(originally sent to thingpedia-admins@ by Eduardo Villalpando Mello <A01023646@itesm.mx>)

Hello. I am a student at Tec de Monterrey in Mexico working on a project that I think might be of your interest. First things first, I would like to recognize and congratulate you on the amazing work you’ve pulled together. I head a Hack Club at our school that develops software, and we are planning on integrating Almond on several projects.

So far, I’ve built a distraction-free client with a minimal and friendly UI that I felt would be worth sharing. (Check it out at https://bob-assistant.herokuapp.com)

Right now, we are currently developing a WhatsApp bot that connects directly to Almond. For that purpose, I would love to work collaboratively to get a much deeper understanding on the process, specifically regarding authentication and token generation. As far as I understand, a POST request to /me/api/oauth2/token returns a token valid for a specified amount of time to be used in the WebSocket request.

I would like to propose a way to create permanent tokens and authenticate via phone number, but I undestand the safety implications if not implemented correctly. For that reason, I would love to collaborate with you in order to get a better understanding of the process and brainstorm a solution.

TL;DR

I would like to collaborate to develop a method for signing in with phone number and generate a permanent (or automatically updated) token key to be used in a whatsApp bot interface.

Once more, thank you very much for your hard work. I would be thrilled to contribute as much as posible to the Project.

Greetings,

Eduardo V.

Whoa you’ve done a great job, your UI looks very polished and professional, and a Whatsapp bot sounds great!

As for the API, in addition to the temporary access token, it should also return a refresh token.
You should be able to follow the protocol in RFC 6749 Section 6 to automatically get a new access token whenever the current one expires. The refresh token is valid indefinitely until the user revokes it explicitly.

By the way, if you’re going to develop a Whatsapp bot, you might want to look at our prototype Slack bot: https://github.com/Stanford-Mobisocial-IoT-Lab/slackmond

The prototype is not quite finished, but it shows how 2-way integration with a messaging platform could look like (including how to deal with group chats, and what identity should the bot have), and you should be able to borrow some code.

Hii!! Thanks a lot. I was wondering if there was a way of authenticating users, and generating a refresh token in a single step. What process did you use for the command line client? Also, I have already developed a “passive” listener for conversations, will share the code as soon as I finish debugging.

Using OAuth, after you authenticate clients, you get the authorization code, and you exchange that code for the access token. Together with the access token, you will also receive a refresh token.

Does this help?

As for the command line, assuming you almond-cmdline - that’s a different architecture. almond-cmdline is a full client-side Almond instance. All commands are run locally, and you don’t need an account on almond.stanford.edu. If you do have one, then it uses the synchronization interface (undocumented, non-public, but you can find the code online) to copy the credentials to third-party services between almond.stanford.edu and the local client, so you can login to, say, Facebook from almond.stanford.edu and then use Facebook from almond-cmdline

Thanks, already solved that. Is there any place I should be uploading the code or should I upload it on a repository of my own?
Also… WhatsApp’s API is currently in a closed beta so I was wondering if I could apply for early access on behalf of the team (I really doubt they will say no to Stanford, specially if the project is for educational purposes and stuff). There are also several other options like Twilio but start charging after a couple amount of messages (I could also ask for an educational/non-profit discount and see how it goes). If you agree, of course.

If you’re going for a separate app, like a bridge, I think you should upload it to a repository you own on Github (or your preferred platform). It will be easier for you as you’ll have admin access to issues and wikis. And you get Github stars for yourself and Ctrl-Alt-Tec, which is nice!
If you like, we can still collaborate on it even outside of our own Github org - I can take a look at the code, help you with code review from other contributors, etc. (with the caveat that I cannot commit too much time to it). You should also feel free to use this forum for support questions, announcements, and the like.

On the other hand, if you’d like our new UI to be featured on our website, you should fork almond-cloud and then send us a PR. Process details are described in CONTRIBUTING.md.

As for asking for WhatsApp, I didn’t know they had a public API. I thought you were talking about the old, reverse-engineered XMPP support. I’ll ask the rest of the team and let you know.

Hello. I hope to finish first prototype this afternoon and will share the repo with you. I am currently using Twillio but am hoping to develop a self contained system with a Node.js server so that it can be forked and used by other people. Will share with you ASAP. I will also share the number by mail (so that it doesn’t become public/saturated). Honestly, it would be really great to have the UI and whatsapp featured in the website. Thanks for all the support!!!

Sounds good! One thing I’d recommend though, is avoiding hard-coding credentials on the Github repo, because there are lot of scrapers out there that look for leaked credentials and abuse them…

Yeah, uploaded them without noticing. Thx!

I applied to the Whatsapp Business API on behalf of Almond/Stanford. I was surprised to see there was no form to explain how we plan to use the API.
In any case, I’ll let you know when they come back to me.

Nicee, thx a lot!
The basic functionality is now done. I will be working on extending functionality with thingspedia api and stuff.

So, it’s now 2 weeks in and I have not gotten any response from Whatsapp. I suspect they just ignored the request. I don’t know, how do you propose to go from there? Maybe we should focus on Telegram instead of Whatsapp? They seem to be more open to bots, and as far as I know they are both popular.

Hello. I am considering on setting up a server and use Whatsapp web to queue messages and send responses, but that would take quite some time.
I personally don’t use Telegram that much, but I could try giving it a look. In the meantime, the temporary number I sent you through email still works flawlessly.

We could also try Facebook Messenger Will give it a look in the following days

In past, many people tried to realize (also great) bots on Whatsapp, with some kind of “hacking” with unofficial APIs, client (Android) side message catching, etc.
Please note that Whatsapp company sooner or later, always blocked these unofficial bots. Always!

Now, since one year WA Business APIs (https://www.whatsapp.com/business/api) seem to be available B2B agreements with Facebook “partners” (=~ big system integrator companies), but I really never could understand what is allowed and what is not allowed to do for a WA bot.

AFAIK, I understood that a WA Business bot could implement a restricted set of features, conceived for brands/merchants in the e-commerce space, like shout times, product lists, restricted notification (for ads/news), and few more actions.

Following these supposed regulations, it seems to me that is NOT possible to have a bot like Almond in WhatsApp for Business.

@eduardo.villalpando, do you have news on that? Maybe I’m wrong/uninformed. There is any doc I can read about it?

BTW, in my country (Italy), WhatsApp is used by maybe ~90% of the population so it could be great to push a bot on that channel. That’s true for Almond or any other application in the Education/Edtech realms (that’s my case for example), but again, I’m not aware of any specific Facebook regulation regarding possible public/government/education conversational apps partnership/facility.

@gcampax Maybe we should focus on Telegram instead of Whatsapp? They seem to be more open to bots, and as far as I know they are both popular.

Telegram is popular in Italy, but I guess it’s used daily by just ~20% of smartphone owners (that’s my suggestion, I don’t have any serious statistical data about that).

Anyway, I agree that Telegram integration could be smart, for some reasons:

1. technical: I think it’s pretty easy to proxy Almond with a Telegram Bot interface (I have used: https://github.com/yagop/node-telegram-bot-api )
2. paradigmatic: TG bot echo system if free and open. Also maybe Telegram could be a partner for Almond project.

In any case, we are aware that passing through a chat app external to Almond, like WhatsApp, Telegram, Alexa, GoogleAssistant, anything else…of course that broke the Almond architecture for privacy data protection! But ok, people ingestion through “untrusted” big player channels, could be a temporary Almond strategy marketing

Well, even if WA for Business is not suitable for Almond, they should have at least replied to me to let me know it’s not acceptable… I only got silence from them.

You are right, WA Business API submission form is just… ridiculous.

In general
I really still didn’t understand what Facebook want to do with (business) chatbots (third party apps) ON whatsapp (and on Facebook Portal, the new personal “assistant” platform: https://twitter.com/solyarisoftware/status/1174705438262276096 ).

Specifically about Almond:
That’s a revolutionary project, it’s a trojan horse for Facebook…

Hello again. I got to work on several other things… and school, etc., and lost track of updates. I will continue research but it seems that everything is pretty much the same. I wish you all the best during these uncertain times :D. (p.d. I am @eduardo.villalpando, but using my School mail, because I can’t remember the password for my other mail LOL)