Regarding this part in the documentation (Security):

"By default, your typebot can be executed from any origin but you can restrict the execution of your typebot to specific origins. This is useful if you want to embed your typebot in your website and prevent it from being executed on other websites by malicious actors.

For example, if you want to allow your typebot to be executed only on https://my-company.com, you can add https://my-company.com to the list of allowed origins.

If you add a URL to the list but omit https://typebot.co, then your typebot shareable URL will not work anymore."

I wanted a bit more clarification.

1. Let's say I add my company to the list of allowed origins. This would mean only users that can access my company's website would be allowed to access the typebot, right, even if I omit the https://typebot.co part? e.g. if it was embedded into a company webpage
2. But in the case that I DID want the typebot to be shared as a link to internal users only (e.g. in an email), I would then have to add the https://typebot.co to the beginning of the url. But now would this link, if leaked externally, be accessible to anyone outside of the company?
3. Finally, is there any other way to restrict a typebot to internal users where, say, the group of users don't have a website or domain they control? I know password access is currently a feature request. And we could always authenticate users after they begin a chat, but that would use up one chat from our quota.

Hi. I’m yet to set up the WhatsApp integration but need to know this before proceeding.

In my use case, staff can use the bot to look up data about their work profiles.

But I want to maintain privacy. Email or name isn’t enough of course as anyone can provide that see their colleague’s data.

I also want to avoid OTPs just because they add friction and it’ll mean an OTP for every use.

Instead, can the WhatsApp typebot integration have access to know the number that is sending the message and use that as a variable in the flow? I’m hoping I could then use the number to look up the employee in our database, and the number is all the verification I’d need the person is who they say they are.

I'm trying to sign up with a company email but unable to.

• I put in my email into the sign up email field.
• I receive a magic link in my inbox.
• I click the link and it takes me to the same sign up field as before, and I have to provide the email again, and it simply loops.

The url when clicking the magic link in my inbox shows an error: https://app.typebot.io/signin?error=Verification . I’ve tried signing up with both Chrome and Arc browser.

As a note, not sure if it's affecting anything, but the company email system has a security filter that checks emails clicked (Mimecast). Though I haven't had any issues accessing any links before, and this would be the first.

Use case: user converses with Open AI assistant and if the user wants to book a call, a zap is triggered from the Assistant itself.

I’m assuming this is ideally done via function calling? If so, can anyone provide me an example, spelling it out as much as possible? I’m not a coder but would still appreciate seeing how it works.

I have a flow with blocks running in the following order:

• Text Input block
• Zapier block
• Generate speech Open AI block
• Display image
• List buttons

and the flow continues.

The problem is, in Whatsapp, when the Zapier block runs, it continues until the list buttons step, and then appears to return to the Zapier block and start from there again. It does this several times (maybe more, I'm not sure, I didn't wait to check and just restarted the Whatsapp chat in case it was an infinite loop).

I'm suspecting it's the Zapier step it's going back to each loop because I can see in Zapier that the associated zap got triggered two or three times.

First of all, this is perhaps the BEST implementation of Open AI Assistants API I've seen in an application. Thank you.

My issue is with the citations that get printed in responses such as 【9†source】. They're particularly a problem when I pass the response to a TTS block as the AI ends up speaking the citation itself ("nine plus source").

Is there a way to remove the citation? Or get it to work as something the user can click instead of displaying on screen (I'm not a developer, but saw something about this in the docs here: https://platform.openai.com/docs/assistants/how-it-works/message-annotations).

While the Open AI TTS is great, it doesn't do many accents and, for localisation purposes, I'd prefer integrating Elevenlabs' voices.

With my limited experience with APIs (I consider myself a nocoder), I tried creating an API block that carries out a POST request to the Elevenlabs tts streaming endpoint. It returns a data object that is a long string of characters but not a url, which is what I believe we need to pass to the audio file block.

I tried searching more about this in this discord and in the docs but without success. If anyone has any particular tips or steps, would be appreciated.

I love the Open AI tts integration. I can see that users can listen to audio messages they receive via Typebot in Whatsapp, but is there a way to do the reverse, i.e. users record a voice recording response and that gets sent to Typebot as text that we can pass back to the Open AI block? In other words, a voice to voice conversation with the Open AI block via Whatsapp?