The following snippets provide examples of the generate token request and its response. Replace with the value of the secret you obtained in Step 1. Issue the following request in your service code to exchange the secret for a token. For more information, see the section Get Direct Line token in the Add bot to mobile and custom apps topic for more information. You can generate a token that can be used when starting a single bot conversation. To regenerate the secret, select Regenerate next to the secret.Īny user that is connected using the original secret or a token obtained from that secret will be disconnected. Once the secrets are swapped and your users are all connected using the new secret, you're safe to regenerate the secret. You can swap the secret being used with the other one. Power Virtual Agents provides you with two secrets, which work simultaneously. If you need to change the secret being used by your bot, you can do so without any downtime or interruption. A warning prompt will appear before you can reveal it. Select Copy for either Secret 1 or Secret 2 to copy it to the clipboard. Then select the Web channel security tile. In the navigation menu, under Settings, select Security. You'll need the secret so you can specify it in your app's authorization header requests or similar. We strongly discourage exposing the secret in any code that runs in the browser, either hard-coded or transferred through a network call.Īcquiring the token using the secret in your service code is the most secured way to protect your PVA bot. Tokens only work for a single conversation and will expire unless refreshed.Ĭhoose the security model that works best for your situation. When you're making the request to acquire the token in your service, specify the secret in the authorization header. If you don't use a token, your secret can be compromised. If you're writing an app where the client runs in a web browser or mobile app, or otherwise the code might be visible to customers, you must exchange your secret for a token. If you're creating a service-to-service app, specifying the secret in the authorization header requests may be the simplest approach. Disabling secured access can take up to two hours to propagate. If you need to disable the web channel security option, you can do so by switching Require secured access to Disabled. You should plan ahead to avoid exposing your bot unintentionally. You do not need to publish the bot for this change to take effect. Until then, the previous setting will be in effect. Once "Require secured access" is enabled or disabled, the system can take up to two hours to propagate the settings and take effect.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |