Home / DialogFlow ES / Exposing the Dialogflow (API.AI) Client Access Token on your client side script
DialogFlow ES

Exposing the Dialogflow (API.AI) Client Access Token on your client side script

Website Name Change

I have changed the name of this website from Mining Business Data to BotFlo. I am offering a 60% off discount on both my Dialogflow ES and Dialogflow CX courses till April 20th 2021 for people who can help me spread the word about my new website.

The Dialogflow Client Access Token was a part of the v1 API which has now been deprecated. You cannot use the client access token for the Dialogflow integration anymore.

Similar Posts


  1. A great article, thanks. Having just started using Dialog flow and having a couple of conversations with the team, my feeling is that w shouldn’t be calling it directly from the client (which was the initial approach we’ve taken). It just doesn’t feel secure/robust.

  2. Great point! Do you see any value in, for instance, obfuscating the JavaScript containing the token, while also using a domain lock function to prevent the obfuscated code from running elsewhere ? I know it’s inherently unsafe, but feels like a good compromise to me.

    1. Hi Gabriel,

      My understanding, based on reading a comment thread on the old API.AI forum, is that these techniques don’t work either. Unfortunately, I am not able to locate that comment thread. However, if you can create a web page which demonstrates how the domain lock function works (plus a tutorial explaining how you accomplished it), I am happy to update my post with a link to your tutorial.

    2. Hi Gabriel,

      Please provide a link to your website so I can verify what you have said in your last comment re: JavaScript obfuscation, and I will be happy to add it. There is insufficient detail in your comment (a tutorial would have helped a lot) for it to actually benefit the person reading this article.