Advanced Usage

Advanced Usage

Dashbot Secret Key

If a secret key is provided, Dashbot will use this key to sign calls from Dashbot using HMAC with sha1.

An extra header will appear called x-dashbot-signature. This header will contain a signature that may be used to verify the request came from Dashbot in an unaltered state.

Specifically, the webhook calls that will be signed are the Pause URL and Send Message URL (used for both Live Person Takeover and Broadcast Messages).

Validating Payloads from Dashbot

Once your Dashbot secret key is set, each POST to your Pause URL and Send Message URL will be passed along with a hash signature.

Here is an example of how you might validate the Dashbot Header using nodeJS (using the req object from express, and the crypto package):

var dashbotSignature = req.header("x-dashbot-signature");
var crypto = require("crypto");
var textToVerify = JSON.stringify(req.body);
var secret = "nomoresecrets"; // it is best to store this as an ENV variable
var algorithm = "sha1";
var hash, hmac;
hmac = crypto.createHmac(algorithm, secret);
hash = "sha1=" + hmac.digest("hex");
if (hash === dashbotSignature) {
console.log("Dashbot Signature VERIFIED");
} else {
console.warn("Dashbot Signature INVALID");

Live Person Takeover

To enable the live person takeover pause feature, please follow the guide under the integration path you took to integrate your bot:

Integration / PlatformLive Person Takeover Guide

PII Redaction

If you are using the Dashbot NPM for integration, and you wish to remove personally identifiable information from the text, you may set a flag when you include the dashbot NPM. This will enable the redact-pii library prior to sending messages to Dashbot.

Install Dashbot via NPM

npm install --save dashbot

Include Dashbot

Change the inclusion of Dashbot from:

const dashbot = require('dashbot')(process.env.DASHBOT_API_KEY).facebook;


const dashbot = require('dashbot')(process.env.DASHBOT_API_KEY, {"redact":true}).facebook;

The example above is for Facebook bots, make sure to use the appropriate platform call when invoking the Dashbot npm.

Custom Redactor

Starting with the dashbot npm version 11.0.0, you may use your own, custom, redactor or configure your own options for the redact-pii library. For example, by default, the dashbot implementation of pii-redact does not redact ALL digits, but you may choose to do so by using the following custom redactor:

const { AsyncRedactor } = require('redact-pii');
const customRedactor = new AsyncRedactor();
const dashbot = require("dashbot")(process.env.DASHBOT_API_KEY, {
redact: customRedactor

Setting Timestamp

If you are using the REST API, you may explicitly send a timestamp value to ensure the proper timing of your messages. If you do not set this value, the time of the message will be set automatically according to when we receive your REST call.

Messages that are sent with a timestamp older than an hour will not be accepted, so do not use this feature for historical messages.

If you need to load messages that are older than an hour, please contact us.

To set the timestamp, set the value, in milliseconds, at the root level of the JSON you send to us.

To set timestamp

To set the timestamp, set the value, in milliseconds, at the root level of the JSON you send to Dashbot.

dashbot_timestamp: 1627996516303,
Edit this page on GitHub