Challenge
You want to restrict access to a REST endpoint so that only authorized requests will be answered by the flow.
Solution
You can use the Input Transformer of a REST endpoint to achieve this.
The process would be to require any request made to the endpoint to include a secret token that is set within the transformer. The transformer would then filter any requests and check that this exact token has been included. If the token is found, proceed with allowing the bot to respond, if not, return a 401 unauthorized error.
You can find an example of the Input transformer code required to achieve this below:
handleInput: async ({ endpoint, request, response }) => {
const userId = request.body.userId;
const sessionId = request.body.sessionId;
const text = request.body.text;
const data = request.body.data;
if (request.body.token == "testToken") {
return {
userId,
sessionId,
text,
data
}
} else {
response.sendStatus(401);
return null;
}
},
}
With this input transformer in place, your REST endpoint requests must include the "token" = "testToken" as a parameter in the request body.
MG - 20210415
Comments
0 comments