Website
Messaging

Add a Ticket Center to Your App with Cursor

Use Cursor's AI to wire up the Helpdesky Ticket Center with HMAC in any framework. Includes a ready to paste prompt.

Authors: Helpdesky

Adding a Ticket Center to any project with Cursor gives your signed in users a full support portal: open conversations, view history, and reply, all without leaving your app. This guide assumes you already have authentication in place.

The Ticket Center uses HMAC SHA256 authentication. Your server signs the user's email with a secret, the embed sends the signature, and Helpdesky verifies both before rendering. For the underlying concepts, read the Ticket Center Setup Guide. Below is the any project with Cursor specific path.

Ticket Center vs Contact Form: the Ticket Center is for signed in users. If you only need anonymous visitors to send a message, use a Contact Form instead.

Set Up Your Helpdesk

Open the Helpdesky dashboard and go to Ticket Center in the sidebar. From this page you will need:

  • Your Helpdesk ID, visible in the embed snippet at the top
  • The Verification Tool further down, used later to confirm your HMAC matches

Generate Your HMAC Secret

On the Ticket Center page, click Generate HMAC Secret and copy it immediately. Helpdesky never shows it a second time.

Add the secret to whatever .env file your project uses (or your hosting provider's environment variables panel). Use these exact names:

  • HELPDESKY_HMAC_SECRET — the secret you just copied
  • HELPDESKY_HELPDESK_ID — the ID from the embed snippet

Make sure the variable name does not start with a public prefix that your bundler exposes to the client (VITE_, NEXT_PUBLIC_, PUBLIC_).

The secret must stay server side. Never expose it to the browser, embed it in client side bundles, or commit it to a public repo.

Compute the HMAC on Your Server

The exact code depends on your framework, but the algorithm is always the same: HMAC_SHA256(user.email, HELPDESKY_HMAC_SECRET). The next section gives Cursor a prompt that picks the right idiom for your stack automatically.

If you want to write it by hand, the canonical Node version is:

import crypto from "node:crypto";

function helpdeskySignature(email) {
  return crypto
    .createHmac("sha256", process.env.HELPDESKY_HMAC_SECRET)
    .update(email)
    .digest("hex");
}

The Python, PHP, Ruby, and Go equivalents are listed in the Ticket Center Setup Guide.

Add the Embed Code

Once your server returns { email, signature, helpdeskId } for the signed in user, render the Ticket Center container and load the script with those values:

<div id="hdh-ticket-center"></div>
<script src="https://helpdesky.io/ticket-center.js"
  data-helpdesk-id="HELPDESK_ID"
  data-email="USER_EMAIL"
  data-signature="HMAC_SIGNATURE"></script>

Copy This Prompt for Your AI Builder

Paste the prompt below into the chat. It tells the agent which secret to read, where to read the canonical setup steps, and what success looks like.

we need to add the helpdesky ticket center that has HMAC validation.
i added the secret HELPDESKY_HMAC_SECRET, plus HELPDESKY_HELPDESK_ID.
read the tutorial first: https://docs.helpdesky.io/ticket-center-setup
inspect the project to figure out the framework and the existing auth system. add a server side endpoint that returns email + HMAC SHA256 signature + helpdeskId for the signed in user (using HELPDESKY_HMAC_SECRET). then add a /support page that injects the helpdesky ticket center script with those values. use the framework's idiomatic pattern (route handler for next.js, server endpoint for sveltekit/astro, controller for rails/django, etc).
do not expose the secret to the client. confirm the panel loads for a signed in test user when you are done.

Test It

Sign in to your app as a real user and open the support route. The Ticket Center should render with that user's conversations.

If you see an authentication error, copy the email and signature your server generated, then paste them into the Verification Tool in the Helpdesky dashboard. The expected signature must match yours exactly.

Common issues:

  • Signature mismatch. Usually trailing whitespace in the secret, or signing the wrong field. Sign the user's email exactly as Helpdesky stores it.
  • Empty panel. Make sure the test user has at least one conversation, or start one from another channel first.
  • Secret leaked into client bundle. If your build inlined the secret, the env var name probably had a public prefix (VITE_, PUBLIC_, NEXT_PUBLIC_). Rename it and rebuild.

Next Steps

Add a public Contact Form on your marketing pages for visitors who are not signed in. Route inbound support email into the same inbox with the Email Forwarding Setup Guide.

Last updated on May 2, 2026