Viber API Documentation7.3.0

Docs / General / API Access White Paper

Viber API Access - White Paper

Viber 6.5 introduced a new Viber API, which third parties can use to send and receive messages between a bot and a Viber user.

Using the Viber API

Viber bots use the Viber Chat bot API and create a private encrypted communications channel between a bot and a subscribed Viber user. All information communicated over this channel can only be seen by the subscribed Viber user and the bot’s administrators. It cannot be accessed by any 3rd party API.

When creating a new bot you will receive an authentication token which is used for all communication with the Viber Back End. In order to enable communication between the Viber Back End and the account, the account must call the set webhook request with the authentication token. There is also an optional parameter (v6.5.1 and up) to define which events it will receive (such as delivered and seen notifications when clients receive and read messages). Once the set webhook request is received by the Viber Back End, it will validate the URL and send a response.

Communication between bots and Viber users

All communication between bots and Viber users can only be initialized by the Viber user starting a new conversation to the account (opt–in). When a Viber user subscribes to the bot, the account will receive the following information about the user:

Once a Viber user subscribes to a bot account, the bot can send messages to the Viber user freely (not only in response to a message from the user). Viber users can unsubscribe at any time from the bot, which will immediately block any further communication from the bot to the user. All messages will include a unique message token and timestamp created by the Viber Back End and will be synchronized between all users’ devices. Messages sent to the bot will also include the user’s Viber name and avatar.



Successful delivery definition

TLS protocol level upgrade

Effective February 4, 2024, Rakuten Viber service API endpoints will require a minimum TLS protocol level of TLS 1.2 or higher. This update is crucial due to the deprecation of TLS 1.0 and 1.1 protocols, which are now considered insecure and vulnerable to attacks such as POODLE (Padding Oracle On Downgraded Legacy Encryption). This attack could potentially intercept and decrypt sensitive data over the internet. If your connections use TLS 1.2 or later, your service will not be affected. Modern client software applications built after 2014 using Java Development Kit (JDK) 8 or later, or other contemporary development environments, likely already support TLS 1.2 or later.

However, if you are using an older application version or have not upgraded your development environment since 2014, an update is likely necessary.

For partners still using TLS 1.0 or 1.1, updating your client software to support TLS 1.2 or later is essential to maintain connectivity. It’s important to note that you have control over the TLS version your client software uses. When connecting to Viber API endpoints, your client software negotiates its preferred TLS version, and Viber applies the highest mutually agreed-upon version.

Please follow the directions below to check your TLS version and prepare accordingly:

The most common use of TLS 1.0 or 1.1 is found in .NET Framework versions earlier than 4.6.2. If you are using the .NET Framework, please verify that you are using version 4.6.2 or later.

Transport Layer Security (TLS) is a cryptographic protocol that secures internet communications. Your client software can be configured to use TLS versions 1.0, 1.1, 1.2, or 1.3, or a subset of these when connecting to service endpoints. You must ensure that your client software supports TLS 1.2 or later.