BitBloom Chatbot for Chatkit

Embeds the ChatKit widget from OpenAI Agent Builder into WordPress pages. Independent integration by BitBloom; not affiliated with OpenAI.

Author:	BitBloom (profile at wordpress.org)
WordPress version required:	6.2
WordPress version tested:	6.9
Plugin version:	1.2.2
Added to WordPress repository:	15-11-2025
Last updated:	30-12-2025
Rating, %:	100
Rated by:	1
Plugin URI:	https://github.com/BitBloom-HQ/bitbloom-chatb...
Total downloads:	426
Active installs:	30+
Click to start download

BitBloom Chatbot for Chatkit lets you embed a published Agent Builder workflow into WordPress using OpenAI’s ChatKit UI.
Features a floating launcher, optional shortcode, theme controls (light/dark, accent color, radius, density, font), and server-side session creation with REST nonces (no API key in the browser).

Highlights
– Floating ChatKit launcher or inline embed via shortcode.
– One-time setup: paste your Workflow ID and Domain Public Key.
– Theme controls: color scheme, accent, radius, density, font.
– Secure: session created on the server; REST calls nonce-protected.
– Rate limiting: configurable per-IP hourly limit for session requests (default 20/hour).
– Privacy-friendly: user ID is a salted hash (no IP stored or sent by the plugin).

What you need from OpenAI
1. A published Agent Builder workflow (copy its Workflow ID).
2. Your Domain allowlist and Domain Public Key (Security Domain allowlist).
3. Active billing/credits in your OpenAI account.

Usage

Floating Launcher (auto)
– Once configured, the floating button appears on the front-end. Clicking it opens ChatKit bound to your published workflow.

Shortcode (inline chat)
Add to any post/page:
[bitbloom_chatbot_for_chatkit]

Security
– The plugin uses wp_rest nonces for the session endpoint and never exposes your OpenAI API key in the browser.

Privacy

The plugin computes an anonymized user identifier using a salt + user agent hash and does not send IP.
The plugin does not collect analytics or telemetry.
Data exchanged with OpenAI is limited to what’s required to run your configured workflow (message text, workflow ID, domain public key, and the anonymized user hash).
On uninstall, the option bitbloom-chatbot-for-chatkit_options is deleted.

External services

This plugin loads the ChatKit web component from OpenAI’s CDN and creates short-lived client sessions with OpenAI in order to render the chat UI.

• Service: OpenAI ChatKit (web component & sessions API)
• What for: Render the chat widget and let the agent run your workflow.
• Endpoints:
– CDN script: https://cdn.platform.openai.com/deployments/chatkit/chatkit.js
– Sessions API: https://api.openai.com/v1/chatkit/sessions
• What is sent and when:
– On page load, the browser downloads the ChatKit web component from the CDN.
– When the user opens the chat, WordPress calls the Sessions API server-to-server to mint a short-lived client_secret. The request includes:
* Your configured workflow ID
* A non-identifying, hashed “user” string derived from the site salt and the user agent (no PII)
• Privacy & Terms:
– OpenAI Terms: https://openai.com/policies/terms-of-use
– OpenAI Privacy Policy: https://openai.com/policies/privacy-policy

FAQ

The chat opens but doesn’t reply. What should I check?

The most common causes are:
– The workflow is not published in OpenAI’s Agent Builder.
– The site domain is missing from the Domain allowlist.
– Incorrect or missing Domain Public Key.
– No available OpenAI credits in your account.

Where do I put my OpenAI API key?

Add it to your wp-config.php file:
define(‘OPENAI_API_KEY’, ‘sk-proj-xxxxxxxx’);
Do not place the API key in the browser or inside the plugin settings.

Does the plugin store chat history or user messages?

No. The plugin does not store any conversation data on your server.
All communication is handled directly through the session created when the chat loads.

Does the plugin send my API key to the browser?

No. The API key remains server-side.
All browser requests use a WordPress REST route protected by a nonce.

Can I embed the chat inside a page instead of using the floating launcher?

Yes. Use the shortcode:
[bitbloom_chatbot_for_chatkit]

Can I customize the look of the chat?

Yes. You can change the color scheme (light/dark), accent color, radius, density, and font.

Is there a usage/rate limit in the plugin?

Yes. By default, the plugin limits session requests to 20 per hour per IP.
You can change this in the plugin settings (Rate limit per IP / hour) to any value between 1 and 99999.

The chat window shows an error when loading. What causes this?

Usually one of the following:
– Missing or invalid Workflow ID
– Incorrect Domain Public Key
– The WordPress site is blocking REST requests
– A security plugin is blocking nonces or AJAX

Does the plugin support caching plugins?

Yes. The launcher and UI are safe to cache, but the REST endpoints should remain uncached.
If you use aggressive caching (e.g., LiteSpeed, Cloudflare APO), exclude:
– /wp-json/bitbloom-chatbot-for-chatkit/*

Can I use multiple workflows on the same site?

Yes. The shortcode supports multiple instances when placed on different pages.

Does the plugin work on multisite?

Yes, but each subsite must configure its own Workflow ID and Domain Public Key.

Is this plugin GDPR-compliant?

The plugin does not store personal data, but the site owner is responsible for ensuring:
– A proper privacy notice
– Compliance with data handling when using OpenAI services

Hide FAQ

ChangeLog

Choose right WordPress plugin from thousands others in a moment

Usage

Privacy

External services

1.2.2

1.2.1

1.2.0