Unless otherwise specified in the documentation most requests to the eXvisory REST API require end user authentication. Currently the only authentication mechanism supported is Google Sign-In for Websites (so users must sign in using Google accounts).
Google has announced that Google Sign-In for Websites will no longer be supported by from March 31, 2023. We are looking into alternatives.
Google Sign-In for Websites is well documented and straightforward to integrate into your client-side chatbot application. The basic flow is to detect whether the user is already signed in and if not to present a Google sign-in button that initiates the Google sign-in process. Once signed-in use the Google Javascript API to obtain the user's Google ID token and send it in a header to the eXvisory REST API.
"Authorization" : "Bearer <ID token>"
Google ID tokens expire after about an hour and need to be refreshed (see Google Sign-In for Websites reference).
Sample ID tokens (for example for use in command-line cURL testing) can easily be obtained by using browser dev tools to inspect network traffic at