Generally, chatbots are called with artificial intelligence, natural language processing and lots of frameworks, and tons of tools around. They are all useful, but do we really need those? Or, are they making us blind about core knowledge? Facebook Messenger chatbot development requires 3 basic knowledge indeed; security, payloads and permissions.

Facebook Messenger Chatbot Basic Needs

Security / Request Verification

Facebook Messenger chatbot is using two HTTP verbs to communicate with your endpoints:

GET: It is used once to verify the token given by you, generally it is called on the setup to verify you get the right information from Facebook. POST: Facebook transfer all other data to your backend(chatbot) using HTTP POST verb. All data transferred using POST verb, also comes with the SHA1 signature of the ‘body payload’ in the HTTP header called “X-Hub-Signature”. For security, it is best practice to verify this signature on every request.

You may also want to read more about webhooks on Facebook guide.

Input Payload Formats

Facebook Messenger provides data payload in two basic formats:

Free Text: It is a free format information what user writes to a Facebook Page’s chat box. It comes with //{…, “message”: {…, “text”: “some data”},…}// ‘message.text’ key in the payload (Valid for the date: 01.06.2o17) This free text generally requires a good parser and may be a NLP depending on your bot functionality. User Defined Payload: It is a formatted information by the chatbot. This is the data you pass to Messenger and get back when user interact with a button, quick reply, menu button or other interaction points. This is one of the most helpful feature of Facebook Messenger chatbot development. This allows you to send and get back same data from the user, when user interact with the ‘action’.

Permissions

Currently (01.06.2o17), Facebook provides 3 types of permission for the chatbot interactions:

pages_messaging: Enables your app to send and receive messages using a Facebook Page. This permission must be taken, to go live. Otherwise, your users won’t be able see the ‘Get Started’ button, and can not take any interaction with your bot. pages_messaging_subscriptions: Enables your app to send messages using Facebook Pages at any time after the first user interaction. This permission can’t be used to send advertising or promotional content. pages_messaging_phone_number: Enables your app to match phone numbers you already have to Messenger accounts. In order to use this permission, your app must be already approved for the Send/Receive API and based in the US.

Lastly, before starting development of a chatbot for Facebook Messenger platform, it is always a good idea to start looking developer documentation and have a good knowledge of what it provides, keeping the knowledge up-to-date and also what kind of payload your backend will receive.

If you are a bot developer, I recommend reading the story about ‘Backend Design/Architecture Practices for Chatbots’. Do not forget to ️❤️, if it is useful for you.