The widget expects an authCode to be included as part of the config object. The value of the the authentication code should be a hash of your application's secret and the user's externalId field using the HMAC-SHA256 hashing function. The Notifly server also computes the hash value and checks that the two values match. If successful the server returns a token which is then used to authenticate future requests. If the hashes do not match the server returns 401 status code.