</> REST API
API Gateway Active Queue Workers Online JWT Security Enabled

תיעוד API

שלבו את FlowBot AI ביישומים שלכם. הפעילו תהליכי ווצאפ, שלחו הודעות, נהלו שיחות, וצרו תהליכים מבוססי AI באופן תכנותי.

Base URLhttps://your-domain.com
FormatJSON (application/json)
אימותJWT Bearer / Cookie / Legacy per-flow auth

התחלה מהירה

1
התחברו

Admin approves API usage in User Management, then rotate key in Settings → API Access

2
הפעילו תהליך

POST /api/auth/api-token → get `accessToken`

3
עקבו והשיבו

POST /api/webhook/outbound, POST /api/webhook/flow/{flowId}/lead with Bearer JWT

Integration Code Examples

Copy-paste ready snippets for the core integration flows in exactly these languages: cURL, Node.js, Python, PHP.

How to connect Approved Template Group with Flow (Combined mode)
  1. Create approved WhatsApp templates and place them in a template group (`Settings → Templates → Template Groups`).
  2. Open the target flow and make sure it is Active (example: `Recruitment Qualifier - גיל ורלוונטיות`).
  3. Call `POST /api/webhook/outbound` with `phone`, `flowId`, and `templateGroupId` (or `templateName`/`templateId`).
  4. System sends approved template first (for 24h-closed scenarios), then waits for recipient reply.
  5. When recipient replies in WhatsApp, inbound webhook resumes/starts the same flow automatically.
Use placeholders for secrets in docs (`YOUR_CLIENT_ID`, `YOUR_API_KEY`, `API_ACCESS_TOKEN`, ids, phone). Do not hardcode real credentials.
Smart Integration Context
התחבר למערכת כדי למלא אוטומטית Client/Flow/Template Group ולהפיק דוגמאות מוכנות להדבקה.
התחברות
POST /api/auth/login
Authenticate and keep session cookie for authenticated APIs.
curl -X POST {BASE_URL}/api/auth/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{"username":"your_username","password":"your_password"}'
API JWT (Client ID + API Key)
POST /api/auth/api-token
Server-to-server authentication: exchange one client API key for JWT Bearer token.
curl -X POST {BASE_URL}/api/auth/api-token \
  -H "Content-Type: application/json" \
  -d '{"clientId":"YOUR_CLIENT_ID","apiKey":"YOUR_API_KEY","ttlSec":3600}'
הפעלת תהליך יזום
POST /api/webhook/outbound
Trigger proactive WhatsApp flow from external system (Bearer token).
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "flow-uuid",
    "data": {
      "customerName": "John Doe",
      "templateId": "template-uuid",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID"
    }
  }'
Approved Template Group -> Reply -> Same Flow
POST /api/webhook/outbound
Send approved template group first, then the recipient reply continues in the same flow.
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "a8b4ef2d-a8a4-4650-9414-ab6f335e01b4",
    "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
    "queue": true,
    "data": {
      "customerName": "John Doe",
      "templateLanguage": "he",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID",
      "sourceRef": "crm-lead-90210",
      "campaignId": "recruitment-march"
    }
  }'
Approved Single Template -> Reply -> Same Flow
POST /api/webhook/outbound
Use explicit approved templateName/templateId first, then recipient reply enters the same flow.
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "a8b4ef2d-a8a4-4650-9414-ab6f335e01b4",
    "templateName": "rayon_hello_utility_04_20260315",
    "queue": true,
    "data": {
      "customerName": "John Doe",
      "templateLanguage": "he",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID",
      "sourceRef": "crm-lead-90210",
      "campaignId": "recruitment-march"
    }
  }'
שליחת ליד לתהליך
POST /api/webhook/flow/{flowId}/lead
Push lead payload from CRM/Form to a specific flow.
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{"phone":"+972501234567","name":"John Doe","email":"[email protected]"}'
Submit Template to Meta for Approval
POST /api/templates
Author a brand-new WhatsApp template and submit it to Meta for approval. The endpoint validates the payload, posts to the WABA Graph API, and stores the result locally. Returns status=PENDING immediately — poll GET /api/templates to see when Meta promotes it to APPROVED/REJECTED. Category rules: UTILITY is approved by default; MARKETING/AUTHENTICATION require nonUtilityOverride=true plus a reason for audit. The optional targetGroupId/targetGroupName auto-adds the template to a group once Meta accepts it.
curl -X POST {BASE_URL}/api/templates \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "name": "salon_yofi_confirmation_v1",
    "category": "UTILITY",
    "language": "he",
    "components": [
      { "type": "HEADER", "format": "TEXT", "text": "תור נקבע!" },
      {
        "type": "BODY",
        "text": "שלום {{1}}, התור שלך נקבע ל-{{2}} בשעה {{3}}. נשמח לראות אותך!",
        "example": { "body_text": [["שרה", "יום שלישי 28/05", "10:00"]] }
      },
      { "type": "FOOTER", "text": "סלון אופרה לונדון" },
      {
        "type": "BUTTONS",
        "buttons": [
          { "type": "QUICK_REPLY", "text": "מאשרת" },
          { "type": "QUICK_REPLY", "text": "צריכה לשנות" }
        ]
      }
    ],
    "targetGroupName": "Booking Confirmations"
  }'
Poll Template Approval Status
GET /api/templates
Fetch the full template catalog with each row's current status. The endpoint also performs a background sync with Meta on every call so freshly-approved templates appear within seconds. Filter the returned array by status ("APPROVED" / "PENDING" / "REJECTED") to drive UI badges.
curl -X GET {BASE_URL}/api/templates \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT"
Create / Update Template Group (מקבץ הודעות)
POST /api/templates/groups
A template group bundles multiple approved templates so the bot picks the best fit per recipient. Used together with /api/webhook/outbound (templateGroupId) — see the "Approved Template Group -> Reply" recipe above. The pickStrategy controls fallback order: "preferred_then_others" (default) tries the first template, then walks the list; "round_robin" cycles deterministically; "random" picks one. preferredPhoneNumberId optionally pins the group to a specific WA line within the same WABA.
curl -X POST {BASE_URL}/api/templates/groups \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "name": "Booking Confirmations",
    "description": "Variants we cycle through for booking confirmations",
    "pickStrategy": "preferred_then_others",
    "templates": [
      { "name": "salon_yofi_confirmation_v1", "language": "he" },
      { "name": "salon_yofi_confirmation_v2", "language": "he" }
    ]
  }'
יצירת תהליך עם AI
POST /api/flows/generate
Generate a flow using text prompt (and optional PDF/image).
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Create a customer support flow for a taxi company'

Capabilities Mapping

Structured documentation of platform capabilities and the exact APIs used to implement each one.

WhatsApp Automation End-to-End
Inbound/outbound messaging, flow triggers, template-based messaging after 24h, delivery and failover support.
Inbound WhatsApp webhook processing (verify + signature + events)
Auth Type: Meta signature + webhook verify tokenTypical Flow: Meta WhatsApp -> /api/webhook/whatsapp -> flow engine -> logs/status
Webhook
Webhook
Outbound proactive trigger from external systems
Auth Type: JWT Bearer (clientId + apiKey -> /api/auth/api-token)Typical Flow: CRM/ERP -> /api/webhook/outbound -> outbound queue -> WhatsApp
Webhook
Flow API trigger (generic + lead mode)
Auth Type: JWT Bearer preferred (legacy per-flow auth also supported)Typical Flow: External source -> flow trigger API -> variable mapping -> journey start
Webhook
Webhook
Conversation response (text/media/template)
Auth Type: Session cookie (authenticated user)Typical Flow: Agent UI/API -> reply endpoint -> Meta send -> delivery updates
Internal
Internal
Internal
Template management + groups + fallback
Auth Type: Session cookieTypical Flow: Manage templates/groups -> send -> fallback engine on definitive fail
Internal
Internal
Internal
Internal
Internal
Delivery auditing and retries
Auth Type: Session cookie (admin/operator scope)Typical Flow: Monitor stale/failed -> audit -> manual/automatic retry
Admin
Admin
Admin
AI Flow Generation & Knowledge Base (RAG)
Generate production-ready flows from prompts/documents and ground AI with uploaded business knowledge.
Generate flow from prompt/PDF/image
Auth Type: Session cookieTypical Flow: User prompt/file -> /api/flows/generate -> AI model -> draft flow
Internal
Internal
Manage AI providers and defaults
Auth Type: Session cookieTypical Flow: Settings UI -> provider CRUD -> runtime model selection
Internal
Knowledge base upload/index/delete
Auth Type: Session cookieTypical Flow: Upload docs -> chunk/index -> retrieval during AI response
Internal
Monitor usage and provider balance
Auth Type: Session cookieTypical Flow: Usage tracking -> cost aggregation -> alerts/visibility
Internal
Internal
AI Ads Studio, Learning and Archive
Generate ad creatives, publish/manage ads, collect performance signals, rank and recommend actions.
Generate ad copy/image/full bundle with creative metadata
Auth Type: Session cookieTypical Flow: Business input -> AI generation -> creative logs/archive
Internal
Ads account operations (campaign/adset/ad + insights)
Auth Type: Session cookie + connected ads tokensTypical Flow: User action -> marketing API -> account objects/insights
Internal
Internal
Archive all ad assets with user access control
Auth Type: Session cookie (admin-only delete)Typical Flow: Creative/campaign event -> ad archive -> user-level visibility controls
Internal
Autopilot recommendations and actions
Auth Type: Session cookie + monitor flagsTypical Flow: Performance data -> recommender -> optional pause/boost actions
Internal
Internal
Meta/TikTok account connections for ads
Auth Type: Session cookie + provider OAuthTypical Flow: Connect account -> save tokens -> enable ads features
Internal
Internal
Internal
Internal
Multi-Channel Integrations
Connect and orchestrate Facebook, Instagram, TikTok, Telegram, and Email channels in one stack.
Facebook/Instagram settings and subscription
Auth Type: Session cookie + Meta app credentialsTypical Flow: Settings connect -> webhook subscribe -> inbound event routing
Internal
Internal
Webhook
Webhook
TikTok auth + webhook + ads
Auth Type: Session cookie + TikTok OAuthTypical Flow: OAuth connect -> save config -> webhook/ads operations
Internal
Internal
Webhook
Internal
Telegram bot webhooks (global and per config)
Auth Type: Session cookie + telegram secretTypical Flow: Bot setup -> webhook set -> inbound message -> flow
Internal
Webhook
Webhook
Email OAuth/connect/send/ingest
Auth Type: Session cookie + provider OAuthTypical Flow: Connect mailbox -> send/poll -> route emails to workflows
Internal
Internal
Internal
Webhook
WhatsApp embedded signup + config
Auth Type: Session cookie + Meta app credentialsTypical Flow: Embedded signup -> store phone/account IDs -> activate messaging
Internal
Internal
CRM, Workforce and Operational Control
Leads, contacts, employees, tasks, and admin observability for high-volume operations.
Lead lifecycle management
Auth Type: Session cookieTypical Flow: Lead ingestion -> status transitions -> follow-up automation
Internal
Internal
Internal
Internal
Contacts and profile avatars
Auth Type: Session cookieTypical Flow: Import/maintain contacts -> enrich with avatar metadata
Internal
Internal
Employees and permission-based operations
Auth Type: Session cookie (owner/admin scope)Typical Flow: Manage users/employees -> assign permissions -> scoped access
Internal
Internal
Internal
Internal
Task assignment and completion tracking
Auth Type: Session cookieTypical Flow: Create task -> assign team -> owner/employee completion
Internal
Internal
Admin analytics and DB tools
Auth Type: Session cookie (admin)Typical Flow: Operational dashboards -> system checks/actions
Admin
Admin
Debug and diagnostics
Auth Type: Debug key/admin cookieTypical Flow: Investigate incidents -> inspect logs/conversation state
Admin
Admin
Admin
Admin
Calendar & Booking Automation
Public booking funnels, internal scheduling, reminders, and Google Calendar sync.
Appointment CRUD and business scheduling
Auth Type: Session cookieTypical Flow: Staff schedule management -> create/update/cancel appointments
Internal
Internal
Public booking endpoint
Auth Type: Public endpointTypical Flow: Customer booking page -> book endpoint -> appointment record
Public
Reminder and notify pipelines
Auth Type: Session cookie/System schedulerTypical Flow: Scheduler scan -> reminder trigger -> channel notification
Internal
Internal
Calendar template flow integration
Auth Type: Session cookieTypical Flow: Calendar event state -> mapped flow/template action
Internal
Google OAuth connect/callback/disconnect
Auth Type: Session cookie + Google OAuthTypical Flow: Connect Google account -> token exchange -> sync/disconnect
Internal
Internal
Internal

Full REST Map

Complete inventory of system APIs (integration + internal), grouped by domain. Use this as the main map for third-party integration and AI orchestration.

Auth & Identity (9)
POST/api/auth/loginPublicLogin and set session cookie
POST/api/auth/registerPublicRegister account
POST/api/auth/logoutCookieLogout and clear cookie
GET/api/auth/meCookieCurrent user/session info
POST/api/auth/send-verificationPublicSend email/phone verification code
POST/api/auth/verify-codePublicVerify received code
POST/api/auth/socialPublicSocial login callback/token verify
POST/api/auth/languageCookieSave UI language
POST/api/auth/themeCookieSave UI theme
Flows & Conversations (14)
GET,POST/api/flowsCookieList/create flows
GET,PUT,DELETE/api/flows/{id}CookieFlow details/update/delete
GET,POST/api/flows/{id}/versionsCookieFlow versioning
POST/api/flows/generateCookieAI flow generation (text/PDF/image)
POST/api/flows/fix-shayCookie/AdminPreset migration/fix utility
GET/api/conversationsCookieList conversations + stats
GET,PUT/api/conversations/{id}CookieConversation details/claim state
POST/api/conversations/{id}/replyCookieSend reply (text/media/template)
GET,POST/api/leadsCookieLead list/create/update status
GET,PUT/api/leads/{phone}CookieLead by phone
POST/api/leads/import-jsonCookieBulk import leads from JSON
GET,POST/api/leads/targetsCookieLead targets/goal management
POST/api/contacts/importCookieImport contacts
GET,PUT,DELETE/api/contacts/avatarCookieContact avatar management
Templates & Messaging (20)
GET/api/templatesCookie/BearerList templates + sync from Meta. Returns each row's status (PENDING/APPROVED/REJECTED) + syncReport. Poll after submission.
POST/api/templatesCookie/BearerSUBMIT new template to Meta for approval. Body: { name, category, language, components, targetGroupId?, targetGroupName?, nonUtilityOverride?, nonUtilityOverrideReason? }. Returns 201 with status=PENDING. MARKETING/AUTHENTICATION categories require override fields.
PUT/api/templatesCookie/BearerToggle work-approval flag on a template (controls whether bot may send it before client sign-off). Body: { id, isWorkApproved }.
DELETE/api/templates/{name}Cookie/BearerDelete a template from Meta AND local DB. Body may include { clientApprovalConfirmed, clientApprovalReason } for audit.
GET/api/templates/groupsCookie/BearerList template groups + every available approved template + every default-scope WA phone line (so the UI can build a picker).
POST/api/templates/groupsCookie/BearerCreate a template group (מקבץ הודעות). Body: { name, templates: [{name, language}], description?, pickStrategy?, preferredPhoneNumberId? }. pickStrategy: "preferred_then_others" (default) / "round_robin" / "random".
PUT/api/templates/groupsCookie/BearerUpdate a group (rename, reorder templates, change strategy, change pinned WA line). Body: { id, ...partial }.
DELETE/api/templates/groups?id={id}Cookie/BearerSoft-delete a template group.
POST/api/templates/bulk-sendCookie/BearerBulk send. Body: { templateId? OR templateGroupId, phones[], flowId?, phoneNumberId?, allowMarketing?, forceSend? }. phoneNumberId overrides; else group.preferredPhoneNumberId; else primary.
GET,POST/api/templates/check-sentCookie/BearerCheck if phones already received a template in the last N hours (default 24). Body: { phones[], templateName?, hours? }.
POST/api/templates/controlled-batchCookie/BearerSubmit MANY templates with staggered Meta-API submissions (avoids rate limits). Returns { jobId }. Poll status with GET ?jobId=...
GET/api/templates/controlled-batch?jobId={id}Cookie/BearerPoll status of a batch submission job: pending → running → completed/failed; per-item okCount/failCount.
DELETE/api/templates/controlled-batch?jobId={id}Cookie/BearerCancel a pending/in-progress batch job.
POST/api/templates/ai-variantsCookie/BearerGenerate AI-optimized alternative body texts from an existing template. Body: { sourceBody, sourceCategory?, count?, extraInstructions? }.
POST/api/templates/health-actionsCookie/BearerPer-template ops: mark_work_off / pause_template / safe_utility_rewrite_dry_run.
GET/api/templates/approved-auditCookie/BearerPer-approved-template stats: deliveries, replies, owner breakdown.
GET,POST/api/templates/archive-historyCookie/BearerSnapshot the current template+group state OR restore a previous batch (action: "snapshot" / "restore").
GET,POST/api/templates/waba-migrationCookie/BearerExport group→phone-line mapping for WABA reconnect; remap groups to a new phone line via POST.
POST/api/webhook/outboundBearerPrimary outbound trigger for integrations (use templateGroupId or templateName).
POST/api/webhook/outbound-statusBearer/CookieOutbound delivery/status callback helper.
Channel Integrations (WhatsApp/Facebook/TikTok/Telegram/Email) (16)
GET,POST/api/settings/whatsappCookieWhatsApp config per user/flow
POST/api/whatsapp/embedded-signupCookieMeta embedded signup connect flow
POST/api/whatsapp/reset-wa-before-reconnectCookieDelete all WA configs for user before Embedded Signup reconnect
GET,POST/api/whatsapp/extra-wa-linesCookieList WABA phones not in FLOW; add secondary line (shared token); POST registerOnly registers PENDING phone with Meta Cloud API
GET,POST/api/settings/facebookCookieFacebook/Instagram settings
POST/api/settings/facebook-subscribeCookieSubscribe page/webhook fields
POST/api/facebook/connectCookieConnect FB page/account
GET,POST/api/facebook/adsCookieMeta Ads read/create/actions
GET,POST/api/settings/tiktokCookieTikTok settings
GET,POST/api/tiktok/connectCookieTikTok OAuth connect/callback
GET,POST/api/tiktok/adsCookieTikTok Ads read/create/actions
GET,POST/api/settings/telegramCookieTelegram bot config + webhook set/remove
GET,POST/api/settings/emailCookieEmail channel settings
GET/api/email/connectCookieGoogle/Microsoft OAuth connect/callback
POST/api/email/sendCookieSend outbound email
POST/api/push/subscribeCookieSave web push/FCM subscription
AI, Knowledge Base & Ads Learning (7)
GET,POST,DELETE/api/settings/aiCookieAI provider configs and defaults
GET,POST,DELETE/api/knowledge-baseCookieRAG documents and indexing
POST/api/uploadCookieMedia/file upload (GCS/local fallback)
GET,POST/api/ads/generateCookieGenerate copy/image/full ad + learning hooks
GET,POST,DELETE/api/ads/archiveCookie/AdminAd archive with user access control
GET,POST/api/ads/autopilotCookieRecommendation feed and auto-actions
GET/api/monitor/statusCookieAds monitor health (off/starting/healthy/stale)
Calendar & Booking (9)
GET,POST,PUT/api/calendar/appointmentsCookieAppointments CRUD
POST/api/calendar/bookPublicPublic booking endpoint
POST/api/calendar/notifyCookie/SystemCalendar notifications
GET,POST/api/calendar/remindersCookie/SystemReminder queue/trigger
GET,POST/api/calendar/settingsCookieCalendar settings and rules
GET,POST/api/calendar/template-flowCookieCalendar-trigger template flow mapping
GET/api/calendar/google/connectCookieGoogle Calendar OAuth start
GET/api/calendar/google/callbackCookieGoogle OAuth callback
POST/api/calendar/google/disconnectCookieRevoke Google Calendar connection
Users, Employees, Tasks, Usage, Admin (12)
GET,POST/api/usersCookie/AdminUser list/create
GET,PUT,DELETE/api/users/{id}Cookie/AdminUser details/update/delete
GET,POST/api/employeesCookieEmployees list/create
GET,PUT,DELETE/api/employees/{id}CookieEmployee details/update/delete
GET,POST/api/tasksCookieTasks list/create
GET,PUT,DELETE/api/tasks/{id}CookieTask details/update/delete
GET/api/usageCookieUsage logs and summaries
GET/api/usage/balanceCookieProvider balance and alerts
GET,POST/api/admin/analyticsCookie/AdminSystem analytics dashboards
GET,POST/api/admin/databaseCookie/AdminDatabase admin tools
POST/api/asterisk/callCookieDialer outbound call trigger
GET/api/asterisk/operatorsCookieDialer operators list
Incoming Webhooks, Monitoring & Diagnostics (19)
GET,POST/api/webhook/whatsappMeta SignatureWhatsApp webhook verify + incoming events
GET,POST/api/webhook/facebookMeta SignatureFacebook webhook verify + incoming events
GET,POST/api/webhook/fb-leadsMeta SignatureFB lead ads webhook handler
POST/api/webhook/tiktokTikTok SignatureTikTok webhook handler
POST/api/webhook/emailProvider/ConfigEmail poll/webhook ingestion
POST/api/webhook/telegramTelegram SecretTelegram incoming webhook
POST/api/webhook/telegram/{configId}Telegram SecretTenant-specific Telegram webhook
GET,POST/api/webhook/flow/{flowId}ConfigurableGeneric flow API trigger (not Meta callback URL)
POST/api/webhook/flow/{flowId}/leadConfigurableFlow lead API trigger endpoint (not Meta callback URL)
GET/api/webhook/logsCookie/AdminWebhook log stream
GET/api/webhook/api-logsCookie/AdminAPI request logs
GET/api/webhook/perf-logsCookie/AdminPerformance logs
GET/api/webhook/queue-logsCookie/AdminOutbound queue logs
POST/api/webhook/ui-client-errorPublic/CookieClient-side error telemetry
GET,POST/api/monitor/deliveryCookie/AdminDelivery monitor health/audit/retry
GET/api/debug/conversationsDebug keyConversations debug dump
GET/api/debug/conversation/{id}Debug keySingle conversation debug dump
GET/api/proxyCookieControlled proxy endpoint
POST/api/seedCookie/AdminSeed/demo bootstrap data
POST
/api/auth/loginהתחברות
Public

התחברו וקבלו עוגיית סשן (JWT). השתמשו בעוגייה זו בבקשות מאומתות עוקבות.

מגבלת קצב: 10 requests / 15 min per IP
הערות: התגובה מגדירה עוגיית HTTP-only בשם `wdf_token` שנשלחת אוטומטית עם בקשות עוקבות. לשילובי API, שמרו והעבירו עוגייה זו.
גוף הבקשה
{
  "username": "your_username",
  "password": "your_password"
}
תגובה
{
  "user": {
    "id": "uuid",
    "username": "your_username",
    "displayName": "Your Name",
    "email": "[email protected]",
    "role": "user"
  }
}
cURL דוגמה
curl -X POST {BASE_URL}/api/auth/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{"username": "your_username", "password": "your_password"}'
POST
/api/auth/api-tokenExchange Client Credentials to API JWT
Public

Use the client credentials from Settings -> API Access to get a short-lived Bearer JWT for server-to-server API calls.

מגבלת קצב: 10 requests / 15 min per IP
הערות: Each customer has exactly one API credential set (clientId + apiKey). API usage is blocked by default until admin approval in User Management. Rotate keys from Settings -> API Access and keep keys in a secrets manager.
גוף הבקשה
{
  "clientId": "aiflow_....",
  "apiKey": "sk_xxxxxxxxxxxxxxxxx",
  "ttlSec": 3600
}
תגובה
{
  "success": true,
  "tokenType": "Bearer",
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresInSec": 3600,
  "clientNumber": "user-uuid",
  "clientId": "aiflow_...."
}
cURL דוגמה
curl -X POST {BASE_URL}/api/auth/api-token \
  -H "Content-Type: application/json" \
  -d '{"clientId":"YOUR_CLIENT_ID","apiKey":"YOUR_API_KEY","ttlSec":3600}'
POST
/api/webhook/outboundהפעלת תהליך יזום
Bearer

שלחו הודעת ווצאפ יזומה על ידי הפעלת תהליך יזום. זוהי נקודת הקצה העיקרית למערכות חיצוניות להתחלת שיחות.

אימות: Preferred: API JWT (Bearer FLOW_OUTBOUND_TOKEN_OR_JWT) from /api/auth/api-token. Legacy verify token is still accepted for backward compatibility.
מגבלת קצב: 30 requests / min
הערות: אובייקט `data` מועבר כמשתני תהליך, נגישים דרך {{customerName}}, {{orderId}} וכו' ברכיבי הודעות. התהליך חייב לכלול רכיב "טריגר יזום". לתבניות OTP/אימות מספיק `data.templateParams` בלבד, למשל ‎`["123456"]`‎. השרת מעתיק את הערך אוטומטית למשתני זרימה ‎`code`‎ / ‎`otpCode`‎.
גוף הבקשה
{
  "phone": "+972501234567",
  "flowId": "your-flow-uuid",
  "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
  "data": {
    "customerName": "John Doe",
    "orderId": "ORD-12345",
    "templateParams": ["123456"],
    "code": "123456"
  }
}
תגובה
{
  "success": true,
  "message": "Outbound flow triggered for +972501234567",
  "flowId": "your-flow-uuid"
}
cURL דוגמה
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "flow-uuid",
    "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
    "data": {
      "customerName": "John",
      "orderId": "ORD-123",
      "templateParams": ["123456"],
      "code": "123456"
    }
  }'
POST
/api/webhook/flow/{flowId}/leadשליחת ליד לתהליך
Bearer

שלחו ליד מה-CRM, טופס אתר, או כל מערכת חיצונית להפעלת תהליך ספציפי. השדות ממופים אוטומטית למשתני התהליך.

אימות: Preferred: API JWT (Bearer FLOW_OUTBOUND_TOKEN_OR_JWT). Legacy per-flow auth modes (API Key, Basic, Bearer, HMAC, None) are still supported.
הערות: שדות ה-JSON ממופים למשתני תהליך בהתאם למיפוי שהוגדר ברכיב "טריגר ליד API". כל שדה שתשלחו ישמש בתהליך דרך {{fieldName}}.
גוף הבקשה
{
  "phone": "+972501234567",
  "name": "John Doe",
  "email": "[email protected]",
  "source": "website",
  "product": "Premium Plan"
}
תגובה
{
  "success": true,
  "message": "Lead received and flow started",
  "variables": ["phone", "name", "email", "source", "product"]
}
cURL דוגמה
# Preferred (API JWT):
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "name": "John Doe",
    "email": "[email protected]"
  }'

# With HMAC-SHA256:
BODY='{"phone":"+972501234567","name":"John"}'
SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "YOUR_HMAC_SECRET" | awk '{print $2}')
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "X-Signature-256: $SIGNATURE" \
  -d "$BODY"
GET
/api/flowsרשימת תהליכים
Cookie

קבלו את כל התהליכים של המשתמש המאומת. מנהלים יכולים לסנן לפי userId.

תגובה
[
  {
    "id": "flow-uuid",
    "name": "Customer Support",
    "description": "Handles customer inquiries",
    "status": "active",
    "createdAt": "2025-01-15T10:00:00.000Z",
    "updatedAt": "2025-01-20T14:30:00.000Z"
  }
]
cURL דוגמה
curl -X GET {BASE_URL}/api/flows \
  -b cookies.txt
GET
/api/conversationsרשימת שיחות
Cookie

קבלו את כל השיחות של המשתמש המאומת עם סטטיסטיקות אופציונליות.

תגובה
[
  {
    "id": "conv-uuid",
    "waPhoneNumber": "+972501234567",
    "customerName": "John Doe",
    "flowId": "flow-uuid",
    "status": "active",
    "lastMessage": "Hello, I need help",
    "startedAt": "2025-01-20T10:00:00.000Z",
    "lastCustomerMessageAt": "2025-01-20T14:30:00.000Z"
  }
]
cURL דוגמה
curl -X GET "{BASE_URL}/api/conversations?limit=50" -b cookies.txt
POST
/api/conversations/{id}/replyשליחת הודעה ללקוח
Cookie

שלחו הודעת ווצאפ ללקוח בתוך שיחה. תומך בטקסט, תמונות, וידאו, מסמכים ותבניות. אוכף כללי חלון 24 שעות של ווצאפ.

הערות: ווצאפ אוכף חלון הודעות של 24 שעות. תוך 24 שעות מההודעה האחרונה של הלקוח, ניתן לשלוח הודעות חופשיות (טקסט, תמונה, וידאו). לאחר 24 שעות, ניתן לשלוח רק תבניות מאושרות מראש. שדה `windowOpen` בתגובה מציין את סטטוס החלון.
גוף הבקשה
// Text message:
{
  "messageType": "text",
  "text": "Hello! How can I help you?"
}

// Image message:
{
  "messageType": "image",
  "mediaUrl": "https://your-domain.com/uploads/photo.jpg",
  "caption": "Here is the information you requested"
}

// Template message (use after 24-hour window):
{
  "messageType": "template",
  "templateName": "order_update",
  "templateLanguage": "en",
  "templateParams": ["ORD-12345", "Shipped"]
}
תגובה
{
  "success": true,
  "messageId": "wamid.xxx",
  "windowOpen": true
}
cURL דוגמה
# Send text message
curl -X POST {BASE_URL}/api/conversations/CONV_ID/reply \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{"messageType": "text", "text": "Hello! How can I help?"}'

# Send template (after 24h window)
curl -X POST {BASE_URL}/api/conversations/CONV_ID/reply \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "messageType": "template",
    "templateName": "order_update",
    "templateLanguage": "en",
    "templateParams": ["ORD-123", "Shipped"]
  }'
POST
/api/flows/generateיצירת תהליך עם AI
Cookie

השתמשו ב-AI ליצירה אוטומטית של תהליך ווצאפ מלא מתיאור טקסט, מסמך PDF או תמונה. זוהי תכונת מחולל התהליכים ה-AI.

מגבלת קצב: 10 requests / min per user
גוף הבקשה
// multipart/form-data:
// - prompt: "Create a customer support flow for a pizza restaurant"
// - file: (optional) PDF or image file
תגובה
{
  "success": true,
  "flow": {
    "id": "new-flow-uuid",
    "name": "Pizza Support Flow",
    "status": "draft",
    "drawflowData": {...}
  },
  "nodeCount": 8,
  "message": "Flow generated with 8 nodes"
}
cURL דוגמה
# Text prompt
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Create a customer support flow for a pizza restaurant'

# With PDF document
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Build a flow from this document' \
  -F 'file=@/path/to/document.pdf'

קודי שגיאה

קודמשמעות
200הצלחה
201נוצר בהצלחה
400בקשה שגויה — פרמטרים חסרים או לא תקינים
401לא מורשה — נדרש אימות או טוקן לא תקין
403אסור — הרשאות לא מספיקות
404לא נמצא — המשאב לא קיים
409התנגשות — המשאב כבר קיים
429יותר מדי בקשות — חריגה ממגבלת קצב
500שגיאת שרת פנימית
מבנה תגובת שגיאה:
{
  "error": "Human-readable error message"
}

מוכנים לשלב?

צרו חשבון חינם והתחילו לבנות אוטומציית ווצאפ עם ה-API שלנו.