Kore.ai’s Platform supports various authentication models that can be configured at a task-by-task level for each bot. This allows for flexibility to have both authenticated and unauthenticated tasks in the same bot configuration. You may need to define how a user must authenticate to initiate the action task. For example, a banking bot can have an action task using web services that require an end-user to authenticate, usually with a log-on username and password, to allow Kore.ai to access the end-user account for data before executing the action task.
We support the following types of authentications methods:
- Basic Auth – A standard protocol to collect username and password information. Kore.ai uses SSL encryption in combination with basic authentication to help secure end-user information.
- OAuth v2 password grant type – Allows for the definition of a custom authorization type for non-standard web service authorization types.
- OAuth v1 – Enables web applications or web services to access protected resources using an API, without end-users having to disclose their log-on credentials to Kore.ai.
- OAuth v2 – This is the newest version of the OAuth protocol, focusing on enabling specific authorization flows for web applications and web services.
- API Key – This is an identification and authorization token generated or provided by a web application or web service that is then used to identify the incoming application request, and in some cases, also provides authentication for secure access.
Additionally, when designing bots that will be offered in the Platform’s web or mobile SDK channels, an enterprise customer’s current web and mobile apps could already pass-in or provide the authentication token and user identity information to the bot context as the SDK initializes. This allows you to leverage existing authentication and authorization settings for the end-users so it silently authenticates the user as they start engaging with the bot.