Home / DialogFlow ES / Exposing the Dialogflow (API.AI) Client Access Token on your client side script
DialogFlow ES

Exposing the Dialogflow (API.AI) Client Access Token on your client side script

The Dialogflow Client Access Token was a part of the v1 API which has now been deprecated. You cannot use the client access token for the Dialogflow integration anymore.

This website contains affiliate links. See the disclosure page for more details. 
"The magic key I needed as a non-programmer"

The custom payload generator was the magic key I needed (as a non-programmer) to build a good demo with rich responses in DialogFlow Messenger. I've only used it for 30 minutes and am thrilled. I've spent hours trying to figure out some of the intricacies of DialogFlow on my own. Over and over, I kept coming back to Aravind's tutorials available on-line. I trust the other functionalities I learn to use in the app will save me additional time and heartburn.

- Kathleen R
Cofounder, gathrHealth
In this free course, I provide some tips for managing large Dialogflow ES bots without compromising on accuracy.

Similar Posts


  1. A great article, thanks. Having just started using Dialog flow and having a couple of conversations with the team, my feeling is that w shouldn’t be calling it directly from the client (which was the initial approach we’ve taken). It just doesn’t feel secure/robust.

  2. Great point! Do you see any value in, for instance, obfuscating the JavaScript containing the token, while also using a domain lock function to prevent the obfuscated code from running elsewhere ? I know it’s inherently unsafe, but feels like a good compromise to me.

    1. Hi Gabriel,

      My understanding, based on reading a comment thread on the old API.AI forum, is that these techniques don’t work either. Unfortunately, I am not able to locate that comment thread. However, if you can create a web page which demonstrates how the domain lock function works (plus a tutorial explaining how you accomplished it), I am happy to update my post with a link to your tutorial.

    2. Hi Gabriel,

      Please provide a link to your website so I can verify what you have said in your last comment re: JavaScript obfuscation, and I will be happy to add it. There is insufficient detail in your comment (a tutorial would have helped a lot) for it to actually benefit the person reading this article.