Introduction
RosettaChat V1 API for authentication, file staging, Workspace Channel chat, Direct Chat, attachments, automation, and webhooks.
This documentation aims to provide all the information you need to work with our API.
<aside>As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile).
You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile).</aside>Authenticating requests
To authenticate requests, include an Authorization header with the value "Bearer {YOUR_BEARER_TOKEN}".
All authenticated endpoints are marked with a requires authentication badge in the documentation below.
Most application endpoints use Laravel Sanctum bearer tokens. Workspace automation endpoints require a token with the documented automation ability. Webhook endpoints authenticate with their webhook secret instead of bearer auth.
App Authentication
Token-based authentication APIs for native mobile/desktop applications
Register
Create a new user account and return an access token.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/register" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"John Doe\",
\"email\": \"[email protected]\",
\"password\": \"secretpassword\",
\"preferred_language\": \"id\",
\"password_confirmation\": \"secretpassword\",
\"device_name\": \"iPhone 15 Pro\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/register"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "John Doe",
"email": "[email protected]",
"password": "secretpassword",
"preferred_language": "id",
"password_confirmation": "secretpassword",
"device_name": "iPhone 15 Pro"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"access_token": "1|abc123...",
"token_type": "Bearer",
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]"
}
}
Example response (422, Validation error):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"This email is already registered."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Login
Authenticate user with email and password, return an access token.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/login" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"password\": \"secretpassword\",
\"device_name\": \"iPhone 15 Pro\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/login"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]",
"password": "secretpassword",
"device_name": "iPhone 15 Pro"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"access_token": "1|abc123...",
"token_type": "Bearer",
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]"
}
}
Example response (403, Account inactive):
{
"message": "Account is inactive."
}
Example response (422, Invalid credentials):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"The provided credentials are incorrect."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Request OTP
Send a One-Time Password to the user's email for passwordless authentication.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/otp" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/otp"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "OTP sent to your email."
}
Example response (422, Validation error):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"The email field must be a valid email address."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Verify OTP
Verify the One-Time Password and return an access token. Creates a new account if the email is not registered.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/otp/verify" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"token\": \"123456\",
\"device_name\": \"iPhone 15 Pro\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/otp/verify"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]",
"token": "123456",
"device_name": "iPhone 15 Pro"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"access_token": "1|abc123...",
"token_type": "Bearer",
"user": {
"id": 1,
"name": "john",
"email": "[email protected]"
}
}
Example response (403, Account inactive):
{
"message": "Account is inactive."
}
Example response (422, Invalid OTP):
{
"message": "The given data was invalid.",
"errors": {
"token": [
"Invalid or expired OTP."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Forgot Password
Send a password reset link to the user's email.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/forgot-password" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/forgot-password"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password reset link sent to your email."
}
Example response (422, Email not found):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"We could not find an account with that email."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Reset Password
Reset the user's password using the reset token.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/reset-password" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"token\": \"abc123def456...\",
\"email\": \"[email protected]\",
\"password\": \"newsecretpassword\",
\"password_confirmation\": \"newsecretpassword\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/reset-password"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"token": "abc123def456...",
"email": "[email protected]",
"password": "newsecretpassword",
"password_confirmation": "newsecretpassword"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password has been reset successfully."
}
Example response (422, Invalid token):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"This password reset token is invalid."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Logout
requires authentication
Revoke the current access token.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/logout" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/auth/app/logout"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Example response (200):
{
"message": "Logged out successfully."
}
Example response (401, Unauthenticated):
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Change Password
requires authentication
Change the authenticated user's password.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/app/change-password" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"current_password\": \"oldsecretpassword\",
\"password\": \"newsecretpassword\",
\"password_confirmation\": \"newsecretpassword\"
}"
const url = new URL(
"http://localhost/api/v1/auth/app/change-password"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"current_password": "oldsecretpassword",
"password": "newsecretpassword",
"password_confirmation": "newsecretpassword"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password changed successfully."
}
Example response (401, Unauthenticated):
{
"message": "Unauthenticated."
}
Example response (422, Wrong current password):
{
"message": "The given data was invalid.",
"errors": {
"current_password": [
"The current password is incorrect."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.App Authentication - Social
Token-based social authentication APIs for native mobile/desktop applications
Get OAuth Redirect URL
Get the OAuth redirect URL for the specified provider. The client should open this URL in a browser to start the OAuth flow.
OAuth Callback
Exchange the OAuth code for an access token and authenticate the user. Returns a Bearer token for subsequent API requests.
List Linked Accounts
requires authentication
Get all social accounts linked to the authenticated user.
Link Social Account
requires authentication
Link a new social account to the authenticated user. Returns the OAuth redirect URL for the linking flow.
Complete Link Social Account
requires authentication
Complete the social account linking after OAuth callback.
Unlink Social Account
requires authentication
Remove a linked social account from the authenticated user.
Devices
Register a push device.
requires authentication
Registers (or refreshes) the calling user's device for push notifications. The push token is the identity: re-sending an existing token — even from a different account — transfers ownership so a recycled device never receives the previous user's notifications. Idempotent; safe to call on every app launch.
Example request:
curl --request POST \
"http://localhost/api/v1/devices" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"platform\": \"ios\",
\"provider\": \"fcm\",
\"push_token\": \"fGc1...token\",
\"device_id\": \"7B3F2A10-...\",
\"device_name\": \"John\'s iPhone\",
\"app_version\": \"1.4.2\"
}"
const url = new URL(
"http://localhost/api/v1/devices"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"platform": "ios",
"provider": "fcm",
"push_token": "fGc1...token",
"device_id": "7B3F2A10-...",
"device_name": "John's iPhone",
"app_version": "1.4.2"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (201):
{
"data": {
"id": "01HX...",
"platform": "ios",
"provider": "fcm",
"device_name": "John's iPhone",
"last_used_at": "2026-05-17T10:00:00+00:00"
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Unregister a push device.
requires authentication
Removes one of the caller's registered devices. Only the owner may delete a device.
Example request:
curl --request DELETE \
"http://localhost/api/v1/devices/architecto" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/devices/architecto"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Example response (204):
Empty response
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Email Verification
Verify and resend email verification links.
Verify Email
Confirms ownership of the email address via a temporary signed URL. On success, redirects to the configured frontend URL when set, otherwise returns a JSON success response.
Example request:
curl --request GET \
--get "http://localhost/api/v1/auth/email/verify/16/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/auth/email/verify/16/architecto"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (200):
{
"message": "Email verified successfully."
}
Example response (404, Invalid link):
{
"message": "Verification link is invalid."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Resend Verification Email
requires authentication
Re-sends the verification email to the authenticated user. Returns 200 even when the account is already verified (to avoid leaking state).
Example request:
curl --request POST \
"http://localhost/api/v1/auth/email/verification-notification" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/auth/email/verification-notification"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Example response (200):
{
"message": "Verification email sent."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Endpoints
PATCH api/v1/me
Example request:
curl --request PATCH \
"http://localhost/api/v1/me" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"preferred_language\": \"zh-CN\",
\"avatar_url\": \"http:\\/\\/bailey.com\\/\"
}"
const url = new URL(
"http://localhost/api/v1/me"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"preferred_language": "zh-CN",
"avatar_url": "http:\/\/bailey.com\/"
};
fetch(url, {
method: "PATCH",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Public preview of an invite so the join screen can show what the user is about to join — even before they sign in.
Example request:
curl --request GET \
--get "http://localhost/api/v1/invites/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/invites/architecto"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (404):
Show headers
cache-control: no-cache, private
content-type: application/json
x-ratelimit-limit: 30
x-ratelimit-remaining: 29
access-control-allow-origin: *
{
"message": "This invite link is not valid."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Redeem an invite: add the authenticated user to the workspace.
Example request:
curl --request POST \
"http://localhost/api/v1/invites/architecto/accept" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/invites/architecto/accept"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/workspaces
Example request:
curl --request POST \
"http://localhost/api/v1/workspaces" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"slug\": \"n\",
\"password\": \"|{+-0pBNvYgx\"
}"
const url = new URL(
"http://localhost/api/v1/workspaces"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"slug": "n",
"password": "|{+-0pBNvYgx"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{id}
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/direct-conversations
Example request:
curl --request GET \
--get "http://localhost/api/v1/direct-conversations" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/direct-conversations"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/direct-conversations
Example request:
curl --request POST \
"http://localhost/api/v1/direct-conversations" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"participant_user_id\": \"architecto\"
}"
const url = new URL(
"http://localhost/api/v1/direct-conversations"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"participant_user_id": "architecto"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/direct-recipients/resolve
Example request:
curl --request POST \
"http://localhost/api/v1/direct-recipients/resolve" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\"
}"
const url = new URL(
"http://localhost/api/v1/direct-recipients/resolve"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/direct-conversations/{conversation_id}/messages
Example request:
curl --request GET \
--get "http://localhost/api/v1/direct-conversations/01ktvxyqq8nx0zyqm8rtrcp3xa/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/direct-conversations/01ktvxyqq8nx0zyqm8rtrcp3xa/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/direct-conversations/{conversation_id}/messages
Example request:
curl --request POST \
"http://localhost/api/v1/direct-conversations/01ktvxyqq8nx0zyqm8rtrcp3xa/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"content\": \"architecto\",
\"attachment_ids\": [
\"architecto\"
]
}"
const url = new URL(
"http://localhost/api/v1/direct-conversations/01ktvxyqq8nx0zyqm8rtrcp3xa/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"content": "architecto",
"attachment_ids": [
"architecto"
]
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/message-attachments/{attachment_id}/download
Example request:
curl --request GET \
--get "http://localhost/api/v1/message-attachments/architecto/download" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/message-attachments/architecto/download"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/direct-message-attachments/{attachment_id}/download
Example request:
curl --request GET \
--get "http://localhost/api/v1/direct-message-attachments/architecto/download" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/direct-message-attachments/architecto/download"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{workspace_id}/channels
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/workspaces/{workspace_id}/channels
Example request:
curl --request POST \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"slug\": \"n\",
\"password\": \"|{+-0pBNvYgx\"
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"slug": "n",
"password": "|{+-0pBNvYgx"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.PUT api/v1/workspaces/{workspace_id}/channels/{id}
Example request:
curl --request PUT \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"slug\": \"n\",
\"password\": \"|{+-0pBNvYgx\"
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"slug": "n",
"password": "|{+-0pBNvYgx"
};
fetch(url, {
method: "PUT",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.DELETE api/v1/workspaces/{workspace_id}/channels/{id}
Example request:
curl --request DELETE \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{workspace_id}/members
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.PUT api/v1/workspaces/{workspace_id}/members/{id}
Example request:
curl --request PUT \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members/01ktvxyqme70jcjz30my99v5hb" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"role\": \"architecto\",
\"preferred_language\": \"architecto\"
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members/01ktvxyqme70jcjz30my99v5hb"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"role": "architecto",
"preferred_language": "architecto"
};
fetch(url, {
method: "PUT",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.DELETE api/v1/workspaces/{workspace_id}/members/{id}
Example request:
curl --request DELETE \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members/01ktvxyqme70jcjz30my99v5hb" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/members/01ktvxyqme70jcjz30my99v5hb"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{workspace_id}/invites
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/workspaces/{workspace_id}/invites
Example request:
curl --request POST \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"expires_in_days\": 1
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"expires_in_days": 1
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.DELETE api/v1/workspaces/{workspace_id}/invites/{id}
Example request:
curl --request DELETE \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites/01ktwzbyvaea33cwb6grhj3f3e" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/invites/01ktwzbyvaea33cwb6grhj3f3e"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{workspace_id}/webhooks
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/workspaces/{workspace_id}/webhooks
Example request:
curl --request POST \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"default_channel_id\": \"architecto\"
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"default_channel_id": "architecto"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.PUT api/v1/workspaces/{workspace_id}/webhooks/{id}
Example request:
curl --request PUT \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"default_channel_id\": \"architecto\",
\"is_active\": true,
\"regenerate_secret\": false
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks/architecto"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "b",
"default_channel_id": "architecto",
"is_active": true,
"regenerate_secret": false
};
fetch(url, {
method: "PUT",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.DELETE api/v1/workspaces/{workspace_id}/webhooks/{id}
Example request:
curl --request DELETE \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/webhooks/architecto"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET api/v1/workspaces/{workspace_id}/channels/{channel_id}/messages
Example request:
curl --request GET \
--get "http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/workspaces/{workspace_id}/channels/{channel_id}/messages
Example request:
curl --request POST \
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"content\": \"architecto\",
\"attachment_ids\": [
\"architecto\"
],
\"skip_translation\": false
}"
const url = new URL(
"http://localhost/api/v1/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"content": "architecto",
"attachment_ids": [
"architecto"
],
"skip_translation": false
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/automation/workspaces/{workspace_id}/channels/{channel_id}/messages
Example request:
curl --request POST \
"http://localhost/api/v1/automation/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"content\": \"architecto\",
\"attachment_ids\": [
\"architecto\"
],
\"skip_translation\": false
}"
const url = new URL(
"http://localhost/api/v1/automation/workspaces/01ktvxyqmbcm7abv91483q1hfd/channels/01ktvxyqn17t8d0w6jx8t2k6e8/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"content": "architecto",
"attachment_ids": [
"architecto"
],
"skip_translation": false
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST api/v1/webhooks/{webhook_id}/messages
Example request:
curl --request POST \
"http://localhost/api/v1/webhooks/architecto/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"content\": \"architecto\",
\"channel_id\": \"architecto\",
\"skip_translation\": false
}"
const url = new URL(
"http://localhost/api/v1/webhooks/architecto/messages"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"content": "architecto",
"channel_id": "architecto",
"skip_translation": false
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.External Temporary Rooms
Create a Temporary Room
requires authentication
Creates a developer-owned anonymous Temporary Room. Requires a Sanctum API token with temporary-rooms:create.
Example request:
curl --request POST \
"http://localhost/api/v1/external/rooms" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"Customer Support Room\",
\"external_reference\": \"customer-123\",
\"ttl_hours\": 12
}"
const url = new URL(
"http://localhost/api/v1/external/rooms"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "Customer Support Room",
"external_reference": "customer-123",
"ttl_hours": 12
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (201):
{
"data": {
"room_id": "01HX...",
"workspace_id": "01HX...",
"channel_id": "01HX...",
"name": "Customer Support Room",
"kind": "temporary_room",
"status": "active",
"external_reference": "customer-123",
"expires_at": "2026-06-12T12:00:00+00:00",
"max_expires_at": "2026-06-13T00:00:00+00:00",
"extension_count": 0,
"join": {
"method": "POST",
"endpoint": "https://api.example.test/api/v1/external/rooms/01HX.../guests"
}
}
}
Example response (403, Temporary Room quota exceeded):
{
"message": "Temporary Room active room limit exceeded.",
"errors": {
"code": [
"temporary_room_quota_exceeded"
]
}
}
Example response (422, TTL exceeds limit):
{
"message": "The given data was invalid.",
"errors": {
"ttl_hours": [
"ttl_hours_exceeds_limit"
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.List developer-owned Temporary Rooms
requires authentication
Requires a Sanctum API token with temporary-rooms:read.
Example request:
curl --request GET \
--get "http://localhost/api/v1/external/rooms" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/external/rooms"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (200):
{
"data": [
{
"room_id": "01HX...",
"kind": "temporary_room",
"status": "active"
}
]
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Show Temporary Room usage summary
requires authentication
Requires a Sanctum API token with temporary-rooms:read.
Example request:
curl --request GET \
--get "http://localhost/api/v1/external/rooms/usage" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/external/rooms/usage"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (200):
{
"data": {
"limits": {
"active_limit": 3,
"monthly_creation_limit": 10
},
"usage": {
"active_room_count": 1,
"monthly_creation_count": 2
},
"abuse_signals": {
"active_limit_reached": false,
"monthly_creation_limit_reached": false
}
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Extend a Temporary Room
requires authentication
Requires a Sanctum API token with temporary-rooms:extend and paid/developer Temporary Room limits.
Example request:
curl --request POST \
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/extend" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"extension_hours\": 24
}"
const url = new URL(
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/extend"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"extension_hours": 24
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"data": {
"room_id": "01HX...",
"expires_at": "2026-06-13T12:00:00+00:00",
"max_expires_at": "2026-07-12T12:00:00+00:00",
"extension_count": 1
}
}
Example response (403, Extension not allowed):
{
"message": "Temporary Room extension is not allowed.",
"errors": {
"code": [
"temporary_room_extension_not_allowed"
]
}
}
Example response (422, Extension exceeds max):
{
"message": "The given data was invalid.",
"errors": {
"extension_hours": [
"extension_hours_exceeds_limit"
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Join a Temporary Room as a guest
Creates a restricted guest user and one guest session token scoped to this Temporary Room.
Example request:
curl --request POST \
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/guests" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"nickname\": \"Mei\",
\"preferred_language\": \"zh-CN\"
}"
const url = new URL(
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/guests"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"nickname": "Mei",
"preferred_language": "zh-CN"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (201):
{
"data": {
"guest": {
"id": "01HX...",
"nickname": "Mei",
"preferred_language": "zh-CN"
},
"session": {
"token": "grst_...",
"token_type": "guest",
"header": "X-Rosetta-Guest-Token",
"expires_at": "2026-06-12T12:00:00+00:00"
},
"room": {
"room_id": "01HX...",
"workspace_id": "01HX...",
"channel_id": "01HX...",
"name": "Customer Support Room",
"status": "active",
"expires_at": "2026-06-12T12:00:00+00:00"
}
}
}
Example response (410, Expired room):
{
"message": "Temporary Room is not available.",
"errors": {
"code": [
"temporary_room_expired"
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.List guest-visible room messages
Requires X-Rosetta-Guest-Token.
Example request:
curl --request GET \
--get "http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/messages" \
--header "X-Rosetta-Guest-Token: string required Guest session token." \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/messages"
);
const headers = {
"X-Rosetta-Guest-Token": "string required Guest session token.",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (200):
{
"data": [
{
"id": "01HX...",
"display_content": "Hello",
"display_source": "original"
}
]
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Send a guest room message
Requires X-Rosetta-Guest-Token.
Example request:
curl --request POST \
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/messages" \
--header "X-Rosetta-Guest-Token: string required Guest session token." \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"content\": \"Hello team\",
\"attachment_ids\": [
\"architecto\"
],
\"parent_message_id\": \"architecto\",
\"skip_translation\": false
}"
const url = new URL(
"http://localhost/api/v1/external/rooms/01ktvxyqmbcm7abv91483q1hfd/messages"
);
const headers = {
"X-Rosetta-Guest-Token": "string required Guest session token.",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"content": "Hello team",
"attachment_ids": [
"architecto"
],
"parent_message_id": "architecto",
"skip_translation": false
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (201):
{
"data": {
"id": "01HX...",
"original_content": "Hello team",
"translation_status": "pending"
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Files
Upload a file.
requires authentication
Returns the created file record with a TTL. Persist the returned id on a parent record and call FileService::claim() to opt out of cleanup.
Example request:
curl --request POST \
"http://localhost/api/v1/files" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: multipart/form-data" \
--header "Accept: application/json" \
--form "visibility=architecto"\
--form "file=@/private/var/folders/x9/t0h3hmd52hq13mvw9drwtz500000gn/T/phppbe9gqluk10ccC07qt3" const url = new URL(
"http://localhost/api/v1/files"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "multipart/form-data",
"Accept": "application/json",
};
const body = new FormData();
body.append('visibility', 'architecto');
body.append('file', document.querySelector('input[name="file"]').files[0]);
fetch(url, {
method: "POST",
headers,
body,
}).then(response => response.json());Example response (201):
{
"data": {
"id": "01HX...",
"client_name": "photo.jpg",
"size": 12345,
"expires_at": "2026-05-11T05:00:00+00:00"
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Show file metadata.
requires authentication
Example request:
curl --request GET \
--get "http://localhost/api/v1/files/architecto" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/files/architecto"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Stream the file contents to the client.
requires authentication
Example request:
curl --request GET \
--get "http://localhost/api/v1/files/architecto/download" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/files/architecto/download"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
access-control-allow-origin: *
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Delete a file (soft delete + remove from disk).
requires authentication
Example request:
curl --request DELETE \
"http://localhost/api/v1/files/architecto" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/files/architecto"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "DELETE",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Me
List my files.
requires authentication
Returns files owned by the authenticated user. By default only claimed
(persistent) files are listed — pass ?claimed=false to see files
that still carry a TTL. Anonymously uploaded files are never listed
here regardless of filters.
Example request:
curl --request GET \
--get "http://localhost/api/v1/me/files?claimed=1&visibility=private&q=invoice&sort=-created_at&per_page=20&page=1" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"claimed\": true,
\"visibility\": \"public\",
\"q\": \"b\",
\"sort\": \"-created_at\",
\"per_page\": 22,
\"page\": 67
}"
const url = new URL(
"http://localhost/api/v1/me/files"
);
const params = {
"claimed": "1",
"visibility": "private",
"q": "invoice",
"sort": "-created_at",
"per_page": "20",
"page": "1",
};
Object.keys(params)
.forEach(key => url.searchParams.append(key, params[key]));
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"claimed": true,
"visibility": "public",
"q": "b",
"sort": "-created_at",
"per_page": 22,
"page": 67
};
fetch(url, {
method: "GET",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"data": [
{
"id": "01HX...",
"client_name": "photo.jpg"
}
],
"meta": {
"current_page": 1
},
"links": {}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.List my push devices.
requires authentication
Returns the push-notification devices registered to the authenticated user. Raw push tokens are never returned.
Example request:
curl --request GET \
--get "http://localhost/api/v1/me/devices?provider=fcm&sort=-last_used_at&per_page=20&page=1" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"provider\": \"expo\",
\"sort\": \"-last_used_at\",
\"per_page\": 1,
\"page\": 22
}"
const url = new URL(
"http://localhost/api/v1/me/devices"
);
const params = {
"provider": "fcm",
"sort": "-last_used_at",
"per_page": "20",
"page": "1",
};
Object.keys(params)
.forEach(key => url.searchParams.append(key, params[key]));
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"provider": "expo",
"sort": "-last_used_at",
"per_page": 1,
"page": 22
};
fetch(url, {
method: "GET",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"data": [
{
"id": "01HX...",
"platform": "ios",
"provider": "fcm"
}
],
"meta": {
"current_page": 1
},
"links": {}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Shared Authentication
Shared authentication APIs that work with both token and cookie-based authentication
Get Current User
requires authentication
Retrieve the authenticated user's information. Works with both token-based and cookie-based authentication.
Example request:
curl --request GET \
--get "http://localhost/api/v1/me" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/me"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (200):
{
"id": 1,
"name": "John Doe",
"email": "[email protected]",
"email_verified_at": "2024-01-01T00:00:00.000000Z",
"is_active": true,
"last_login_at": "2024-01-15T10:30:00.000000Z",
"created_at": "2024-01-01T00:00:00.000000Z",
"updated_at": "2024-01-15T10:30:00.000000Z"
}
Example response (401, Unauthenticated):
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Web Authentication
Cookie-based authentication APIs for Single Page Applications (SPA)
Register
Create a new user account and establish a session.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/register" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"John Doe\",
\"email\": \"[email protected]\",
\"password\": \"secretpassword\",
\"preferred_language\": \"en\",
\"password_confirmation\": \"secretpassword\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/register"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"name": "John Doe",
"email": "[email protected]",
"password": "secretpassword",
"preferred_language": "en",
"password_confirmation": "secretpassword"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]"
},
"message": "Registered successfully."
}
Example response (422, Validation error):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"This email is already registered."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Login
Authenticate user with email and password, establish a session.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/login" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"password\": \"secretpassword\",
\"device_name\": \"v\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/login"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]",
"password": "secretpassword",
"device_name": "v"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]"
},
"message": "Logged in successfully."
}
Example response (403, Account inactive):
{
"message": "Account is inactive."
}
Example response (422, Invalid credentials):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"The provided credentials are incorrect."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Request OTP
Send a One-Time Password to the user's email for passwordless authentication.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/otp" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/otp"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "OTP sent to your email."
}
Example response (422, Validation error):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"The email field must be a valid email address."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Verify OTP
Verify the One-Time Password and establish a session. Creates a new account if the email is not registered.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/otp/verify" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"token\": \"123456\",
\"device_name\": \"j\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/otp/verify"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]",
"token": "123456",
"device_name": "j"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"user": {
"id": 1,
"name": "john",
"email": "[email protected]"
},
"message": "Logged in successfully."
}
Example response (403, Account inactive):
{
"message": "Account is inactive."
}
Example response (422, Invalid OTP):
{
"message": "The given data was invalid.",
"errors": {
"token": [
"Invalid or expired OTP."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Forgot Password
Send a password reset link to the user's email.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/forgot-password" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/forgot-password"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"email": "[email protected]"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password reset link sent to your email."
}
Example response (422, Email not found):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"We could not find an account with that email."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Reset Password
Reset the user's password using the reset token.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/reset-password" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"token\": \"abc123def456...\",
\"email\": \"[email protected]\",
\"password\": \"newsecretpassword\",
\"password_confirmation\": \"newsecretpassword\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/reset-password"
);
const headers = {
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"token": "abc123def456...",
"email": "[email protected]",
"password": "newsecretpassword",
"password_confirmation": "newsecretpassword"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password has been reset successfully."
}
Example response (422, Invalid token):
{
"message": "The given data was invalid.",
"errors": {
"email": [
"This password reset token is invalid."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Logout
requires authentication
Destroy the current session.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/logout" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"http://localhost/api/v1/auth/web/logout"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Example response (200):
{
"message": "Logged out successfully."
}
Example response (401, Unauthenticated):
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Change Password
requires authentication
Change the authenticated user's password.
Example request:
curl --request POST \
"http://localhost/api/v1/auth/web/change-password" \
--header "Authorization: Bearer {YOUR_BEARER_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"current_password\": \"oldsecretpassword\",
\"password\": \"newsecretpassword\",
\"password_confirmation\": \"newsecretpassword\"
}"
const url = new URL(
"http://localhost/api/v1/auth/web/change-password"
);
const headers = {
"Authorization": "Bearer {YOUR_BEARER_TOKEN}",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"current_password": "oldsecretpassword",
"password": "newsecretpassword",
"password_confirmation": "newsecretpassword"
};
fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (200):
{
"message": "Password changed successfully."
}
Example response (401, Unauthenticated):
{
"message": "Unauthenticated."
}
Example response (422, Wrong current password):
{
"message": "The given data was invalid.",
"errors": {
"current_password": [
"The current password is incorrect."
]
}
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.Web Authentication - Social
Cookie-based social authentication APIs for Single Page Applications (SPA)
Get OAuth Redirect URL
Get the OAuth redirect URL for the specified provider. The client should open this URL in a browser to start the OAuth flow.
OAuth Callback
Exchange the OAuth code for a session and authenticate the user. Establishes a session cookie for subsequent requests.
List Linked Accounts
requires authentication
Get all social accounts linked to the authenticated user.
Link Social Account
requires authentication
Link a new social account to the authenticated user. Returns the OAuth redirect URL for the linking flow.
Complete Link Social Account
requires authentication
Complete the social account linking after OAuth callback.
Unlink Social Account
requires authentication
Remove a linked social account from the authenticated user.