Statflo Documentation



TextKit is designed to be flexible, installed into another app, bundled with other services, or provided as a standalone hosted service. It is designed, from the ground-up, to be fully configurable, brandable, and even white-labeled, with support for multi-tenant use cases.

TextKit is also designed to be compatible with Twilio Flex, which allows for companies to choose their own authentication system, and with any messaging channel.

As such, TextKit lets Partners and Customers choose the Authentication SSO vendor of their choice (ex: Cognito, Firebase, Auth0, Okta, FusionAuth, LDAP SAML, OAuth, in-house, etc).

When SSO is used, TextKit will use the identity provider for representative and administrator login & authentication. Tokens used by TextKit inherit the role permissions of the user that generates the token, or a subset of those permissions that can be chosen at the time of generation. Once a user is authenticated in your system of choice, send a request to TextKit to create an authenticated token, which is used to load messages and get any Campaign Members assigned to the identity.

Permissions to generate privelidged API tokens can be assigned within TextKit to certain administrative users. These tokens can be used to authenticate requests for all APIs that TextKit provides.


To create a user token:

# While we use a UUID for the loginId here (recommended),
# this can be any String. Campaign Members must be assigned
# to this same value in order for them to display to the user
# we also recommend this is the same value used
# to create identities in Twilio Chat. It also can be the Sid
# of a Worker from Twilio Flex. It's up to you!
mutation {
createToken(input: {
"loginId": "af73ed10-01ff-4b96-8444-079ff8fdda57",
"applicationId": "YOUR TEXTKIT KEY",
"noJWT" : false,
"ipAddress": ""
deviceType: MOBILE
}) {
userErrors {
enum deviceType {

Which responds with, on success:

"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODUxNDA5ODQsImlhdCI6MTYxNTEzNzM4NCwiaXNzIjoiYWNtZS5jbyIsInN1YiI6ImIzYjQyYzcyLTkzOWMtNDY3MS05ZGI0LTBmZjdmYmU0ZGQ1NiIsImFwcGxpY2F0aW9uSWQiOiJlNGM4MTAwNC0xYTRjLTQ3N2YtOTdlMy1iNjcwMjJlOWEzNTEiLCJyb2xlcyI6WyIxIiwiMTciLCIyMiJdfQ.a6tkQaq-gRlz0opXRewq0N0spnKgY9MG4c2PMVs16lA",
"user": {
"active": true,
"data": {
"displayName": "Sara",
"branch": "100525"
"expiry": 1615137784141,
"firstName": "Sara",
"id": "b3b42c72-939c-4671-9db4-0ff7fbe4dd56",
"lastLoginInstant": 1613137481142,
"preferredLanguages": [
"timezone": "America/Denver",
"tenantId": "e4c81004-1a4c-477f-97e3-b67022e9a351",
"twoFactorEnabled": false,
"verified": true

About JWT

Once we generate a token, use that to initialize the TextKit interface, if tk.js is embedded into your interface. If using our hosted option, we handle this automatically.

When you register for a TextKit key, let us know how you plan to initialize the chat and your specific use case, so we can point you to the right SDK, GraphQL library or resource on the team.

What is a JWT? Here are a couple resources:

Response Codes

200TextKit authentication was successful. The response will contain the User object authenticated.
202TextKit authentication was successful. The user was not registered for the TextKit instance. The response will contains the User object authenticated.
400The request was invalid or malformed. The response will contain an Errors JSON Object with the errors.
401Invalid Authorization header. The header was omitted or your API key was not valid. The response will be empty.
410The user has expired. The response will be empty.
423The user is locked and cannot login. The response will be empty.