Note: This code pattern uses the classic Watson Assistant experience. After October 8, 2021, all instances (except the standard plan) can switch between the classic and new Watson Assistant experiences by going to the upper-right corner of the Watson Assistant screen and clicking the Manage icon.


In this code pattern, learn how to authenticate users on your chatbot with an SMS one-time passcode (OTP).


Chatbots are prevalent everywhere. And, some conversations are confidential, so chatbots must verify the authenticity of its users. One example of this is a customer who holds an insurance policy who uses a chatbot to get more information about that insurance policy. Sending a one-time passcode through SMS is a popular way to identify a user.

This code pattern shows how to build a chatbot that authenticates users through an SMS one-time passcode. You also learn to use IBM Watson Assistant, IBM Cloud Functions, and custom APIs to build this application.

After you have completed this code pattern, you understand how to:

Build conversational interfaces into any application, device, or channel
Run your application code without servers
Build APIs to authenticate users on your chatbot
Make external API calls through Watson Assistant

Flow diagram

The user registers for a policy on the portal.
User data is stored in the database, and policy details are sent to the user’s phone number in an SMS through the Twilio Messaging API.
The user interacts with the chatbot and asks for confidential information that is related to the policy. Watson Assistant prompts the user to enter the OTP.
The query is sent to Watson Assistant, which in turn invokes IBM Cloud Functions to make an API call to the user-defined, back-end API for retrieving information.
The database is searched for the user’s phone number, and the OTP generated by the back-end API is sent to the user through Twilio.
The user enters the OTP in the chat application to authenticate themselves.
Watson Assistant validates the OTP by interacting with the back-end API.
The user-requested confidential information is fetched from the database if the OTP is valid.
IBM Cloud Functions returns the confidential information to Watson Assistant.
Watson Assistant displays the user-requested confidential information.
The user can see the confidential information in the chatbot.

Related work from others:  Latest from MIT : New insights into training dynamics of deep classifiers


Find the detailed steps in the README file. Those steps explain how to:

Clone the repository.
Set up the Twilio messaging service.Create the Twilio service.
Create the Twilio Trial Number.
Verify caller IDs.

Deploy custom APIs.
Create an IBM Cloud Functions action.
Create Watson Assistant services.
Import the Watson Assistant workspace.
Configure Watson Assistant with the IBM Cloud Functions URL.
Deploy and run the web application.

Similar Posts