The botkit is not working for EU, DE region (403 forbidden)

Problem statement: When a bot developer configures the botkit for a bot in the US region ( it works for them. However, the same botkit when it is linked to a bot in the EU ( region or DE ( Or JP ( region, it does not work. The users is not able to get responses from the bot. Send user message is being logged in the reverse proxy (ngrok) but send bot message is not received in the botkit.

Edit the file lib\sdk\lib\invokeSendMessageAPIs.js
Add a console log statement for sendBotMessage:
On interacting with the bot, I see 403 Forbidden.
On checking further with the NOC team what was revealed is -

  • XO Platform is hosted on AWS.
  • AWS has its own WAF (Web Application Firewall)
  • In the EU, DE, JP regions-, the AWS WAF version does not accept any HTTP request that does not have user-agent in the header.


  • If you are hosting your botkit on a server that has proxy for outgoing calls, you can add user-agent in all the HTTP headers,
  • BotKit is a nodeJS middleware. It can be edited and tweaked as necessary. You can explicitly add the user-agent in the botkit code.

Note: The botkit code in github will be updated to make it possible for the users to configure user-agent header easily. Till that time, please use this approach to get going with botkit implementation if needed