{"id":301335,"date":"2026-05-07T02:55:06","date_gmt":"2026-05-07T02:55:06","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/aqoiy-ai-customer-support-chatbot\/"},"modified":"2026-05-07T02:54:41","modified_gmt":"2026-05-07T02:54:41","slug":"aqoiy-ai-customer-support-chatbot","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/aqoiy-ai-customer-support-chatbot\/","author":16615239,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.9","stable_tag":"1.0.9","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Aqoiy \u2013 AI Customer Support Chatbot","header_author":"Aqoiy","header_description":"AI-powered support chatbot for WordPress & WooCommerce. Answer customer questions instantly, look up live orders, check stock, handle returns, and hand off to human agents \u2014 powered by Firebase and Gemini AI.","assets_banners_color":"59403e","last_updated":"2026-05-07 02:54:41","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/aqoiy.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":29,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.9":{"tag":"1.0.9","author":"hssoftware","date":"2026-05-07 02:54:41"}},"upgrade_notice":{"1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3524948,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3524948,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3524948,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3524948,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.9"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3524948,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3524948,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3524948,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"Setup wizard \u2014 choose your platform (WordPress or WooCommerce) to get started.","2":"Settings page \u2014 manage your account, view usage, and preview the live chat widget.","3":"Analytics dashboard \u2014 track sessions, peak chat hours, and top customer questions."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2353,2364,2369,2379,286],"plugin_category":[45],"plugin_contributors":[262084],"plugin_business_model":[],"class_list":["post-301335","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-chatbot","plugin_tags-customer-support","plugin_tags-live-chat","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-hssoftware","plugin_committers-hssoftware"],"banners":{"banner":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/banner-772x250.png?rev=3524948","banner_2x":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/banner-1544x500.png?rev=3524948","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/icon-128x128.png?rev=3524948","icon_2x":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/icon-256x256.png?rev=3524948","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/screenshot-1.png?rev=3524948","caption":"Setup wizard \u2014 choose your platform (WordPress or WooCommerce) to get started."},{"src":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/screenshot-2.png?rev=3524948","caption":"Settings page \u2014 manage your account, view usage, and preview the live chat widget."},{"src":"https:\/\/ps.w.org\/aqoiy-ai-customer-support-chatbot\/assets\/screenshot-3.png?rev=3524948","caption":"Analytics dashboard \u2014 track sessions, peak chat hours, and top customer questions."}],"raw_content":"<!--section=description-->\n<p>Aqoiy is an AI-powered customer support chatbot that integrates deeply with WooCommerce. It uses Google Gemini AI to answer questions, look up live orders, check product stock, process return requests, and seamlessly hand off conversations to human agents when needed.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>AI-Powered Responses<\/strong> \u2014 Uses Gemini AI to answer customer questions based on your knowledge base and store data.<\/li>\n<li><strong>WooCommerce Integration<\/strong> \u2014 Search products, check stock, and look up orders in real time.<\/li>\n<li><strong>Human Agent Handoff<\/strong> \u2014 Automatically escalate to live agents when the AI can't help.<\/li>\n<li><strong>Knowledge Base<\/strong> \u2014 Add custom articles, FAQs, and policies for the AI to reference.<\/li>\n<li><strong>Customizable Widget<\/strong> \u2014 Match your brand with custom colors and titles.<\/li>\n<li><strong>Sentiment Analysis<\/strong> \u2014 Detect unhappy customers and auto-escalate.<\/li>\n<li><strong>Business Hours<\/strong> \u2014 Configure availability and offline messages.<\/li>\n<li><strong>Analytics Dashboard<\/strong> \u2014 Track conversations, response times, and customer satisfaction.<\/li>\n<li><strong>Multi-language Support<\/strong> \u2014 Auto-detect and respond in the customer's language.<\/li>\n<li><strong>Light &amp; Dark Admin Theme<\/strong> \u2014 Choose the admin panel appearance that suits you.<\/li>\n<\/ul>\n\n<p><strong>Powered by Firebase<\/strong> \u2014 Real-time messaging, secure authentication, and scalable infrastructure.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to two external services. Both connections only happen after the store owner has configured the plugin (created an Aqoiy account, or pasted a Google Gemini API key). No data leaves the site before that.<\/p>\n\n<h4>1. Aqoiy Backend API<\/h4>\n\n<p><strong>Service:<\/strong> Aqoiy platform backend, operated by Aqoiy (Thrivethrum LLC).\n<strong>Endpoint host:<\/strong> <code>https:\/\/us-central1-aqoiy-server-v2.cloudfunctions.net\/api<\/code>\n<strong>Purpose:<\/strong> Stores plugin configuration, relays chat traffic between the customer-facing widget and human agents, runs AI replies through the managed pipeline, records analytics, and authenticates the store account.<\/p>\n\n<p>The plugin issues 26 distinct calls to this host. Each call is triggered by an explicit user action or admin event \u2014 never on every page load. They are grouped below by purpose:<\/p>\n\n<p><strong>a. Account &amp; site authorisation<\/strong> (sent only when the admin clicks Connect \/ Register \/ Login on the settings screen, or when WordPress detects the active site URL has changed)<\/p>\n\n<ul>\n<li><code>POST \/auth\/store\/register<\/code> \u2014 sends the chosen email, password and store URL to create an Aqoiy account.<\/li>\n<li><code>POST \/auth\/store\/login-with-password<\/code> \u2014 sends email and password to obtain an API key.<\/li>\n<li><code>GET  \/plugin\/verify<\/code> \u2014 validates the saved API key on activation.<\/li>\n<li><code>PUT  \/plugin\/site-detection<\/code> \u2014 sends the detected site URL and platform (WordPress \/ WooCommerce) so the backend can authorise this domain.<\/li>\n<\/ul>\n\n<p><strong>b. Configuration sync<\/strong> (sent when the admin saves the Settings, AI Settings, Tools, Widget, or WooCommerce credentials screens)<\/p>\n\n<ul>\n<li><code>GET  \/plugin\/config<\/code> \u2014 fetches the current backend configuration to display in the admin UI.<\/li>\n<li><code>PUT  \/plugin\/config<\/code> (3 call sites) \u2014 sends widget colours\/welcome message, the toolsConfig flags (<code>search_products<\/code>, <code>check_stock<\/code>, <code>get_order<\/code>, <code>submit_return<\/code>, <code>human_handoff<\/code>, <code>search_content<\/code>), the chosen storeMode, and \u2014 if WooCommerce is connected \u2014 the store URL plus the WooCommerce REST API consumer key\/secret so the backend can call WooCommerce directly when a customer asks about an order.<\/li>\n<\/ul>\n\n<p><strong>c. Knowledge base sync<\/strong> (sent when the admin adds, edits, or deletes a KB entry, or runs the \"Sync\" button)<\/p>\n\n<ul>\n<li><code>PUT  \/plugin\/knowledge-base<\/code> \u2014 sends the user-authored KB entries (titles, content, URLs, tags) so the AI can quote them in answers.<\/li>\n<\/ul>\n\n<p><strong>d. Conversation traffic<\/strong> (sent only while a real visitor is using the chat widget on the storefront; nothing is sent if no one is chatting)<\/p>\n\n<ul>\n<li><code>POST \/plugin\/message<\/code> (2 call sites) \u2014 forwards the visitor's message and the recent message history.<\/li>\n<li><code>POST \/plugin\/ai-reply<\/code> (2 call sites) \u2014 requests the AI reply for the current session.<\/li>\n<li><code>POST \/plugin\/handoff<\/code> \u2014 marks the session as needing a human agent. Sends the session id and a short reason.<\/li>\n<li><code>POST \/plugin\/poll<\/code> \u2014 short-polls the backend for any agent reply.<\/li>\n<li><code>POST \/plugin\/session-end<\/code> \u2014 notifies the backend that the visitor closed the chat.<\/li>\n<li><code>POST \/plugin\/csat<\/code> \u2014 sends the post-chat satisfaction rating (1\u20135) plus optional free-text feedback.<\/li>\n<\/ul>\n\n<p><strong>e. Admin dashboards<\/strong> (sent only while the admin is viewing the corresponding screen)<\/p>\n\n<ul>\n<li><code>GET  \/plugin\/analytics<\/code> \u2014 fetches conversation counts, response times, and CSAT averages for the Analytics tab.<\/li>\n<li><code>GET  \/plugin\/usage<\/code> \u2014 fetches the current month's AI message usage and plan limit.<\/li>\n<li><code>GET|PUT|DELETE \/plugin\/sessions<\/code> (3 call sites) \u2014 lists\/filters\/clears recorded sessions for the Sessions tab.<\/li>\n<li><code>GET  \/plugin\/session\/{id}<\/code> \u2014 fetches a single session transcript when the admin clicks a row.<\/li>\n<\/ul>\n\n<p>Visitor messages typed into the chat widget are transmitted to this service. The widget collects the visitor name and email only if the visitor types them (or if a logged-in WordPress user opens the chat \u2014 in which case their display name and account email are read from <code>wp_get_current_user()<\/code> and forwarded so the agent can identify them).<\/p>\n\n<p>Service provider: Aqoiy (Thrivethrum LLC) \u2014 https:\/\/aqoiy.com\nTerms of Service: https:\/\/aqoiy.com\/terms\nPrivacy Policy: https:\/\/aqoiy.com\/privacy<\/p>\n\n<h4>2. Google Gemini API (optional, BYO-key path)<\/h4>\n\n<p><strong>Service:<\/strong> Google Gemini Generative Language API.\n<strong>Endpoint host:<\/strong> <code>https:\/\/generativelanguage.googleapis.com<\/code>\n<strong>Purpose:<\/strong> Generates AI replies when the store owner has pasted a personal Gemini API key into the AI Settings screen. If no Gemini key is configured, this path is never used \u2014 all AI replies go through the Aqoiy backend instead.<\/p>\n\n<ul>\n<li><code>POST https:\/\/generativelanguage.googleapis.com\/v1beta\/models\/{model}:generateContent<\/code> \u2014 sends the recent message history and any system instructions configured in the AI Settings tab; receives the model's reply. Triggered only when the storefront widget receives a customer message and the BYO-key path is active.<\/li>\n<\/ul>\n\n<p>The Gemini API key is supplied by the store owner and is sent as a query parameter on each request, per Google's API contract. No customer message is sent to Google before a real visitor types in the chat widget.<\/p>\n\n<p>Service provider: Google LLC.\nGoogle APIs Terms of Service: https:\/\/developers.google.com\/terms\nGoogle Privacy Policy: https:\/\/policies.google.com\/privacy<\/p>\n\n<p>WooCommerce is a trademark of Automattic Inc. Aqoiy is not affiliated with or endorsed by Automattic.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>aqoiy-chatbot<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Go to <strong>Aqoiy Chatbot &gt; Settings<\/strong> and create your account or enter your API key.<\/li>\n<li>Configure your widget colors, AI settings, and WooCommerce credentials.<\/li>\n<li>The chat widget will appear on your site automatically.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20require%20woocommerce%3F\"><h3>Does this require WooCommerce?<\/h3><\/dt>\n<dd><p>No. The chatbot works on any WordPress site. WooCommerce integration (product search, order lookup, stock check) is optional and activates automatically when WooCommerce is installed.<\/p><\/dd>\n<dt id=\"what%20ai%20model%20does%20it%20use%3F\"><h3>What AI model does it use?<\/h3><\/dt>\n<dd><p>Aqoiy uses Google Gemini AI models. You can configure the model in the AI Settings tab.<\/p><\/dd>\n<dt id=\"is%20my%20data%20secure%3F\"><h3>Is my data secure?<\/h3><\/dt>\n<dd><p>All data is stored securely on Firebase (Google Cloud). Communication uses HTTPS encryption. API keys are validated on every request.<\/p><\/dd>\n<dt id=\"how%20do%20i%20connect%20human%20agents%3F\"><h3>How do I connect human agents?<\/h3><\/dt>\n<dd><p>Install the Aqoiy Agent mobile app (iOS\/Android) or use the web dashboard at app.aqoiy.com. Agents receive real-time notifications when customers request human help.<\/p><\/dd>\n<dt id=\"what%20are%20the%20plan%20limits%3F\"><h3>What are the plan limits?<\/h3><\/dt>\n<dd><ul>\n<li><strong>Free<\/strong> \u2014 500 AI messages\/month<\/li>\n<li><strong>Standard<\/strong> \u2014 5,000 AI messages\/month<\/li>\n<li><strong>Pro<\/strong> \u2014 Unlimited AI messages<\/li>\n<li><strong>Business<\/strong> \u2014 Unlimited everything (contact us)<\/li>\n<\/ul><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Removed the \"Powered by Aqoiy\" badge option from the chat widget footer per WordPress Plugin Directory guidelines. Attribution no longer appears on any user-facing interface.<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Documentation: rewrote the <code>== External Services ==<\/code> section in readme.txt to enumerate every backend endpoint the plugin contacts, what data is sent, and when. Added a separate entry for the optional direct Google Gemini API path (BYO-key) and corrected the prior statement that no direct Google connection is made.<\/li>\n<li>Security\/hardening: the inline CSS variable block emitted by <code>Aqoiy_Chatbot::enqueue_widget()<\/code> (<code>--aqoiy-primary<\/code> \/ <code>--aqoiy-secondary<\/code>) now re-runs <code>sanitize_hex_color()<\/code> on the saved colour values immediately before they are interpolated, so the output is escape-late even if a stored option is corrupted by a future code path.<\/li>\n<li>Naming: renamed the custom <code>do_action( 'cache_flush' )<\/code> broadcast in the settings save path to <code>do_action( 'aqoiy_cache_flush' )<\/code> so the hook is properly prefixed.<\/li>\n<li>SQL hardening: every direct <code>$wpdb<\/code> query in <code>class-aqoiy-db.php<\/code>, <code>class-aqoiy-api.php<\/code>, <code>class-aqoiy-admin.php<\/code> and <code>uninstall.php<\/code> is now wrapped in <code>$wpdb-&gt;prepare()<\/code> using the <code>%i<\/code> identifier placeholder for table names. <code>Requires at least<\/code> bumped to 6.2 (when <code>%i<\/code> was introduced).<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Removed Origin\/Referer-only authorisation path from the storefront REST permission callback (<code>verify_widget_session<\/code>). The callback now requires either a matching HttpOnly <code>aqoiy_sid<\/code> cookie or a valid HMAC <code>sessionToken<\/code> \u2014 both unforgeable by off-origin scripted callers. Origin\/Referer headers, while useful, can be set freely by non-browser clients and are no longer accepted as proof.<\/li>\n<li>Added a public <code>\/aqoiy\/v1\/session-init<\/code> REST endpoint (<code>permission_callback =&gt; __return_true<\/code>) that mints a fresh sessionId + HMAC token and sets the HttpOnly cookie. The widget calls it lazily on first interaction only when the page-baked credentials are missing (e.g. served by an aggressive page cache). Resolves stale-credential issues on cached pages.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Storefront chat now works reliably across page-cache, host-header-stripping and cross-subdomain setups: the REST permission callback accepts any of three independent authorisation paths \u2014 HttpOnly <code>aqoiy_sid<\/code> cookie binding, HMAC sessionToken, or browser-enforced same-origin Origin\/Referer. The HMAC token alone is no longer required.<\/li>\n<li>Added <code>X-Aqoiy-Session<\/code> to CORS allow-headers.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Fixed login session not persisting after the 1.0.4 sanitisation hardening: internal credential saves are now routed through a dedicated trusted helper so they bypass the strict register_setting() callback while still being fully field-by-field sanitised at the call site.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Hardened storefront REST endpoints (chat \/ poll \/ csat \/ session-end) with a per-session HMAC authorisation token, replacing the previous public <code>__return_true<\/code> permission callback.<\/li>\n<li>Switched <code>register_setting()<\/code> to the array form with an explicit <code>sanitize_callback<\/code>, and made <code>sanitize_settings()<\/code> refuse to overwrite stored options when the page-context flag is missing.<\/li>\n<li>No user-facing changes; existing storefront chat, agent handoff and CSAT flows continue to work after update.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Added site authorization enforcement<\/li>\n<li>Improved security for multi-site accounts<\/li>\n<li>Fixed unauthorized site error handling<\/li>\n<li>Added X-Site-Url header for all API requests<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Initial release improvements<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Customizable widget (colors, icons, sizes)<\/li>\n<li>Light\/dark admin theme<\/li>\n<li>Sentiment analysis and auto-escalation<\/li>\n<\/ul>","raw_excerpt":"AI-powered support chatbot for WordPress &amp; WooCommerce. Answers questions, checks orders, manages stock, and handles returns.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/301335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=301335"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/hssoftware"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=301335"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=301335"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=301335"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=301335"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=301335"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=301335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}