•3 months ago
Are you looking to have more control over moderation? Presend Message Hooks provides you with access to either discard or rewrite messages when they don’t meet your content guidelines.
This feature works similarly to regular webhooks; however, the difference is that your handler gets called before the message is saved to the channel, allowing you to intercept a message and make sure that it will never appear to other users if you decide that it shouldn’t be posted.
Presend Message Hooks are flexible by nature. Here are a few examples of how these hooks can enforce any of the following rules:
- Scrub PII from messages by running it through AI to strip out sensitive information before sending (i.e., social security numbers, credit cards, etc.)
- Restrict contact information sharing (i.e., discard phone numbers, emails, etc.)
- Allow the use of filtering through regular expressions (REGEX) to allow for a far greater range of words and phrases to be detected
In financial/banking apps, you may need to block or redact messages with data that can provide direct access to the user's funds. Also, if storing personally-identifiable information (PII) in chat messages is not needed for your business, it’s good to prevent this kind of information from being shared. Doing a simple regex check on message content in your Presend Webhook disallows PII to send through.
With healthcare applications, some companies use filtering or moderation to avoid collecting PII per the Health Insurance Portability and Accountability Act (HIPAA). Presend Message Hooks can be used to ensure that apps are compliant with these guidelines by stripping all sensitive or personal information to avoid sharing it.
Your endpoint will receive a POST request with a JSON encoded body containing: message, user, and channel objects. For more details, see the docs section about the request format.
If you intend to change the message, you should return a JSON encoded response with the same message structure. Please note that not all message fields can be changed, the full list of fields that can be modified is available in the rewriting messages section. For more details, see the docs section about the response format.
Your endpoint can decide to disallow the message and return a user message. The endpoint must return a regular message with type set to error to discard the message. For more details, see the docs section about discarding messages.
You can also decide to modify the message. In this case, you return the updated version of the message, and it will overwrite the user input. For more details, see the docs section about rewriting messages.
Rewritable Message Fields
Not all message fields can be rewritten by your hook handler. Some fields are reserved and can only be set by Stream Chat APIs. Any non-custom field that is not listed below will be ignored and not updated on the final message:
- any custom field
For more details, see the docs section about rewritable message fields.
Your webhook endpoint will be part of the send message transaction, and therefore, you should avoid performing any networking call or any slow operation while processing the webhook. Stream Chat will give your endpoint approximately one second to reply. If your endpoint is not available or takes too long, Stream Chat will continue to execute and save the message as usual.
To ensure that an outage on the hook does not impact your application, Stream will pause your webhook once it is considered unreachable. It will automatically resume once the webhook is found to be healthy again. For more details, see the docs section about performance considerations.
Example of Presend Message Hook
An example of how to configure this webhook can be found in this repo.