To be able to call the API, the requests must be made by a valid Sherpa user. In the Conversational API, each client can create their own users, and if they are properly logged in, they will have a valid token to be able to call the service.

There are two models that can be used, depending on the scenario of your application.


In this model, the client application's frontend calls the Conversational AI API directly.

In this scenario, each client application must register a Sherpa user.

It is necessary to login the user, in order to get a valid token and to renew it. The credentials should be stored in the application, so the end user does not have to be asked for them.

Upon logout, the token will be set as expired.

B2C Authentication


In this model, the requests to the Conversational AI API will be made by the backend of the application. The application's users will have a user in the application. To call the Conversational AI API, an anonymous registration/login process is provided, so that each application user can have a Sherpa user, and be logged in then the assigned token is expired or when they are logged out.

In this authentication, no password is provided and the security is provided by a Hash-based message authentication protocol. This ensures that the API calls are being made from a stated client and that the data has not been tampered with.

To generate the signature in this service the public and private API keys are needed.

Upon logout, the token will be set as expired.

B2B Authentication