Enabling the HTTP API
By default, running a Rasa server does not enable the API endpoints. Interactions
with the bot can happen over the exposed
To enable the API for direct interaction with conversation trackers and other
bot endpoints, add the
--enable-api parameter to your run command:
Note that you start the server with an NLU-only model, not all the available endpoints can be called. Some endpoints will return a 409 status code, as a trained dialogue model is needed to process the request.
Make sure to secure your server, either by restricting access to the server (e.g. using firewalls), or by enabling an authentication method. See Security Considerations.
By default, the HTTP server runs as a single process. You can change the number
of worker processes using the
SANIC_WORKERS environment variable. It is
recommended that you set the number of workers to the number of available CPU cores
(check out the
for more details). This will only work in combination with the
RedisLockStore (see Lock Stores.
We recommend to not expose the Rasa Server to the outside world, but rather connect to it from your backend over a private connection (e.g. between docker containers).
Nevertheless, there are two authentication methods built in:
Token Based Auth
Pass in the token using
--auth-token thisismysecret when starting
Your requests should pass the token, in our case
as a parameter:
JWT Based Auth
Enable JWT based authentication using
Requests to the server need to contain a valid JWT token in
Authorization header that is signed using this secret
The token's payload must contain an object under the
which in turn must contain the
admin, all endpoints are accessible.
user, endpoints with a
sender_id parameter are only accessible
sender_id matches the payload's
Your requests should have set a proper JWT header:
The following is an example payload for a JWT token: