CHATBOT

Chatbot REST API

HTTP endpoints for widget sessions and messages.

Create anonymous session

POST /widget/sessions/anonymous

bash

curl -X POST "$API/widget/sessions/anonymous" \ -H "Content-Type: application/json" \ -d '{"publicKey":"pk_live_xxx","botId":"bot_123","visitorId":"visitor-1"}'

Response: { "sessionToken": "..." }

Send message

POST /widget/chatbots/{botId}/message

bash

curl -X POST "$API/widget/chatbots/bot_123/message" \ -H "Content-Type: application/json" \ -d '{"sessionToken":"...","message":"Hello"}'

Authenticated session (backend only)

  • POST /widget/sessions/authenticated
  • Authorization via server API key headers (secret_server).
  • Body includes tenantId, workspaceId, environmentId, botId, externalUserId, email.
  • Browser must never receive secret_server key.

Key rules

  • public_widget — anonymous/browser sessions only.
  • secret_server — authenticated sessions and private actions.
  • Typical errors: 401 UNAUTHORIZED, 403 FORBIDDEN / domain, 429 RATE_LIMITED.