Authorization or access tokens are used in token-based authentication applications and external services to access an API.
The external service receives an auth token after a successfull authentication, and then it passes the auth token as a credential whenever it calls an API. The auth token confirms to the API that the external service was already authorized to access the API.
The operation is as follows. The user authenticates in your application, either with a username / password, or through some temporary code provided to access a service. From then on, each HTTP request made by the user is accompanied by a Token in the header. This Token is usually an encrypted signature that allows your API to identify the user.
You can design your conversation so your chatbot will ask for login information from the user to generate an auth token, and then use that auth token throughout the conversation with that same user to perform any type of API based requests.
Note: Authorization tokens are only available for chatbots in messaging apps (WhatsApp, Facebook, etc.), SMS and the phonebot, not for the web, mobile and desktop chatbot.
To authenticate and generate the token, go to Scripts>Authorization Token.
You can choose to get the auth token by a GET or POST method. We suggest to choose the POST method (is more secure).
Enter a unique id and continue.
You will be prompted to enter questions and Fields. The questions will tell the user which type of information is needed, for example "What is your username".
The post field is the name of the field which will send that information. For example to send both username and password with the format {"username":"some string", "password": "some string"} you would have to enter something like this:
Also enter the url of your auth service.
The next section will ask for the TTL, or time to live. Enter the number of seconds for expiration. If the service will output the auth token with a json format, mark the "is json" box and enter the path or name of the field where it will be.
Now save.
You can generate and use an auth token by including the authorization component you created in the previous step inside your scripts.
Go to Scripts and create a new script. Click "Other" in the control bar. Here you will be able to access the component you just created. Click on Auth Token.
Select the id of the component from the list and save.
You need to add the Auth Token component before you are going to use it, so think about the flow of your script beforehand.
To access restricted information by using the token, you can use the Web Service component. The web service component will call an external API to request information and parse the response.
To use the auth token just insert {authtoken} inside the url (GET request), inside a JSON POST field (POST request), or as a header.
When using the token in the header of the request, use: {"Authorization": "{authtoken}"}
The webservice will call that url and provide the access token generated by the user authentication.
Phonebot based authentication to generate the access token is also possible, especially if it is done through the keypad. When creating the Authorization Token component, select Validation by number.
Selecting this option will force the caller to use the keypad to enter any information.
