CHATBOT
Chatbot REST API
HTTP endpoints for widget sessions and messages.
Create anonymous session
POST /widget/sessions/anonymous
bashcurl -X POST "$API/widget/sessions/anonymous" \ -H "Content-Type: application/json" \ -d '{"publicKey":"pk_live_xxx","botId":"bot_123","visitorId":"visitor-1"}'
Response: { "sessionToken": "..." }
Send message
POST /widget/chatbots/{botId}/message
bashcurl -X POST "$API/widget/chatbots/bot_123/message" \ -H "Content-Type: application/json" \ -d '{"sessionToken":"...","message":"Hello"}'
Authenticated session (backend only)
- POST /widget/sessions/authenticated
- Authorization via server API key headers (secret_server).
- Body includes tenantId, workspaceId, environmentId, botId, externalUserId, email.
- Browser must never receive secret_server key.
Key rules
- public_widget — anonymous/browser sessions only.
- secret_server — authenticated sessions and private actions.
- Typical errors: 401 UNAUTHORIZED, 403 FORBIDDEN / domain, 429 RATE_LIMITED.