WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Aqoiy – AI Customer Support Chatbot

Aqoiy – AI Customer Support Chatbot

By ibra hx
Download

Description

Aqoiy is an AI-powered customer support chatbot that integrates deeply with WooCommerce. It uses Google Gemini AI to answer questions, look up live orders, check product stock, process return requests, and seamlessly hand off conversations to human agents when needed.

Key Features:

  • AI-Powered Responses — Uses Gemini AI to answer customer questions based on your knowledge base and store data.
  • WooCommerce Integration — Search products, check stock, and look up orders in real time.
  • Human Agent Handoff — Automatically escalate to live agents when the AI can’t help.
  • Knowledge Base — Add custom articles, FAQs, and policies for the AI to reference.
  • Customizable Widget — Match your brand with custom colors and titles.
  • Sentiment Analysis — Detect unhappy customers and auto-escalate.
  • Business Hours — Configure availability and offline messages.
  • Analytics Dashboard — Track conversations, response times, and customer satisfaction.
  • Multi-language Support — Auto-detect and respond in the customer’s language.
  • Light & Dark Admin Theme — Choose the admin panel appearance that suits you.

Powered by Firebase — Real-time messaging, secure authentication, and scalable infrastructure.

External Services

This plugin connects to two external services. Both connections only happen after the store owner has configured the plugin (created an Aqoiy account, or pasted a Google Gemini API key). No data leaves the site before that.

1. Aqoiy Backend API

Service: Aqoiy platform backend, operated by Aqoiy (Thrivethrum LLC).
Endpoint host: https://us-central1-aqoiy-server-v2.cloudfunctions.net/api
Purpose: Stores plugin configuration, relays chat traffic between the customer-facing widget and human agents, runs AI replies through the managed pipeline, records analytics, and authenticates the store account.

The plugin issues 26 distinct calls to this host. Each call is triggered by an explicit user action or admin event — never on every page load. They are grouped below by purpose:

a. Account & site authorisation (sent only when the admin clicks Connect / Register / Login on the settings screen, or when WordPress detects the active site URL has changed)

  • POST /auth/store/register — sends the chosen email, password and store URL to create an Aqoiy account.
  • POST /auth/store/login-with-password — sends email and password to obtain an API key.
  • GET /plugin/verify — validates the saved API key on activation.
  • PUT /plugin/site-detection — sends the detected site URL and platform (WordPress / WooCommerce) so the backend can authorise this domain.

b. Configuration sync (sent when the admin saves the Settings, AI Settings, Tools, Widget, or WooCommerce credentials screens)

  • GET /plugin/config — fetches the current backend configuration to display in the admin UI.
  • PUT /plugin/config (3 call sites) — sends widget colours/welcome message, the toolsConfig flags (search_products, check_stock, get_order, submit_return, human_handoff, search_content), the chosen storeMode, and — if WooCommerce is connected — the store URL plus the WooCommerce REST API consumer key/secret so the backend can call WooCommerce directly when a customer asks about an order.

c. Knowledge base sync (sent when the admin adds, edits, or deletes a KB entry, or runs the “Sync” button)

  • PUT /plugin/knowledge-base — sends the user-authored KB entries (titles, content, URLs, tags) so the AI can quote them in answers.

d. Conversation traffic (sent only while a real visitor is using the chat widget on the storefront; nothing is sent if no one is chatting)

  • POST /plugin/message (2 call sites) — forwards the visitor’s message and the recent message history.
  • POST /plugin/ai-reply (2 call sites) — requests the AI reply for the current session.
  • POST /plugin/handoff — marks the session as needing a human agent. Sends the session id and a short reason.
  • POST /plugin/poll — short-polls the backend for any agent reply.
  • POST /plugin/session-end — notifies the backend that the visitor closed the chat.
  • POST /plugin/csat — sends the post-chat satisfaction rating (1–5) plus optional free-text feedback.

e. Admin dashboards (sent only while the admin is viewing the corresponding screen)

  • GET /plugin/analytics — fetches conversation counts, response times, and CSAT averages for the Analytics tab.
  • GET /plugin/usage — fetches the current month’s AI message usage and plan limit.
  • GET|PUT|DELETE /plugin/sessions (3 call sites) — lists/filters/clears recorded sessions for the Sessions tab.
  • GET /plugin/session/{id} — fetches a single session transcript when the admin clicks a row.

Visitor messages typed into the chat widget are transmitted to this service. The widget collects the visitor name and email only if the visitor types them (or if a logged-in WordPress user opens the chat — in which case their display name and account email are read from wp_get_current_user() and forwarded so the agent can identify them).

Service provider: Aqoiy (Thrivethrum LLC) — https://aqoiy.com
Terms of Service: https://aqoiy.com/terms
Privacy Policy: https://aqoiy.com/privacy

2. Google Gemini API (optional, BYO-key path)

Service: Google Gemini Generative Language API.
Endpoint host: https://generativelanguage.googleapis.com
Purpose: Generates AI replies when the store owner has pasted a personal Gemini API key into the AI Settings screen. If no Gemini key is configured, this path is never used — all AI replies go through the Aqoiy backend instead.

  • POST https://generativelanguage.googleapis.com/v1beta/models/{model}:generateContent — sends the recent message history and any system instructions configured in the AI Settings tab; receives the model’s reply. Triggered only when the storefront widget receives a customer message and the BYO-key path is active.

The Gemini API key is supplied by the store owner and is sent as a query parameter on each request, per Google’s API contract. No customer message is sent to Google before a real visitor types in the chat widget.

Service provider: Google LLC.
Google APIs Terms of Service: https://developers.google.com/terms
Google Privacy Policy: https://policies.google.com/privacy

WooCommerce is a trademark of Automattic Inc. Aqoiy is not affiliated with or endorsed by Automattic.

Screenshots

  • Setup wizard — choose your platform (WordPress or WooCommerce) to get started.
  • Settings page — manage your account, view usage, and preview the live chat widget.
  • Analytics dashboard — track sessions, peak chat hours, and top customer questions.

Installation

  1. Upload the aqoiy-chatbot folder to /wp-content/plugins/.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to Aqoiy Chatbot > Settings and create your account or enter your API key.
  4. Configure your widget colors, AI settings, and WooCommerce credentials.
  5. The chat widget will appear on your site automatically.

FAQ

Does this require WooCommerce?

No. The chatbot works on any WordPress site. WooCommerce integration (product search, order lookup, stock check) is optional and activates automatically when WooCommerce is installed.

What AI model does it use?

Aqoiy uses Google Gemini AI models. You can configure the model in the AI Settings tab.

Is my data secure?

All data is stored securely on Firebase (Google Cloud). Communication uses HTTPS encryption. API keys are validated on every request.

How do I connect human agents?

Install the Aqoiy Agent mobile app (iOS/Android) or use the web dashboard at app.aqoiy.com. Agents receive real-time notifications when customers request human help.

What are the plan limits?

  • Free — 500 AI messages/month
  • Standard — 5,000 AI messages/month
  • Pro — Unlimited AI messages
  • Business — Unlimited everything (contact us)

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Aqoiy – AI Customer Support Chatbot” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Aqoiy – AI Customer Support Chatbot” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.9

  • Removed the “Powered by Aqoiy” badge option from the chat widget footer per WordPress Plugin Directory guidelines. Attribution no longer appears on any user-facing interface.

1.0.8

  • Documentation: rewrote the == External Services == section in readme.txt to enumerate every backend endpoint the plugin contacts, what data is sent, and when. Added a separate entry for the optional direct Google Gemini API path (BYO-key) and corrected the prior statement that no direct Google connection is made.
  • Security/hardening: the inline CSS variable block emitted by Aqoiy_Chatbot::enqueue_widget() (--aqoiy-primary / --aqoiy-secondary) now re-runs sanitize_hex_color() on the saved colour values immediately before they are interpolated, so the output is escape-late even if a stored option is corrupted by a future code path.
  • Naming: renamed the custom do_action( 'cache_flush' ) broadcast in the settings save path to do_action( 'aqoiy_cache_flush' ) so the hook is properly prefixed.
  • SQL hardening: every direct $wpdb query in class-aqoiy-db.php, class-aqoiy-api.php, class-aqoiy-admin.php and uninstall.php is now wrapped in $wpdb->prepare() using the %i identifier placeholder for table names. Requires at least bumped to 6.2 (when %i was introduced).

1.0.7

  • Removed Origin/Referer-only authorisation path from the storefront REST permission callback (verify_widget_session). The callback now requires either a matching HttpOnly aqoiy_sid cookie or a valid HMAC sessionToken — both unforgeable by off-origin scripted callers. Origin/Referer headers, while useful, can be set freely by non-browser clients and are no longer accepted as proof.
  • Added a public /aqoiy/v1/session-init REST endpoint (permission_callback => __return_true) that mints a fresh sessionId + HMAC token and sets the HttpOnly cookie. The widget calls it lazily on first interaction only when the page-baked credentials are missing (e.g. served by an aggressive page cache). Resolves stale-credential issues on cached pages.

1.0.6

  • Storefront chat now works reliably across page-cache, host-header-stripping and cross-subdomain setups: the REST permission callback accepts any of three independent authorisation paths — HttpOnly aqoiy_sid cookie binding, HMAC sessionToken, or browser-enforced same-origin Origin/Referer. The HMAC token alone is no longer required.
  • Added X-Aqoiy-Session to CORS allow-headers.

1.0.5

  • Fixed login session not persisting after the 1.0.4 sanitisation hardening: internal credential saves are now routed through a dedicated trusted helper so they bypass the strict register_setting() callback while still being fully field-by-field sanitised at the call site.

1.0.4

  • Hardened storefront REST endpoints (chat / poll / csat / session-end) with a per-session HMAC authorisation token, replacing the previous public __return_true permission callback.
  • Switched register_setting() to the array form with an explicit sanitize_callback, and made sanitize_settings() refuse to overwrite stored options when the page-context flag is missing.
  • No user-facing changes; existing storefront chat, agent handoff and CSAT flows continue to work after update.

1.0.2

  • Added site authorization enforcement
  • Improved security for multi-site accounts
  • Fixed unauthorized site error handling
  • Added X-Site-Url header for all API requests

1.0.1

  • Initial release improvements

1.0.0

  • Initial release
  • Customizable widget (colors, icons, sizes)
  • Light/dark admin theme
  • Sentiment analysis and auto-escalation

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum