Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio - Publish & Channel Management / Web Channel Security N...
Copilot Studio - Publish & Channel Management
Unanswered

Web Channel Security Not Working in Copilot Studio

(1) ShareShare
ReportReport
Posted on by flojos 2

Hello Community Members,

I hope you’re all doing well! I’ve been using Microsoft Copilot Studio to build and deploy my chatbot on our custom website app. However, I’ve encountered an issue related to web channel security.

Here are the details of the problem:

  1. Issue: Web channel security is not functioning as expected. It works sometimes and not others. 
  2. Scenario: I want to restrict access to my bot using the secret and tokens. but I often get a 403 Forbitten error when fetching the token. we tested different bots with the following dummy implementation (note we will do all the server site security configuration just did it this way for testing:  

 

 

 

 

 var chatWindow = document.getElementById('chatWindow');
 
 var secret ='secret put here';

fetch('https://directline.botframework.com/v3/directline/tokens/generate', {
 method: 'POST',
 headers: {
 'Authorization': 'Bearer ' + secret
 }
})
.then(response => response.json())
.then(data => {
 var chatWindow = document.getElementById('chatWindow');
 chatWindow.src='https://copilotstudio.microsoft.com/XXXXXXXXXXXXXXXXXXXXXXXXXXXX&token=' + data.token;
})
.catch(error => console.error('Error:', error));

 

 

 

 

 

  • Desired Outcome: I’d like to ensure that only authenticated requests can interact with my bot via the web channel and that the bot can retrieve and pass on the tokens.

Questions:

  • Has anyone been able to use the Direct Line API 3.0?
  • Are there any additional steps I need to take to enforce web channel security effectively?
  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    If it's an intermittent issue, try raising a case with support. I'm seeing a similar (older) issue here: Error with Power Virtual Agent Bot: Site Missing code 403 from https://directline.botframework.com/v3/directline/conversations · Issue #4625 · microsoft/BotFramework-WebChat (github.com)

  • yukiko0219 Profile Picture
    yukiko0219 5 on at
    Re: Web Channel Security Not Working in Copilot Studio

    I am trying to connect copilots in the US. (my conversation id also ends in "-us")

  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    Are you trying to connect to copilots/bots in different regions?

  • yukiko0219 Profile Picture
    yukiko0219 5 on at
    Re: Web Channel Security Not Working in Copilot Studio

    I am also facing a similar issue.

     

    Following is an example from https://github.com/microsoft/BotFramework-WebChat:

     

    import React, { useMemo } from 'react';
import ReactWebChat, { createDirectLine } from 'botframework-webchat';

export default () => {
 const directLine = useMemo(() => createDirectLine({ token: 'YOUR_DIRECT_LINE_TOKEN' }), []);

 return <ReactWebChat directLine={directLine} userID="YOUR_USER_ID" />;
};

     

    the connection is sometimes successful, however, it times out in most cases. 

    When I try to refresh the token, I get "Conversation not found" error 

  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    Where is this pattern taken from? i.e. a pattern where the token is being passed as a URL parameter?

     

    The sample here should work: Customize the Web Chat canvas - Microsoft Copilot Studio | Microsoft Learn, 

     

    Specifically, this section:

     const directLine = WebChat.createDirectLine({ domain: new URL('v3/directline', directLineURL), token });

 // Sends "startConversation" event when the connection is established.

 const subscription = directLine.connectionStatus$.subscribe({
 next(value) {
 if (value === 2) {
 directLine
 .postActivity({
 localTimezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
 locale,
 name: 'startConversation',
 type: 'event'
 })
 .subscribe();

 // Only send the event once, unsubscribe after the event is sent.
 subscription.unsubscribe();
 }
 }
 });

 WebChat.renderWebChat({ directLine, locale, styleOptions }, document.getElementById('webchat'));

     

     

     

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Now Available: 2025 Release Wave 2
Welcome to the Power Platform Communities

Quick Links

Paul Stork – Community Spotlight

We are honored to recognize Paul Stork as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Copilot Studio

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 169 Super User 2025 Season 1

#2
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 150

#3
sandeep_angara Profile Picture

sandeep_angara 75

Last month Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans