This article provides essential guidelines and best practices for deploying the Kore.ai Web SDK securely and efficiently in production environments. It aims to supplement the existing documentation which primarily covers demo environment configurations.
Key Recommendations:
-
Use secure WebSocket connections (wss://) to ensure encrypted communication.
-
Implement server-side signed JWT authentication. Never embed client secrets in client-side code.
-
Host JWT signing on secure HTTPS servers with appropriate access controls.
-
Maintain separate configurations for development, staging, and production.
-
Use production-specific keys and tokens exclusively in production.
-
Host JWT service on scalable servers for low latency JWT issuance.
-
Use deployment slots or staging environments where possible to enable zero downtime deployment and rollback.
-
Remove all demo and test code before deploying to production.
-
Continuously monitor SDK performance and logs to detect issues early.
-
Keep SDK up to date with latest stable releases incorporating security patches.
Conclusion:
Adhering to these best practices can help ensure a secure, reliable, and scalable production deployment of the Kore.ai Web SDK, enhancing both developer experience and end-user satisfaction.