Conversational Actions will be deprecated on June 13, 2023. For more information, see Conversational Actions sunset.

Verifying requests (Dialogflow)

Stay organized with collections Save and categorize content based on your preferences.

Requests to your conversational webhook are signed with an authorization token in the header, using the following format:

authorization: "<JWT token>"

The auth token follows the JSON Web Token format, where the audience field value is equal to the Actions Console project ID for the app. To verify the signature, unpack the token and ensure the audience field matches the project ID for the app. This can be done with a JWT-compatible credentials library, like the Google APIs Node.js client, or directly using the Actions on Google Node.js Client Library ActionsSdkOptions#verification option.

const {actionssdk} = require('actions-on-google');

const app = actionssdk({verification: 'nodejs-cloud-test-project-1234'});
// HTTP Code 403 will be thrown by default on verification error per request.