Bots are becoming an important part of our lifestyle. Let's look into how to build one. We have a good number of platform choices for building a bot. However, each has its pros, cons and we’ll be discussing integration details on how to build a bot using Lex and export it onto the Facebook Messenger Platform.

Building a LEX chat bot.

Please look into AWS docs and the following tutorial. AWS docs are very good and complete to get your Lex bot running. AWS Lex uses Lambda as its core engine to handle the bot's intelligence.

Integrating Facebook Messenger Platform.

Follow AWS Docs. It explains very neatly how to hook up the messenger platform to your Lex chatbot. However, the Lex bot cannot start a conversation.

• In case you like to send a message to the FB User when the user is not chatting with the Lex bot, it cannot be done by Lex. It can be done using Facebook Messenger SEND APIfrom your server.
• Secondly, providing a seamless experience to the user regarding their data stored on your server.

If any of the use cases excite you, you are at the right place and can go forward to read the complete tutorial.

After following the above tutorials, you should be able to picture the flow similar to the diagram below.

FB Permissions and Webhooks Required

• Webhooks: messages, messaging_postbacks, messaging_optins.
• Permissions: pages_messaging for general messaging through SEND API. The conversation has to be initiated by the user. Page can message the user within an interval of 24 hrs since the user has messaged the page. pages_messaging_subscriptions for messaging anytime after the user has messaged the page once (Beyond the 24 hr window).
• To get the permission approved, the app has to be submitted for a review by the FB team stating your purpose and use case of the permission. You can reach it in your Messenger Section of your FB App Dashboard.

Let's get familiar with a few terms.

1. User Access Token (UAT): token obtained during FB login.
2. Long-lived User Access Token (LUAT): AccessToken that lives for a long time. It is obtained by using UAT.
3. User Identity (UID): Unique User ID as recognized by Facebook.
4. Page Identity (Page ID): Unique Page ID as recognized by Facebook.
5. Page Access Token (PAT): Access Token for accessing a page specific for a user.
6. App Secret: Unique for an app. It can be found in the app's dashboard in the developers section.
7. App Secret Proof: A sha256 hash of App Secret and Page Access Token.
8. Page Scope Identity (PSID): An ID to identify a page and user specifically. It is used for recognizing a user.

Lot of the terms don’t make sense at the start, but eventually they would. So let's look at our challenges for recognizing a user from your page on Facebook.

We need to identify the user. FB identifies every user with a unique UID. We need to store these credentials during the person's FB Login. However, FB sends PSID to identify a user to the Lex bot, Lambda which is eventually received by your server. To recognize the user, you would need to find a match between PSID and UID. This can be done using the following steps at the time of login on your server.

Given values at time of login are UID, Page ID, App Secret, and User Access Token (UAT).

• Long-lived User Access Token = Tutorial(User Access Token)
• Page Access Token = Tutorial(Page ID, Long-lived User Access Token)
• App Secret Proof = Tutorial(App Secret, Page Access Token)
• PSID (Page Scope ID) = Tutorial use /ids_for_pages api (UID, Page ID, AppSecret Proof, Page Access Token)

Pictorially…

By following and implementing the above four APIs, you will be able to obtain the PSID of every user at the time of login. When queried from Lambda using PSID, it should be easy to identify the user and provide a seamless experience.

Coming to using SEND API. You would need Page Access Token and PSID (Page Scoped Identity). Since we have obtained both of them at the time of login, they can be used for pinging the user when required. We would need pages_messaging_subscription for pinging users randomly at any time. You would need to submit for a review to Facebook stating your purpose of requiring such a permission. If the FB team feels it's a valid use case, they would grant the permission.

For example @Yatis, we provide IoT solutions primarily in the automobile industry. We have a feature where any user can communicate with his/her vehicle remotely using the Yatis App. With the advance in chatbot technology, we are able to provide the same features by just chatting with our page. Pinging the user when the vehicle has crossed a geofence required pages_messaging_subscriptionpermission as it could be anytime out of the 24 hr window, rest of the features required just pages_messagingpermission only.

All the best, hope the tutorial was of good help. I have spent a lot of time researching different pages and figuring things out.