Knowledge Base


Custom CSS

Talki will automatically detect the CSS of a site, but for advanced users who want full control, Talki supports Custom CSS for Pro accounts (plans & pricing).

The information below only applies to Pro accounts and higher.

To append and overwrite styles in the existing Talki CSS

<script type="text/javascript">
window.chatter_options = {
    'css_append': 'http://example.com/my.css'
<script src="http://EXAMPLE.embed.talkiforum.com/embed/1.js" type="text/javascript"></script>

To completely replace all CSS, place the following code inside your opening & closing script tags:

<script type="text/javascript">
window.chatter_options = {
    'css_replace': 'http://example.com/my.css'
<script src="http://EXAMPLE.embed.talkiforum.com/embed/1.js" type="text/javascript"></script>

We recommend using the tool Firebug on Firefox to examine the CSS classes and ids on your Talki forum to know how to style them.

SSO - Single Sign On API


<script type="text/javascript" src="http://<shortname>.<hostname>.embed.talkiforum.com/embed/1.js?<arguments>"></script>

Without arguments the forum is embedded without any SSO relying on third party authentication.

Possible arguments for SSO:

  • (required) uid - unique user id
  • (required) name
  • (required) ap - authentication provider name (use 'site' for single site SSO)
  • (required) sig - signature
  • (required) expires - GMT timestamp at which the signature will expire
  • (optional) level - 10 = member, 50 = moderator, 100 = admin
  • (optional) email
  • (optional) avatar_url - url to an image that is expected to be 50x50
  • (optional) profile_url
  • (optional) login_url

Required for generating signature but not required as a query argument:

  • domain - shortname.hostname (e.g. offtopic.lefora)

GMT timestamp generation example: python: int(time.time() + 602) php: php()+602

SSO Signature

argument = name=value
serialized_arguments = argument&argument&... # arguments sorted by 'name', exclude empty values
signature = url_safebase64(hmac(serialized_arguments, secret_key, sha1))

URL Safe Base64:

+ replaced with -
/ replace with _


ap: talki
uid: 1
name: Bender
expires: 1265673544
domain: general.talki
email: test@example.com

serializes to:


signature is (if secrey key is 'topsecret'):


Python code to generate signature from a dictionary:

import base64
import hashlib
import hmac
from urllib import quote_plus

def serialize_fields(fields):
    """Return a string of the form 'key=value&key=value' where keys are sorted."""
    return "&".join(
        "%s=%s" % (
            k, quote_plus(v.encode('utf-8') if isinstance(v, unicode) else str(v))
        ) for k, v in sorted(fields.items()) if v)

def generate_signature(fields, secret_key):
    """Return a signature for the dictionary 'fields'"""
    data = serialize_fields(fields)
    signature = hmac.new(str(secret_key), data, hashlib.sha1).digest()
    return base64.urlsafe_b64encode(signature).rstrip('=')

PHP code to generate signature from an array:

function serialize_fields($fields) {
    $data = array();
    foreach ($fields as $key => $value) {
        if ($value != "") {
            $data[] = "$key=" . urlencode($value);
    return join("&", $data);

function urlsafe_base64_encode($value) {
    $res = base64_encode($value);
    $res = str_replace("+", "-", $res);
    return str_replace("/", "_", $res);

function generate_signature($fields, $secret_key) {
    $data = serialize_fields($fields);
    $signature = hash_hmac("sha1", $data, $secret_key, TRUE);
    return urlsafe_base64_encode($signature);

Additional Arguments

The following are additional arguments that should not be included in the SSO signature generation:

  • lang - refers to the language code, IS0 639-1. For example, lang=es for Español or lang=en for English.