Verifying requests (Dialogflow)
Stay organized with collections
Save and categorize content based on your preferences.
Requests to your conversational webhook are signed with an authorization token
in the header, using the following format:
authorization: "<JWT token>"
The auth token follows the JSON Web Token format
,
where the audience field value is equal to the Actions Console project ID for
the app. To verify the signature, unpack the token and ensure the audience field
matches the project ID for the app. This can be done with a JWT-compatible
credentials library, like the Google APIs Node.js client
,
or directly using the Actions on Google Node.js Client Library ActionsSdkOptions#verification
option.
const
{
actionssdk
}
=
require
(
'actions-on-google'
);
const
app
=
actionssdk
({
verification
:
'nodejs-cloud-test-project-1234'
});
//
HTTP
Code
403
will
be
thrown
by
default
on
verification
error
per
request
.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License
, and code samples are licensed under the Apache 2.0 License
. For details, see the Google Developers Site Policies
. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-18 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["\u003cp\u003eConversational webhook requests are signed with a JWT token in the authorization header for security.\u003c/p\u003e\n"],["\u003cp\u003eThe JWT token's audience field should match your Actions Console project ID for verification.\u003c/p\u003e\n"],["\u003cp\u003eYou can verify the token using JWT libraries or the Actions on Google Node.js Client Library's built-in verification option.\u003c/p\u003e\n"]]],["Requests include an authorization header with a JSON Web Token (JWT). The token's audience field must match the Actions Console project ID. Verify the token's signature using a JWT library or the `ActionsSdkOptions#verification` option in the Actions on Google Node.js Client Library. This can be set using the `actionssdk` method with the project ID. Failure to verify will result in a HTTP 403 error.\n"],null,["# Verifying requests (Dialogflow)\n\nRequests to your conversational webhook are signed with an authorization token\nin the header, using the following format: \n\n authorization: \"\u003cJWT token\u003e\"\n\nThe auth token follows the [JSON Web Token format](https://tools.ietf.org/html/rfc7519),\nwhere the audience field value is equal to the Actions Console project ID for\nthe app. To verify the signature, unpack the token and ensure the audience field\nmatches the project ID for the app. This can be done with a JWT-compatible\ncredentials library, like the [Google APIs Node.js client](https://github.com/google/google-auth-library-nodejs),\nor directly using the Actions on Google Node.js Client Library\n[`ActionsSdkOptions#verification`](https://actions-on-google.github.io/actions-on-google-nodejs/interfaces/actionssdk.actionssdkoptions.html#verification) option. \n\n```gdscript\nconst {actionssdk} = require('actions-on-google');\n\nconst app = actionssdk({verification: 'nodejs-cloud-test-project-1234'});\n// HTTP Code 403 will be thrown by default on verification error per request.\n```"]]
