Secure communications between rasa core and custom action server


We have a multi-tenant API. Clients are identified and secured by client SSL certificates. User identification is via JWT tokens.

We are implementing a Rasa chatbot for one of our clients. We want to add a webhook endpoint to our API to act as the custom action server.

Therefore can we:

  1. apply a client certificate to the request between rasa core and our action server.
  2. pass a JWT token between rasa core and our action server to securely identify the user.

It is not clear if this is possible without modifying the rasa source.