Search code examples
node.jsbotframeworkazure-bot-service

Microsoft Bot Framework (SDK4 Nodejs) : How to make the bot perform some action like customer authentication using api?

I want the Microsoft Bot Framework Chat Bot to verify my customer using freshservice api.

I have already asked the user for their username and password (corresponding to the : company-domain.freshservice.com) and stored the customers details using state accessor (As shown in the docs provided for SDK4 of Microsoft Bot Framework). Now after obtaining the details, I want the bot to send a http request to freshservice api and authenticate the customer. And display the result of the authentication of the bot to the Chat window (Currently the Bot Framework Emulator). Please help as I am not able to figure out a way to do it.

Solution

  • The Freshservice API is built around CURL, so it's a little difficult to see how to use it in Node. I've taken the first example and converted it for you:

    From:

    curl -u [email protected]:test -H "Content-Type: application/json" -X GET https://domain.freshservice.com/helpdesk/tickets.json

    To:

    // Convert to base64
const loginInfo = Buffer.from(`${ username }:${ password }`).toString('base64');
const response = await axios.get(`https://<yourDomain>.freshservice.com/helpdesk/tickets.json`, {
    headers: {
        'Content-Type': 'application/json',
        Authorization: `Basic ${ loginInfo }`
    }
});
await context.sendActivity(JSON.stringify(response.data, null, 2));

    This will result in the full JSON response:

    enter image description here

    How you choose to display that will be up to you.

    Notes:

    • You'll need to install axios (or some other service that can make GET requests) npm i axios
    • Freshservice supports OAuth, which is also supported in BotFramework
      • I HIGHLY recommend going this route because it will mean you don't have to figure out storing and encrypting user login information. It's significantly more secure and less of a headache for you. Basically, instead of storing user/pass, it will present the user with a login prompt. When logged it, it returns a token that you'll store and use that to make requests. Now, if an attacker wanted to steal usernames and passwords, their only route to do so is the Freshservice API. If you're storing user/pass yourself, they can also try to attack your bot client, bot conversation history, and your bot storage.
      • To get started, read Add authentication to your bot and use the Bot Authentication Sample as a guide.