Secure communications between rasa core and custom action server

chascoppard · March 3, 2021, 11:37am

Hi,

We have a multi-tenant API. Clients are identified and secured by client SSL certificates. User identification is via JWT tokens.

We are implementing a Rasa chatbot for one of our clients. We want to add a webhook endpoint to our API to act as the custom action server.

Therefore can we:

apply a client certificate to the request between rasa core and our action server.
pass a JWT token between rasa core and our action server to securely identify the user.

It is not clear if this is possible without modifying the rasa source.

Topic		Replies	Views
Retrieve the JWT token inside a custom action Rasa Open Source	2	580	September 24, 2022
JWT Based Auth Rasa Open Source	4	3676	February 4, 2022
Need clarity on RASA-X REST API? [Deprecated] Rasa X Community Edition	1	1488	August 28, 2019
Passing Request headers from core server to action server Rasa Open Source	4	1585	September 6, 2023
External API call with access token retrieved from user's input Rasa Open Source	4	967	April 8, 2019