Developers
APIs and SDKs
General
Rate Limits
Rate Limits Overview
Current Rate Limits
Errors
API Errors
Gateway Errors
Authorization
API Authorization
Auth API Overview
API Routes
Signing API requests
User Authorization
OAuth Integration
OAuth scopes & resources
Using UPS Tokens
API Resources
Security
Security Overview
Authorization flows
Integration scenarios
Regions and Endpoints
Tracking
Tracking overview
Events
Content sources
Cookies and Data Collection
Reporting
Reporting API Overview
API Routes
API Definitions
API Change Log
NL Interpreter
NL Interpreter Overview
NL Interpreter API
API Setup
API Routes
API Definitions
API Change Log
Chatbot
Chatbot Overview
Chatbot API
API Setup
API Routes
API Definitions
API Tracking Guidelines
External Chat Tracking
API Answer types
API Direct answers
Webhooks
API Change log
Editor API
Editor API Setup
Webhook upon saving
Editor API Routes
Editor API Definitions
Editor API Change Log
Chatbot JS SDK
SDK Setup
SDK Configuration
SDK Customization
SDK Adapters
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Language Detection overview
Unexpected Languages
Knowledge
Knowledge Overview
Knowledge API
API Setup
API Routes
API Definitions
API Tracking Guidelines
API Change log
Editor API
Editor API Setup
Webhook upon saving
Editor API Routes
Editor API Definitions
Editor API Change log
Knowledge JS SDK
SDK Setup
SDK Configuration
SDK Customization
SDK Builder
SDK HTML Example
SDK Components
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Integration Options
Unexpected languages
Tracking across languages
Search
Search Overview
Search API
API Setup
API Routes
API Definitions
API Tracking Guidelines
API Change log
Search JS SDK
SDK Setup
SDK Configuration
SDK Builder
SDK Components
SDK Filter Components
SDK Search Store
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Integration Options
Tracking across languages
Messenger
Messenger Overview
Messenger API
API Setup
API Routes
API Definitions
Webhooks
Using IQL
Case history actions
API Change log
Messenger JS SDK
SDK JS-Client
SDK Subresource integrity
SDK Change log
HyperChat API
API Setup
API Routes
API Definitions
Webhooks Overview
Webhook Events
API Change log
HyperChat JS SDK
SDK JS-Client
HyperChat adapter
SDK Subresource Integrity
SDK Change log
Chatbot Chatbot API Webhooks Using Webhooks To Detect Logged In Users

Using Webhooks To Detect Logged In Users

You can use webhooks to detect whether or not a user is logged in. This can be useful when you want an end user to carry out a transaction within the chatbot that requires information unique to this user (e.g. a consultation of prior purchase records). The following steps reflect the recommendation of Inbenta for the best and most secure practices.

Required setup

User authentication system

Your service will need a user authentication system that generates a user token. You can generate a user token from your own login system with a user directory or by using Single Sign-On (SSO).

Suggested architecture with encrypted user token
Suggested architecture with SSO

Webhook

You will also need a webhook that accepts the user token as a parameter and that will perform the action. After creating the webhook, complete these steps in your Inbenta Chatbot App:

  1. Create a new Chatbot variable to store the user token (This link opens the Inbenta Help Center. You need an Inbenta account to see this page). Set the detection scope of the variable to Validation Only and enable Hide in Logs and UI.
  2. Create a new action using the webhook URL (This link opens the Inbenta Help Center. You need an Inbenta account to see this page). Whenever you need to send the user token in an action, add the token variable to the input parameters of this action.

Each of the following steps corresponds to the same numbered step in the image below:

  1. Authenticate the user in the external customer service
    • The website where the Chatbot is embedded needs to include a login page. This login page will authenticate the user.
  2. Generate user token
    • The login page should generate an identifying token after authenticating the user. Inbenta strongly recommends that you generate encrypted tokens with an expiration time to avoid security issues.
  3. Receive the user token in the Chatbot integration
  4. Send the received user token to the Chatbot API
    • Store the user token value in the new Chatbot variable using either the POST /conversation/variables endpoint of the Chatbot API or the addVariable method of the Chatbot SDK.
    • You may repeat this step any time you refresh the user token. This is optional. The webhook then receives the user token and this action is fully responsible for checking the token's status.
  5. Start an intent with the webhook action previously configured
    • Make sure that you validate the given token before you execute the action. Inbenta recommends to check:
      • whether or not the token is expired, and
      • whether or not the user authenticated by the token has the permissions required to perform the action. If the token is invalid, return an exception.
  6. After completing the intent, the Chatbot API sends the user token parameter to the External customer service
  7. Verify the user token in the external customer service
    • If the user token is not valid:
      • keep in mind that if a webhook is included within a dialog and the Chatbot receives an "error" status for this webhook, it automatically finishes and exits this dialog.
      • the webhook can return a user-friendly error message to report that the user is not logged in and that the action cannot be performed.
  8. Receive verification status in the Chatbot API.