Before you go live, we recommend that you whitelist the following URL’s. This guide explains which domains your network should allow and why they are required for Talkative to function correctly.
What domains do you need to allow?
Please allowlist the following domains:
- pusher.com and all subdomains
- engage.app and all subdomains
- twilio.com and all subdomains
- talkative-cdn.com and all subdomains
- cloudfront.net and all subdomains
- talkative-ws.com and all subdomains
- daily.co and all subdomains
What each domain is used for:
engage.app
- Purpose: Core Talkative application and widget endpoints. Loads configuration, routes interactions, and powers the agent console.
- Impact if blocked: Widgets fail to load or render rules. Agent console features may not function.
talkative-cdn.com
- Purpose: Content Delivery Network hosting Talkative static assets used by the widget and console.
- Impact if blocked: Slow or failed asset loads leading to broken UI or features.
talkative-ws.com
- Purpose: Talkative WebSocket endpoints for real-time events where applicable.
- Impact if blocked: Real-time updates degrade or fall back to polling. Delayed message delivery and status updates.
pusher.com
- Purpose: Managed realtime transport for chat messages, dashboards, and widget events in some flows.
- Impact if blocked: Messages appear delayed, dashboards require refresh, “realtime” features stop updating.
twilio.com
- Purpose: Telephony and messaging services such as TaskRouter, SMS, WhatsApp, PSTN.
- Impact if blocked: Interactions may not route to agents. SMS or WhatsApp messages fail to send or receive. Presence and task events can be affected.
daily.co
- Purpose: Video calling, video recordings and optional background effects.
- Impact if blocked: Video rooms fail to start or remain stuck “loading”. Background effects cannot be downloaded.
cloudfront.net
- Purpose: AWS CloudFront used by underlying assets and dependencies.
- Impact if blocked: Static or media resources may intermittently fail to load, causing UI or feature issues.
Experience Builder Trusted Sites
The following are a list of URLs that need to be allowed within your CSP policy.
Talkative CDN
Reason: loading additional script files from the Talkative CDN - our widget configs are stored in this CDN
Engage s3 bucket
Reason: handles file uploads / avatar
- URL, either:
- https://us-engage-app.s3.us-east-2.amazonaws.com/
- https://eu-engage-app.s3.eu-west-1.amazonaws.com/
- allow: img-src, media-src
Talkative Engage Application:
Reason: js http communication with engage api
- URL, either:
- allow: connect-src
Pusher sockjs
Reason: websockets realtime connection
- allow: connect-src
Pusher websocket
Reason: websockets realtime connection
- URL, either:
- wss://ws-us2.pusher.com
- wss://ws-eu.pusher.com
- allow: connect-src
Video
Reason: connection for video chat feature
- CSP:
- connect-src https://*.daily.co/
- script-src https://*.daily.co
- connect-src wss://*.wss.daily.co
Cobrowse
Reason: websocket connection for cobrowse connection
- URL, either:
- wss://eu.talkative-ws.com/
- wss://us.talkative-ws.com/