Create a chatbot
Create secured chatbot

Create Secured Chatbot

If you chatbot handles sensitive information, you can protect the chatbot, its contents, and the information captured from end users during their conversation with the chatbot.

Follow one or more of the options mentioned in the Secured Chatbot section.

This document explains the following security option:

Authenticated dialogs

This tutorial explains how to set up authorization for end users. The tutorial obtains credentials, such as customer ID or email address, from the end user and verifies them against the end user information that is stored in an external database.


API information that is required to connect your chatbot with your customer database


  1. You need an attribute to receive the identification information from end users. When you connect to your database, you can use this attribute to compare ID records. You also need an attribute to store the response from the external database.

    1. Go to the Attributes tab.
    2. Create the customer_id attribute to store the credentials from the end user.
    3. Create the auth_token attribute to store the response from the database.
    4. Set the scope of both attributes to Global because you will need them in multiple dialogs. Auth attributes
  2. Create a dialog to obtain the credentials from the end user. Example: Customer credentials.

    1. Drag and drop the Attribute element to obtain the customer ID. Store the end user's response in the customer_id attribute. Customer credentials dialog
    2. Drag and drop the To Dialog element under the Attribute element. After you set up an authenticated dialog, you can set the To Dialog element to that dialog.
  3. In the default dialog, route end users to the dialog in which you obtain credentials.

    Redirect the flow from the default dialog
  4. Create the authentication dialog.

    1. In the left pane, click Add Authentication Dialog. The Authentication dialog is created and contains the Authentication element. Authentication dialog option
    2. Delete the Authentication element. In later steps, you can add it in the required location. Delete Authentication element
  5. Connect to your customer database to verify whether the customer ID obtained from the end user matches the customer ID stored in the database.

    1. Drag and drop the API element. This element makes a call to the customer database.
    2. In the Headers section, include an authorization content type and set the value to the customer_id attribute. The system uses a GET request to ask your database whether the customer ID is a match. A success or failure status code is returned and is saved in the auth_token attribute. API authentication
    3. Drag and drop the Conditions element to handle success and fail codes. If the status code is 200, it indicates that authentication succeeded. Otherwise, authentication failed.
    4. Under the success condition, add the Authentication element.
    5. Under the failure (Else) condition, route the flow to a dialog that guides the end user with the next steps. Example: Try again, speak to a human agent, or end chat. Authentication fail
  6. Configure authentication timeout settings. In the Authentication dialog > Authentication element, set the timeout in minutes. Alternatively, select Never timeout authentication.

    The timeout starts from the time the end user authenticates. When the end user enters a dialog that is secured with authentication, the system checks to see whether the user is authenticated. The authentication status is saved as a Boolean value in the predefined attribute, authenticated.

    If the timeout has lapsed, the end user needs to re-authenticate. No progress is lost in the process when users are required to reauthenticate.

  7. You can now secure dialogs with authentication. In the required dialog, use the lock icon to enable authentication. When the end user enters this dialog, they are redirected to the Authentication dialog, either to perform authentication or to check the status of the authenticated predefined attribute.
    In the following image, the end user needs authentication when they enter the Customer details dialog. Only if the authentication succeeds, the flow within the dialog, starting with the text message, takes place.

    You cannot add authentication to the default dialog. For this dialog, use the To dialog element to redirect the end user to an authenticated dialog.

    Warning: If you disable authentication for a dialog, the authentication process is not carried out when the end user enters the dialog.

    Locked dialog

For authenticated dialogs, set up alternative chatbot actions in case end users are unable to authenticate. Example: Offer them the option to speak to an agent or direct them to another dialog that can help them.

Need assistance

Explore Infobip tutorials

Encountering issues

Contact our support

What's new? Check out

Release notes

Unsure about a term? See


Research panel

Help shape the future of our products
Service Terms & ConditionsPrivacy policyTerms of use