This hash is generated with sha256 using the access_token and app_secret, which we already require in the BootBot constructor.
Implementing this should be as simple as adding a useAppSecretProof boolean option to the BootBot constructor, which will be false by default, but if set to true, we should generate the hash using the crypto library and add it to the request to Graph API in sendMessage.
Facebook provides the option to secure Graph API requests with an
appsecret_proofhash. More info here: https://developers.facebook.com/docs/graph-api/securing-requests/This hash is generated with
sha256using theaccess_tokenandapp_secret, which we already require in the BootBot constructor.Implementing this should be as simple as adding a
useAppSecretProofboolean option to the BootBot constructor, which will befalseby default, but if set totrue, we should generate the hash using thecryptolibrary and add it to the request to Graph API insendMessage.