Overview
The REST API lets you read and write platform data (contacts, conversations, messages and more). Authentication uses an access token, and webhooks deliver events to your system in real time.
Prerequisites
- A valid access token.
- An HTTPS endpoint to receive webhooks.
Step by step
- Generate an access token in settings.
- Include the token in the auth header of your API calls.
- Make requests to API resources (e.g., list contacts, create a conversation).
- Configure a webhook with the URL and the events you want.
- Validate the webhook signature/secret before processing the payload.
Settings & options
- Token scope: limit access to what's needed.
- Webhook events: subscribe only to the events you use.
- Redelivery: handle retries and idempotency on your endpoint.
Use cases
- Mirror conversations into a data warehouse.
- Notify an external system when a conversation is created or resolved.
Tips, limits & best practices
- Always verify the webhook signature before acting.
- Ensure idempotency (dedup by event identifier).
- Respect rate limits and use backoff on 429/5xx errors.
Troubleshooting
- 401/403: invalid token or missing permission.
- Duplicate webhook: implement dedup by event ID.