/
Chatbot Security

Chatbot Security

Owned by Rodolfo Melia
Last updated: Sept 15, 2023
2 min read

This page details what data is collected and how it is then stored, exposed, and transmitted between the eLearning chatbot user, the eLearning chatbot app, and Moodle.

Data collected

The Moodle eLearning Chatbot application collects information about the user so the app can create a Moodle user profile. This information includes the user’s name, telephone number, and other non-required information such as messaging platform ID (like WhatsApp number or Facebook page scope ID), age, gender, organizational role, employee ID, and details about the user’s place of work.

Data Privacy and Terms & Conditions

Upon the startup flow, the chatbot includes a dialogue to collect acceptance of the Terms & Conditions, including data privacy, which the user must accept to continue the conversation.

API calls

The application communicates with the Moodle API, making calls to Moodle’s standard endpoints and the custom endpoints that the Chatbot Plugin enables. The chatbot app uses a token generated in Moodle, which is included in the chatbot installation.

Similarly, user’s inputs are posted by the communication service provider into the Chatbot plugin, which are followed by the chatbot prompts, which are sent via the security protocol dictated by the communication service provider.

The current Communication Service Provider is Twilio. We plan to expand this to support Meta’s WhatsApp and Facebook Messenger directly by late 2023.

Data in Transit

Moodle Chatbot App communicates with two external tools:

  • Moodle Platform.

  • Communication service provider (Twilio).

Moodle Platform: Moodle eLearning Chatbot app relies on using Moodle’s API to display course and activity details. Moodle API requires access via an authorization token, which enables to use of specified functions from outside Moodle without any credentials sharing. For more information, check Moodle’s documentation: https://docs.moodle.org/402/en/Using_web_services

Communication service provider (Twilio): Moodle Chatbot App requires a connection to receive/send messages in the chatbot client. This is done using Twilio’s webhooks for incoming messages and Twilio’s API for replies. Data exchanged with the communication service provider is always transferred as encrypted via https (port 443). This communication service provider secures its information by checking both the webhooks provided to Twilio and the those used in Moodle Chatbot App. If both URLs match, then the data is processed. For more information, check Twilio’s documentation: Webhooks Security | Twilio

Data at rest

Moodle Plugin: The plugin creates two custom tables in Moodle that store the session log and an app log.

  • Session log: status of the conversation of a user. Allows users to always return to continue the chatbot conversation in the same place after a session expires.

  • App log: log of all traffic, showing all user input and content sent to the user.

Chatbot app: The app requires storing user information’s last step/input in the chat. Chatbot App stores this information in the Session log table created by Moodle Plugin.

Related content

Architecture & Components
Architecture & Components
Moodle eLearning Chatbot
More like this
Chatbot Manager Plugin
Chatbot Manager Plugin
Moodle eLearning Chatbot
More like this
eLearning Chatbot App
eLearning Chatbot App
Moodle eLearning Chatbot
More like this
Using the eLearning Chatbot
Using the eLearning Chatbot
Moodle eLearning Chatbot
More like this
Creating an account
Creating an account
Moodle eLearning Chatbot
Read with this
Requirements
Requirements
Moodle eLearning Chatbot
More like this