Request POST Īuthorization: Bearer RCurR_8xpy8qbOF5xnR2vtCX7CZj0LdjAPGfiCpg4Fv0 The following snippets provide an example of the Generate Token request and response. In the Authorization header of this request, replace SECRET with the value of your Direct Line secret. Then issue this request to exchange your Direct Line secret for a Direct Line token: POST To generate a Direct Line token that can be used to access a single conversation, first obtain the Direct Line secret from the Direct Line channel configuration page in the Azure Portal. You can obtain a Direct Line secret via the Direct Line channel configuration page for your bot in the Azure Portal: This enables you to revise your keys independently and lets you share client tokens without disclosing your bot's password. Your Direct Line client credentials are different from your bot's credentials. Choose the security model that works best for you. If you're writing an application where the client runs in a web browser or mobile app, you may want to exchange your secret for a token (which only works for a single conversation and will expire unless refreshed) and specify the token in the Authorization header of Direct Line API requests. If you're creating a service-to-service application, specifying the secret in the Authorization header of Direct Line API requests may be simplest approach. Generally speaking though, security is a concern if you're trying to persist user data.įor more information, see section Security considerations. As matter of a fact, this is the default behavior because this allows Direct Line to figure out if the client is legitimate. A token expires but can be refreshed.ĭeciding when or if to use the secret key or a token must be based on security considerations.Įxposing the secret key could be acceptable if done intentionally and with care. Secrets do not expire.Ī Direct Line token is a key that can be used to access a single conversation. A secret can also be used to obtain a token.
The secret or token should be specified in the Authorization header of each request, using this format: Authorization: Bearer SECRET_OR_TOKENĪ Direct Line secret is a master key that can be used to access any conversation that belongs to the associated bot.
A client can authenticate requests to Direct Line API 3.0 either by using a secret that you obtain from the Direct Line channel configuration page in the Bot Framework Portal or by using a token that you obtain at runtime.
0 kommentar(er)
