As of May 31, 2023, you can only authenticate REST API calls from a messaging bot using API connections. A messaging bot can make REST API calls using the bot builder's Make API call step.
Before the release of API connections, admins could authenticate REST API calls from a messaging bot by passing credentials in request headers. API connections are a more secure, convenient way to store these credentials.
Disallowed authentication headers
After May 31, 2023, Make API call steps that include authentication-related headers will automatically fail. These include the following headers:
authorizationx-api-keyx-api-token
If a Make API call step fails, the conversation follows the step's API call failed branch.
Updating the Make API call step to use connections
To avoid disruptions, create API connections to store any API credentials used by your messaging bots. Then update any related Make API call steps in each bot's answers to use API connections for authentication.
To update a Make API call step to use an API connection
- If an API connection doesn't already exist for the credential, create one in Admin Center. See Creating API connections for the bot builder.
You can use the same API connection across several bots and Make API call steps.
- On the Answers tab of the bot’s edit page, click Edit to access the bot builder for the answer.
- In the bot builder, click the Make API call step.
- In the step, use the Authentication drop-down to select the related API connection.
- Under Headers, delete any authentication-related headers.
- Click Make API call to test the API call using the API connection's credentials.
- Click Done in the upper right corner of the bot builder.
- Publish the bot to deploy your changes.