'Bot Composer Web Chat embed with secure token?
I have a Bot published from Bot Composer into Azure. The bot is a simple QnA Bot. I need to securely embed it within a webpage. The iframe embed code generated has the Bot Key embedded in the URL. How do I secure this so
- users cant see the Key,
- limit access to users from my tenant?
Thanks in advance.
Solution 1:[1]
Generally speaking, if you want to hide something from the end user, you need to place it somewhere where they do not have access to. Normally, you create some kind of script that is running in the backend of your webpage and deals with creating the tokens with your secret key. These "non-critical" tokens need be to be passed to your Web Chat. The limitation to your tenant user, you need to implement an authentication system.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | nameme |