Bots are becoming a important part of our lifestyle. Lets look into how to build one. We have  good number of platform choices for building a bot. However each has its pros, cons and we’ll be discussing on integration details on how to build a bot using lex and export it onto Facebook Messenger Platform.

Building a LEX chat bot.

Please look into AWS docs and the following tutorial. AWS docs are very good and complete to get your lex bot running. AWS lex uses lambda as its core engine to handle the bots intelligence.

Integrating Facebook Messenger Platform.

Follow AWS Docs. Its explained very neatly on how to hook up messenger platform to your lex chatbot. However, the lex bot cannot start a conversation.

  • Incase you like to send a message to the FB User when the user is not chatting with the lexbot, it cannot be done by lex. It can be done using Facebook Messenger SEND API from your server.
  • Secondly, providing a seamless experience to the user regarding his data stored on your server

If any of the use case excites you, you are at the right place and can go forward to read the complete tutorial.

After following the above tutorials, you should be able to picture the flow  similar to the below diagram.

FB Permissions and Webhooks Required

  • Webhooks : messages, messaging_postbacks, messaging_optins.
  • Permissions : pages_messaging for general messaging through SEND API. The conversation has to be initiated by the user. Page can message user within an interval of 24 hrs since the user has messaged the page. pages_messaging_subscriptions for messaging anytime after the user has messaged the page once (Beyond the 24 hr window).
  • To get the permission approved , app has to submitted for a review by the FB team stating your purpose and usecase of the permission. You can reach it in your Messenger Section of your FB App Dashboard .

Lets get familiar with few terms.

  1. User Access Token ( UAT ) : token obtained during FB login.
  2. Long-lived User Access Token ( LUAT ) : AccessToken that lives for long time. It is obtained by using UAT.
  3. User Identity ( UID ) : Unique User ID as recognised by Facebook.
  4. Page Identity ( Page ID ) : Unique Page ID as recognised by Facebook.
  5. Page Access Token ( PAT ) : Access Token for accessing a page specific for a user.
  6. App Secret : Unique for an app. can be for apps dashboard in the developers section.
  7. App Secret Proof : A sha256 hash of App Secret and Page Access Token.
  8. Page Scope Identity ( PSID ) : An ID to identify a page and user specifically. It is used for recognising a user.

Lot of the terms doesn’t make sense at the start, but eventually they would. So Lets look at our challenges for recognising a user from your page on Facebook.

We need to identify the user. FB identifies every user with an unique UID. We need to store these credentials during the persons FB Login. However FB sends PSID to identify a user to the lex bot, lambda which is eventually received by your server. To recognise the user, you would need to find a match between PSID and UID . This can be done using the following steps at the time of login on your server.

Given values at time of login are UID, Page ID, App Secret and User Access Token ( UAT ).

  • Long-lived User Access Token   =    Tutorial  (  User Access Token )
  • Page Access Token = Tutorial  ( Page ID, Long-lived User Access Token )
  • AppSecret Proof = Tutorial ( App Secret, Page Access Token )
  • PSID ( Page Scope ID ) = Tutorial use /ids_for_pages api ( UID, Page ID, AppSecret Proof, Page Access Token )


By following  and implementing the above four APIs, you will be able to obtain PSID of every user at the time of login. When queried from lambda using PSID, it should be easy to identify the user and provide a seamless experience.

Coming to using SEND API. You would need Page Access Token and PSID ( Page Scoped Identity ). Since we have obtained both of them at the time of login, they can be used for pinging user when required. We would need pages_messaging_subscription for pinging users randomly at any time. You would need to submit for a review to facebook stating your purpose of requiring such a permission. If FB team feels its a valid use case, they would grant the permission.

For example @Yatis,  we provide IOT solutions majorly in Automobile industry. We have a feature where any user can communicate his/her vehicle remotely using the Yatis App.  With the advance in chatbot technology, we are able to provide the same features by just chatting with our page.  Pinging the user when the vehicle has crossed a geofence required pages_messaging_subscription permission as it could be anytime out of the 24 hr window,  rest of the features required just pages_messaging permission only,

All the best, hope the tutorial was of good help. I have spent a lot of time researching different pages and figuring things out.