Skip to content

Implementing Token-Based Authentication for Test Cases

A common requirement for chatbot testing is to implement token-based authentication.

  • A chatbot client knows about the autenticated user - there is a client-based mechanism for user authentication in place (Cookies ? Web-App Login?)

  • For starting a chatbot conversation, the chatbot client has to transmit some kind of user authentication token to the chatbot engine to initialize the user context in the conversation

  • The authentication token is available by calling an API

If your requirements are similar to this, head on - here are the step by step instructions how to

  • Setup Botium to query an API for an authentication token before starting a test session

  • Use this authentication token in the test cases

1. Implement Botium Hook to Retrieve API Token

In Botium Box, head over to the Chatbot and open Settings / Connector Settings.

  1. Enable the Advanced Mode switch

  2. Add a new capability with name CUSTOMHOOK_ONBUILD and type Javascript Code

  3. In the Capability Value field, you can now add your own custom Javascript Code to call your API to retreive token. For this sample, we are calling a public dummy API and we are using one of the returned JSON fields as token (see code below).

  4. The dummy token is written to the Botium Capability MYTOKEN

Here is the Javascript code for Copy&Paste:

module.exports = async ({ container, request }) => {
  return new Promise((resolve, reject) => {
    const requestOptions = {
      method: 'get',
      uri: '',
      json: true    
    request(requestOptions, (err, response, body) => {
      if (err) return reject(err)
      container.caps.MYTOKEN = body.title

2. Use the Token in the Test Case

We can use the Botium Scripting Memory to use the dummy token in our convo files. Add a convo file in your Test Set.


Do not forget to enable the Scripting Memory in the Scripting Settings of the Test Set!

Here is the BotiumScript for Copy&Paste:

Greet the bot

/chatid $cap(MYTOKEN)


We are using the $cap Scripting Memory function to use the capability named MYTOKEN within the convo file.