BaaS Secure Session
Secure Session configured with a BaaS api-connector
requires the following:
- A hosted Authorization API that can validate a user’s
conversational context
- A BaaS
api-connector
that that can mapconversational context
into a call to the hosted API
The overall process can be summarized as:
- The
conversational context
is configured on initialization with an item(s) that can identify the user - The first message into the bot from the user results in a BaaS
api-connector
invocation that triggers the Authorization API. If the call is successful, the message continues to ingress, if not, the message is blocked. - The same call happens each time the
ValidationInterval
expires. More details for this are given below.
Configuring the BaaS
The first step is configuring the BaaS api-connector
that can communicate with the Authorization API, an example is shown below:
{
"Method": "POST",
"Endpoint": "https://my-authorization-api.com/VerifyToken",
"Headers": {
"Authorization": "srn:vault::acme:secret:my-authorization-api-key"
},
"Alias": "SecureSessionBaaS",
"RequestMapping": {
"tokenToVerify": {
"type": "requestBody",
"requestBodyPath": "$.token",
"inputPath": "$.secureTokenForUser"
}
},
"ResponseMapping": {},
"Type": "api-connector",
"Body": {}
}
This BaaS does the following:
- Authenticates with the Authorization API using an API Key that is stored in a secret within the ServisBOT platform via the
Authorization
header. The Authentication on the API will depend on your specific implementation. - Maps the
secureTokenForUser
into thetoken
field in the body of the request.secureTokenForUser
is assumed to be at the root level of theconversational context
in this instance.
The Authorization API
The implementation of the Authorization API will vary across different use cases. To use the BaaS api-connector
above, the API must do the following:
- Use an API Key as it’s own form of Authentication
- Inspect the body of the request for
token
and verify it is a valid - Return a status code of
200
for success,4xx
for failure
Configuring the Bot
An example bot configuration is shown below:
{
"State": "RUNNING",
"SecureSession": true,
"SecureSessionConfig": {
"Type": "baas",
"ValidationInterval": 60,
"ApiAlias": "SecureSessionBaaS"
},
"Workers": [
{
"Type": "nlp-worker",
"Id": "6cefded5-7c09-4e67-ad81-6dc0f96b6462"
}
],
"QuietTimeEnabled": false,
"NluManagementMode": "ServisBOT",
"Persona": "AIBot",
"Organization": "engjohn",
"DisplayName": "BurgerBot",
"Id": "sbIuyRQdU",
"Name": "securebot"
}
Taking a closer look at the Secure Session configuration:
"SecureSession": true,
"SecureSessionConfig": {
"Type": "baas",
"ValidationInterval": 60,
"ApiAlias": "SecureSessionBaaS"
},
- SecureSession - set to
true
to enable Secure Session - SecureSessionConfig.Type: set to
baas
to enable the check against theSecureSessionBaaS
api-connector
- SecureSessionConfig.ApiAlias: The alias of the
api-connector
to use - SecureSessionConfig.ValidationInterval: The frequency (in seconds) that the check against the Authorization API will take place. A very low value will increase load on the Authorization API and decrease Bot performance.
Last updated on