Security Settings
Control who can access the Deway SDK and on which pages it appears.
User Allow List
Restrict the Deway SDK to specific users. When configured, only listed users will see the chat widget.
Setup
- Navigate to Settings > Security
- Enter user IDs in the User Allow List field (comma-separated)
- Click Save
Format
Provide a comma-separated list of user IDs:
user-123, user-456, beta-tester-789
Use Cases
- Beta testing — Roll out the widget to a small group before a full launch
- Internal testing — Restrict to your team during QA
- Staged rollout — Gradually expand access to more users
Behavior
| Configuration | Result |
|---|---|
| Empty (default) | All users see the widget |
| One or more IDs | Only listed users see the widget |
Note: User IDs must match the value passed to Deway.identify().
Pages Allow List
Control which pages the Deway SDK is active on using glob patterns and query parameter filters.
Setup
- Navigate to Settings > Security
- Add entries to the Pages Allow List
- Click Save
Path Patterns
Use glob patterns to match page paths:
| Pattern | Matches |
|---|---|
/dashboard | Exactly /dashboard |
/products/* | /products/123, /products/abc (one level) |
/products/** | /products/123, /products/123/details, /products/a/b/c (any depth) |
/blog/* | /blog/my-post, /blog/another-post |
Query Parameter Filters
Optionally filter by query parameters using regex patterns:
| Field | Value | Matches |
|---|---|---|
utm_source | email | Pages with ?utm_source=email |
plan | pro|enterprise | Pages with ?plan=pro or ?plan=enterprise |
ref | partner-.* | Pages with ?ref=partner-acme, ?ref=partner-xyz |
Example Configuration
Show the widget only on product pages for users from email campaigns:
- Path:
/products/** - Query:
utm_source=email
Behavior
| Configuration | Result |
|---|---|
| Empty (default) | Widget is active on all pages |
| One or more entries | Widget only appears on matching pages |
Multiple entries are combined with OR logic — the widget appears if any entry matches.
URL Simulator
The Pages Allow List includes a built-in URL tester. Enter any page URL in the Test a URL field to see whether the SDK would be active or blocked by your rules.
The simulator shows:
- Whether the URL is allowed or blocked
- Which rule matched (if any)
- Which query parameter filters matched or failed
Use this to verify your rules before saving — especially when using complex glob patterns or regex filters.
Combining Allow Lists
User and page allow lists work together:
- If both are configured, a user must be in the user allow list and on a matching page
- If only one is configured, only that restriction applies
- If neither is configured, the widget is available everywhere to everyone
Next Steps
- Team Management — Manage admin access
- SDK Setup — View connection status