Kore.ai Bot Builder Platform’s Enterprise Integration Framework provides support for multiple authentication models that can be configured at a task-by-task level for each bot, for a bot to use both authenticated and unauthenticated tasks in the same configuration. Developers can build custom authentication profiles for chatbots with support for defining subdomains through tenancy URLs, adding new fields through IDP form fields, and more and test and validate the authorization definition before moving on to the next steps in the bot building process. The Platform can also pass in or provide user identity information and authentication tokens to the bot context as the web and mobile SDK initializes, so your chatbot can leverage existing authentication and authorization settings for end users.
Supported Authentication Models
Configure authentication for your chatbot to access third-party web services, with support for the following authorization types. The tool lets you quickly enable one authentication profile across all bots and tasks, or create custom profiles for each bot and task:
- Basic Auth – A standard protocol to collect username and password information. Kore.ai uses SSL encryption in combination with basic authentication to help secure end-user information. For more information, see Setting Up Authorization using Basic Auth.
- OAuth v2 password grant type – Define a custom authorization type for non-standard web service authorization types. For more information, see Setting Up Authorization using OAuth v2 password grant.
- OAuth v1 – Enables web applications or web services to access protected resources using an API without end-users having to disclose their login credentials to Kore.ai. For more information, see Setting Up Authorization using OAuth v1.
- OAuth v2 – The newest version of OAuth protocol focusing on specific authorization flows for web applications and web services. For more information, see Setting Up Authorization using OAuth v2.
- API Key – An identification and authorization token generated or provided by a web application or web service used to identify the incoming application request, and in some cases, also provides authentication for secure access. For more information, see Setting Up Authorization using an API Key.