BitBloom Chatbot for Chatkit

BitBloom Chatbot for Chatkit lets you embed a published Agent Builder workflow into WordPress using OpenAI’s ChatKit UI.
Features a floating launcher, optional shortcode, theme controls (light/dark, accent color, radius, density, font), and server-side session creation with REST nonces (no API key in the browser).

Highlights
– Floating ChatKit launcher or inline embed via shortcode.
– One-time setup: paste your Workflow ID and Domain Public Key.
– Theme controls: color scheme, accent, radius, density, font.
– Secure: session created on the server; REST calls nonce-protected.
– Rate limiting: configurable per-IP hourly limit for session requests (default 20/hour).
– Privacy-friendly: user ID is a salted hash (no IP stored or sent by the plugin).

What you need from OpenAI
1. A published Agent Builder workflow (copy its Workflow ID).
2. Your Domain allowlist and Domain Public Key (Security → Domain allowlist).
3. Active billing/credits in your OpenAI account.

Usage

Floating Launcher (auto)
– Once configured, the floating button appears on the front-end. Clicking it opens ChatKit bound to your published workflow.

Shortcode (inline chat)
Add to any post/page:
[bitbloom_chatbot_for_chatkit]

Security
– The plugin uses wp_rest nonces for the session endpoint and never exposes your OpenAI API key in the browser.

Privacy

• The plugin computes an anonymized user identifier using a salt + user agent hash and does not send IP.
• The plugin does not collect analytics or telemetry.
• Data exchanged with OpenAI is limited to what’s required to run your configured workflow (message text, workflow ID, domain public key, and the anonymized user hash).
• On uninstall, the option bitbloom-chatbot-for-chatkit_options is deleted.

External services

This plugin loads the ChatKit web component from OpenAI’s CDN and creates short-lived client sessions with OpenAI in order to render the chat UI.

• Service: OpenAI ChatKit (web component & sessions API)
• What for: Render the chat widget and let the agent run your workflow.
• Endpoints:
– CDN script: https://cdn.platform.openai.com/deployments/chatkit/chatkit.js
– Sessions API: https://api.openai.com/v1/chatkit/sessions
• What is sent and when:
– On page load, the browser downloads the ChatKit web component from the CDN.
– When the user opens the chat, WordPress calls the Sessions API server-to-server to mint a short-lived client_secret. The request includes:
* Your configured workflow ID
* A non-identifying, hashed “user” string derived from the site salt and the user agent (no PII)
• Privacy & Terms:
– OpenAI Terms: https://openai.com/policies/terms-of-use
– OpenAI Privacy Policy: https://openai.com/policies/privacy-policy