Secure Input

Secure input allows a bot to collect sensitive information without storing it in chat history, and without needing to use a webview/detailview iframed form.

Secure Input should not be used to perform authorization (login, logout, password reset flows)


  1. A bot requests that the next input from a user be collected using the Secure Input node.
  2. The end user can either submit the sensitive information in a masked field, or cancel/deny the input. Redaction rules applicable to the rest of the bot processes and engagement adapter are not applicable here.
  3. Input can be validated using regex before it is accepted by the messenger.
  4. Data collected in a secure input node is de-referenced with a TTL at the edge before being processed by a bot.
  5. The ServisBOT API layer can dereference that sensitive data when making API calls to external systems
  6. Content processed through secure input expires after the TTL is up.


  • In order to use Secure Input, the organization needs to have an Enigma SB-App configured in the platform
  • A valid enigma instance running, and accessible to the web with authorization configured.
  • Secure input is only available using Flow or Action Flow workers.
  • Secure input is primarily a feature of our ServisBOT Messenger engagement adapter and not compatible with other engagement adapters.

ServisBOT offers access to a multi-tenant instance of enigma to all customers


SB-Apps can only be managed using the CLI. First, login to your organization using the cli.

Use the sb-cli sbapp create file.json command to create an an SB-App registration for enigma. Sample JSON config

  "Alias": "enigma",
  "Apis": [
  "AuthMode": "JWT",
  "Created": 1614945936946,
  "Endpoint": "ENIGMA_URL",
  "Managed": true,
  "Organization": "ORGNAME"
  • Endpoint: The url of your engima domain.
  • Managed: To use our default multi-tenant service, set this to true
  • AuthMode: JWT is the default auth mechanism provided

Enigma domains

Using Secure Input

To collect sensitive information from an end-user using secure input, simply use the secureInput node instead of a markup or input node.


  • Prompt: The message that will be sent to the end-user in the timeline
  • Success: The message that will be displayed when a user submitted content that passed any validation rules
  • Cancel: The message that will be displayed when a user canceled and exited secure input mode
  • Error: The message that will be displayed if there is an error or issue with processing the input
  • Hint Text: Text that will be displayed in the input field before the user types. If you have format expectations try mimicking it here. E.g. ###-###-####
  • Input Validation: When validation is required before accepting the input, regex rules can be used
    • Regex: Regex to be used
    • Error: message to display when the validation regex fails

Output will go out of the top port on a successful input to Enigma, the SRN for the input will be contained in “msg.payload.user.secureInputSrn”. In the event the user cancels the output will go out the middle port, and in the event of an error the output will go out the bottom.

Sending Sensitive data via BaaS

After input is received using secure input, when calling any API Connectors from Servisbot Flow, the value of msg.payload.user.secureInputSrn can be passed along to any BaaS field mappings. The API call made to the external service will contain the de-referenced value instead of the secureInput SRN