Viber 6.5 introduced a new Viber API, which third parties can use to send and receive messages between a bot and a Viber user.
Viber bots use the Viber Chat bot API and create a private encrypted communications channel between a bot and a subscribed Viber user. All information communicated over this channel can only be seen by the subscribed Viber user and the bot’s administrators. It cannot be accessed by any 3rd party API.
When creating a new bot you will receive an authentication token which is used for all communication with the Viber Back End. In order to enable communication between the Viber Back End and the account, the account must call the set webhook request with the authentication token. There is also an optional parameter (v6.5.1 and up) to define which events it will receive (such as delivered and seen notifications when clients receive and read messages). Once the set webhook request is received by the Viber Back End, it will validate the URL and send a response.
All communication between bots and Viber users can only be initialized by the Viber user starting a new conversation to the account (opt–in). When a Viber user subscribes to the bot, the account will receive the following information about the user:
Once a Viber user subscribes to a bot account, the bot can send messages to the Viber user freely (not only in response to a message from the user). Viber users can unsubscribe at any time from the bot, which will immediately block any further communication from the bot to the user. All messages will include a unique message token and timestamp created by the Viber Back End and will be synchronized between all users’ devices. Messages sent to the bot will also include the user’s Viber name and avatar.
HMAC
with SHA256
and uses the account token as the key and the callback JSON
data as the value.seen
status in their privacy settings, then Viber will not send message status updates for seen by the user from the user to the account.ACK
with a message token. If the user has multiple devices (primary and secondary) using the same Viber account, each of the devices will send an ACK
for that message token. As a result of this logic, bots can receive more than one delivered or seen
status update. For a specific user, Viber saves a message for up to 14 days or until the message is considered delivered to the user.200
HTTP response code to the message sent to it. Viber Back End Viber API servers implement a limited retry mechanism to try to resend the message while the account service’s server is offline, but if the account service server is offline for a continuous amount of time, the message will not be delivered to the account.Effective February 4, 2024, Rakuten Viber service API endpoints will require a minimum TLS protocol level of TLS 1.2 or higher. This update is crucial due to the deprecation of TLS 1.0 and 1.1 protocols, which are now considered insecure and vulnerable to attacks such as POODLE (Padding Oracle On Downgraded Legacy Encryption). This attack could potentially intercept and decrypt sensitive data over the internet. If your connections use TLS 1.2 or later, your service will not be affected. Modern client software applications built after 2014 using Java Development Kit (JDK) 8 or later, or other contemporary development environments, likely already support TLS 1.2 or later.
However, if you are using an older application version or have not upgraded your development environment since 2014, an update is likely necessary.
For partners still using TLS 1.0 or 1.1, updating your client software to support TLS 1.2 or later is essential to maintain connectivity. It’s important to note that you have control over the TLS version your client software uses. When connecting to Viber API endpoints, your client software negotiates its preferred TLS version, and Viber applies the highest mutually agreed-upon version.
Please follow the directions below to check your TLS version and prepare accordingly:
The most common use of TLS 1.0 or 1.1 is found in .NET Framework versions earlier than 4.6.2. If you are using the .NET Framework, please verify that you are using version 4.6.2 or later.
Transport Layer Security (TLS) is a cryptographic protocol that secures internet communications. Your client software can be configured to use TLS versions 1.0, 1.1, 1.2, or 1.3, or a subset of these when connecting to service endpoints. You must ensure that your client software supports TLS 1.2 or later.