Secure Authentication Workflow for Mobile SDK
The "ymAuthenticationToken" is a unique token that is used to connect the user's identity with the chatbot to fetch chat history (conversations between users and the bot). The chat history includes details such as user’s input, bot responses, and the date and time of the conversation.
To enhance security and protect the "ymAuthenticationToken" from unauthorized access, you can use the "secure YMAuthentication". This authentication provide additional security to your bot conversations.
The following are the steps involved in setting up secure YMAuthentication:
- Enable secure YMAuthentication:
Setconfig.useSecureYmAuthtotruein your bot configuration to activate secure YMAuthentication. - Obtain encrypted ymAuthenticationToken:
Initiate an API request to acquire an encrypted ymAuthenticationToken. - Set ymAuthenticationToken:
During bot initialization, set the obtained ymAuthenticationToken toconfig.ymAuthenticationToken. - Handle token expiry:
When the token expires, you will receive an event with the codeym-revalidate-token, containing data in the form of{ "refreshSession": true|false }. - Retrieve a new token:
Create another API request to retrieve a new encrypted ymAuthenticationToken. - Update configuration:
Once you receive the new token, update the configuration’s ymAuthenticationToken with a new value. - Revalidate the token:
Pass this updated token, along with the "refreshSession" value (obtained earlier), by invoking the revalidateToken function from the Chatbot SDK. This action revalidates the token and refreshes the chat session. - Handling invalid tokens:
If the token is found to be invalid, you will receive anotherym-revalidate-tokenevent (up to 3 incorrect attempts). Follow the above steps to revalidate the token. After three unsuccessful attempts, if the token remains invalid, you will be directed to an error page with a Try again option.
info
For detailed steps, refer this guide.