pipeline.

API key safety: The apiKey value is a site-scoped key (format: sk_ + 32 characters). It identifies your site but does not grant admin access. Requests are additionally validated against your registered domains.

Widget Title

The widget automatically fetches its title from the API on startup. Set a custom title per site under Sites → General → Widget Title. No embed snippet update needed — the widget reads the title from the server.

Proactive Suggestions

The widget can show suggestion bubbles above the chat button before the visitor opens the chat. These are configured per page under Sites → Page context.

Suggestions can be triggered by: time elapsed since page load, scroll depth (0–100%), or a CSS element entering the viewport. Multiple triggers can be combined — all must be satisfied.

Visitor Tracking

Each visitor receives a unique visitor ID stored in localStorage. This ID is sent with every API call, allowing InnConnect to track visit history, page frequency, and topic interests across sessions.

Visitor profiles are available in Visitor Insights — showing top pages, interests, session count, and conversion events.