Configuring on-premises or internal access only environments for Digital Messaging access
Configure your on-premises or internal access only Pega Platform environment to enable communication with publicly accessible endpoints required by Digital Messaging Service. This includes enabling communication through a virtual private network (VPN). This configuration enables the implementation of a Digital Messaging channel for customer interaction with your chatbot and application on platforms such as Web Messaging.
Follow these guidelines when creating your Digital Messaging channel interface:
- The system generates endpoint URLs based on the value entered in the
Base URL field. For example, if you enter https://instanceID-stg1.pegacloud.net/prweb in the Base URL field, the system
appends the necessary URL elements and forms the following messaging endpoint:
https://instanceID-stg1.pegacloud.net/prweb/PRRestService/botAgent/v1/messaging - Pegasystems determines the Digital Messaging Service region during the provisioning of your Digital Messaging Manager ID and Manager Key, as described in the region-specific settings below. Ensure that you use the appropriate region for your Manager ID.
- For Pega Cloud instances, submit a Cloud Change (CC) request, specifying the inbound endpoints and the IP addresses to give permission to. For more information, go to Pega Support Center.
The following are the endpoint definitions for step 2:
- api
- Establishes the connection with Digital Messaging Service and enables message delivery.
- accounts
- Displays Digital Messaging Manager when you click Manage connections in the Digital Messaging channel interface. You do not need to enable access for this endpoint if the operator's access is not restricted.
- cdn (content delivery network)
- Displays icons for each connection in the Digital Messaging channel interface. The icons are fixed assets. The system uses the same endpoint for every region. You can access this endpoint from either the operator's web browser or the Pega Platform application.
- attachments
- Handles CSR attachment uploads from Interaction Portal and provides the URL through Digital Messaging Service for file attachment retrieval by customers. This one-way communication occurs from your Pega Platform application to Amazon S3 storage service. Unlike other endpoints which you can configure for reverse proxy and gateway, you cannot customize, change, or map this attachment endpoint in your Pega Platform instance.
- widget-logo, widget-avatars, and widget-fonts
- Used for file uploads in the Digital Messaging Manager Web Messaging settings.
- Allow inbound message delivery from the customer to your chatbot and CSR, by
opening access for the following items:
- Requests originating from the dedicated Digital Messaging Service IP addresses. Pegasystems provides these IP addresses in the instructions included with your Digital Messaging credentials when they are provisioned.
- Requests directed to the endpoints shown below, which are used in your instance to handle the various Digital Messaging Service requests. You can find these endpoints in your Pega Platform application by going to Service REST package Rule, as shown in the example below:
Endpoint URL Description https://{instanceID}/prweb/PRRestService/botAgent/v1/messagingandhttps://{instanceID}/prweb/PRRestService/botAgentListener/v1/accountsRequired for message delivery and connection management. https://{instanceID}/prweb/PRRestService/botAgent/v1/messaging/{consumerId}/history/{customerId}/{interactionId}andhttps://{instanceID}/prweb/PRRestService/botAgent/v1/messaging/{consumerId}/conversation/{customerId}Required for asynchronous messaging and conversation history requests (if enabled in Web Messaging or Mobile Messaging SDK connection settings). https://{instanceID}/prweb/PRRestService/botAgent/v1/messaging/form/submitandhttps://{instanceID}/prweb/PRRestService/botAgent/v1/messaging/form/refreshRequired for Forms requests in Web Messaging (if forms-type replies are configured). https://{instanceID}/prweb/PRRestService/botAgentAuthentication/v1/authUsed for customer authentication during chat (if authentication is configured). Perform this step for firewall configuration to ensure that your application can receive messages from Digital Messaging Service (HTTPS/443). The system rejects calls to these endpoints if you have not properly configured your firewall, proxy, and load balancers, or the Manager ID and Manager Key for your instance.
For example: The following figure shows a list of botAgent Service REST package Rules where the endpoints are already specified:
botAgent Service REST package Rules 
- If access is restricted, enable outbound communication and message delivery
from your chatbot or CSR to the customer, by providing access for the following
endpoints for your Digital Messaging Service region.
Region Endpoints United States (US East, N. Virginia): us-east-1 https://api.artemis.pega.digital https://outgoing.artemis.pega.digital https://accounts.artemis.pega.digital https://cdn.artemis.pega.digital https://prod-artemis-attachments.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/prod-um-widget-logo and https://prod-um-widget-logo.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/prod-dm-widget-avatars and https://prod-dm-widget-avatars.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/prod-dm-widget-fonts Canada (Central): ca-central-1 https://api.ca.um.pega.digital https://outgoing.ca.um.pega.digital https://accounts.ca.um.pega.digital https://cdn.artemis.pega.digital https://canprod-artemis-attachments.s3.ca-central-1.amazonaws.com o https://s3.ca-central-1.amazonaws.com/canprod-um-widget-logo and https://canprod-um-widget-logo.s3.ca-central-1.amazonaws.com https://s3.ca-central-1.amazonaws.com/canprod-dm-widget-avatars and https://canprod-dm-widget-avatars.s3.ca-central-1.amazonaws.com https://s3.ca-central-1.amazonaws.com/canprod-dm-widget-fonts Europe (Ireland): eu-west-1 https://api.euw1.um.pega.digital https://outgoing.euw1.um.pega.digital https://accounts.euw1.um.pega.digital https://cdn.artemis.pega.digital https://euw1prod-artemis-attachments.s3.eu-west-1.amazonaws.com https://s3.eu-west-1.amazonaws.com/euw1prod-um-widget-logo and https://euw1prod-um-widget-logo.s3.eu-west-1.amazonaws.com https://s3.eu-west-1.amazonaws.com/euw1prod-dm-widget-avatars and https://euw1prod-dm-widget-avatars.s3.eu-west-1.amazonaws.com https://s3.eu-west-1.amazonaws.com/euw1prod-dm-widget-fonts Europe (London/UK): eu-west-2 https://api.uk.um.pega.digital https://outgoing.uk.um.pega.digital https://accounts.uk.um.pega.digital https://cdn.artemis.pega.digital https://euw2prod-artemis-attachments.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com/euw2prod-um-widget-logo and https://euw2prod-um-widget-logo.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com/euw2prod-dm-widget-avatars and https://euw2prod-dm-widget-avatars.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com/euw2prod-dm-widget-fonts Europe (Frankfurt): eu-central-1 https://api.euc1.um.pega.digital https://outgoing.euc1.um.pega.digital https://accounts.euc1.um.pega.digital https://cdn.artemis.pega.digital https://euc1prod-artemis-attachments.s3.eu-central-1.amazonaws.com https://s3.eu-central-1.amazonaws.com/euc1prod-um-widget-logo and https://euc1prod-um-widget-logo.s3.eu-central-1.amazonaws.com https://s3.eu-central-1.amazonaws.com/euc1prod-dm-widget-avatars and https://euc1prod-dm-widget-avatars.s3.eu-central-1.amazonaws.com https://s3.eu-central-1.amazonaws.com/euc1prod-dm-widget-fonts - If you set up your Pega Platform environment behind a proxy
or an API Gateway, use the proxy or gateway URL as the publicly accessible URL
for your instance.
- In your Digital Messaging channel interface, on the Connection tab, in the Base URL field, enter the publicly accessible URL for your Pega Platform instance.
- Ensure that you use a secure connection (HTTPS) for the URL.
Your proxy or API Gateway is responsible for receiving messages and forwarding them externally to your application. - If Pega provisioned your Digital Messaging credentials for a
Digital Messaging Service region other than the us-east-1
default setting in your application (equivalent to 'artemis'
endpoints), update the URL API settings in data transform rules for the
Data-Channel-Configuration-BotAgent class:
- Switch to Dev Studio.
- In the navigation pane of Dev Studio, click App, and then search for the Data-Channel-Configuration-BotAgent class.
- Expand the section for the Data-Channel-Configuration-BotAgent class, and then click pyDefault.
- In the data transform rule, in the row for the
.pyManagementAPIUrl target, in the field in
the Source column, update the URL API endpoint
for your region with the value in the first row in the table in step
2.Enter the value in the field in the Source column in double quotation marks.
For example: The following figure shows the correct updated value in the Source column for Europe (Ireland) region configuration, "https://api.euw1.um.pega.digital":
Updated settings for the pyDefault data transform rule for the Europe region. 
- Save the rule to a ruleset by clicking Save as.
- In the navigation pane of Dev Studio, click App, and then search for the Data-Channel-Configuration-BotAgent class.
- Expand the section for the Data-Channel-Configuration-BotAgent class, and then click pySetBaseURL.
- In the data transform rule, in the row for the
.pyManagementAPIUrl target, in the field in
the Source column, update the URL API endpoint
for your region with the value in the first row in the table in step
2.Enter the value in the field in the Source column in double quotation marks.
For example: The following figure shows the correct updated value in the Source column for the Europe (Ireland) region configuration, "https://api.euw1.um.pega.digital":
Updated settings for the pySetBaseURL data transform rule for the Europe region. 
- Save the rule to a ruleset by clicking Save as.
- Switch back to App Studio.
Previous topic Configuring Digital Messaging channel security Next topic Template operator for IVA channel