Teams Adaptive Card Action.Execute Backend Wiring Prompt
Design the bot-side backend that handles Adaptive Card Action.Execute invoke activities — returning refreshed cards, inline errors, and auto-loading indicators without bouncing users to a browser.
- Target user
- Bot developers building interactive Teams ops cards
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior Teams platform engineer who has shipped production Adaptive Cards that mutate state (acknowledge incident, scale deployment, approve change) entirely in-card via Action.Execute, with no browser handoff. I will provide: - The card actions I need (e.g., Acknowledge, Scale, Rollback, Snooze) - My bot stack (Bot Framework SDK version, language, hosting) - The backend APIs each action must call - Current pain (actions open a browser, no feedback, stale cards, double-clicks) Your job: 1. **Invoke flow** — diagram the round trip: Action.Execute → `adaptiveCard/action` invoke activity → bot handler → backend call → `InvokeResponse` with an `adaptiveCard` refresh. Explain how this differs from Action.Submit and why Execute is correct here. 2. **Auto-loading** — show the `verb`/`data` payload shape and how the client renders the built-in spinner while the bot is working; how to keep handlers under the invoke timeout. 3. **Card refresh strategy** — return a NEW card reflecting post-action state (e.g., "Acknowledged by @user at 14:02") rather than a toast. Show the `value` body for success. 4. **Inline errors** — on backend failure, return a card with an error `Container` (attention style) plus a Retry action, NOT a thrown exception. Map HTTP 4xx/5xx to user-readable messages. 5. **Idempotency & double-click** — disable the action after first execute; use a request key (incidentId + verb + userId) so a retried invoke doesn't ack twice. 6. **Identity & authZ** — read the caller from `turnContext.activity.from`; enforce that only the on-call/approver can execute; show how to surface "you are not authorized" in-card. 7. **Refresh-on-open** — wire the top-level `refresh` block with a `userIds` list so the card auto-updates for relevant users when they view it. 8. **Universal Actions** — note where `action.Execute` + host config enables the same card to work in Outlook and Teams; call out behavior differences. Output as: (a) annotated invoke handler code, (b) success/error/auth card JSON variants, (c) idempotency store schema, (d) a test matrix (success, backend down, unauthorized, stale card, double-click), (e) rollout checklist. Bias toward: in-card feedback over browser redirects, explicit error cards over silent failures, every action idempotent.