How to use encrypted userId in Botpress?

When a bot is embedded in a website I pass name with actual user email id to userId. So events are saved along with this user email id, since there are many places in Postgres where this userId gets saved, is it possible to encrypt the userId and use it in Botpress?

For example, MD5 or any other encryption, so that we are not using the actual email id but an encrypted userId.

I use the below snippet to embed bot in a website.

Note : I do not have control over the website so userId encryption has to be done on the Botpress or Postgres side.

	host: 'https://xxx:443'
	botId: 'uat_prod',
	userId: name

I wonder if this can be done by a Before Incoming Middleware hook, in which you check if userId is encrypted, and if not, encrypt it!

@asashour how do I set userId to encrypted userid inside a before incoming middleware hook?

Is it as simple as = customEncryptedFn(; after checking encrypted or not?

I would first check which property exactly, by printing the event to the console, and then beautify the JSON to see how things are mapped.

Something like:

async function action(bp: typeof sdk, event: sdk.IO.IncomingEvent) {
  /** Your code starts below */

  async function hook() {

  return hook()

  /** Your code ends here */

I verified, in custom actions contains the userId, how do I overwrite it’s value

As you said, try: = customEncryptedFn(

Or even simpler = + '123'

And see what is being saved

I am able to change value, but after this change bot does not reply anything even a simple built-in text action is not shown.

No errors on the console as well.

Any idea what’s wrong?

I see, actually this target is what identifies the client, so it needs to be returned back to its initial value.

You can use two hooks, e.g. before_incoming_middleware:

async function hook() { = + '123''before incoming middleware ' +
return hook()

And before_outgoing_middleware:

async function hook() { =, - 3)'before outgoing middleware ' +
return hook()

@asashour Thank you for your response but looks like in the before_outgoing_middleware hook, you are again assigning back the original userId value and in Postgres DB, Botpress is still using the original userId provided during initialization.

I do not want to store actual user identifiable data anywhere instead I want to use the encrypted userId everywhere for GDPR reasons.

Here I wanted to use this encrypted userId everywhere even inside the Postgresql tables eg: events, web_conversations, dialog_sessions, etc or anywhere else where Botpress saves userId information.