Microsoft Health Bot Service management API

The Microsoft Health Bot Service provides API to enable programmatic management actions; for example, programmatic import and export of scenarios from the Scenario Editor.

How to use the API

Code samples

The provided code samples demonstrate how to use the API.

API structure

The API is implemented with REST architecture, enabling performance of CRUD operations on resources that are represented as URLs.

API security

The API is protected with standard JWT tokens. The JWT tokens contain two claims:

  • tenantName, taken from the management portal in the keys tab

  • iat, timestamp as an UNIX epoch value

The JWT token is signed with an API secret, called API_JWT_secret. The secret is taken from the management portal, as shown in the following screenshot:

An example of a JWT token payload before encoding is shown here:

{
    "tenantName": "myTenant",
    "iat":"1507056900"
}

The JWT token is placed in the authorization header, according to the following example:

  Authorization:_Bearer_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnROYW1lIjoibXlUZW5hbnQiLCJpYXQiOiIxNTA3MDU2OTAwIn0.MN4DcxO2mLsltEYNpXbC6T6Bjxj3-rxIAObngZIw4-U

It is recommended that the author implement the JWT tokens with standard libraries -- for example, Node.js jsonwebtoken library.