</> REST API
API Gateway Active Queue Workers Online JWT Security Enabled

API Documentation

Integrate FlowBot AI into your applications. Trigger WhatsApp flows, send messages, manage conversations, and generate AI-powered flows programmatically.

Base URLhttps://your-domain.com
FormatJSON (application/json)
AuthenticationJWT Bearer / Cookie / Legacy per-flow auth

Quick Start

1
Authenticate

Admin approves API usage in User Management, then rotate key in Settings → API Access

2
Trigger a Flow

POST /api/auth/api-token → get `accessToken`

3
Monitor & Reply

POST /api/webhook/outbound, POST /api/webhook/flow/{flowId}/lead with Bearer JWT

Integration Code Examples

Copy-paste ready snippets for the core integration flows in exactly these languages: cURL, Node.js, Python, PHP.

How to connect Approved Template Group with Flow (Combined mode)
  1. Create approved WhatsApp templates and place them in a template group (`Settings → Templates → Template Groups`).
  2. Open the target flow and make sure it is Active (example: `Recruitment Qualifier - גיל ורלוונטיות`).
  3. Call `POST /api/webhook/outbound` with `phone`, `flowId`, and `templateGroupId` (or `templateName`/`templateId`).
  4. System sends approved template first (for 24h-closed scenarios), then waits for recipient reply.
  5. When recipient replies in WhatsApp, inbound webhook resumes/starts the same flow automatically.
Use placeholders for secrets in docs (`YOUR_CLIENT_ID`, `YOUR_API_KEY`, `API_ACCESS_TOKEN`, ids, phone). Do not hardcode real credentials.
Login
POST /api/auth/login
Authenticate and keep session cookie for authenticated APIs.
curl -X POST {BASE_URL}/api/auth/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{"username":"your_username","password":"your_password"}'
API JWT (Client ID + API Key)
POST /api/auth/api-token
Server-to-server authentication: exchange one client API key for JWT Bearer token.
curl -X POST {BASE_URL}/api/auth/api-token \
  -H "Content-Type: application/json" \
  -d '{"clientId":"YOUR_CLIENT_ID","apiKey":"YOUR_API_KEY","ttlSec":3600}'
Trigger Outbound Flow
POST /api/webhook/outbound
Trigger proactive WhatsApp flow from external system (Bearer token).
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "flow-uuid",
    "data": {
      "customerName": "John Doe",
      "templateId": "template-uuid",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID"
    }
  }'
Approved Template Group -> Reply -> Same Flow
POST /api/webhook/outbound
Send approved template group first, then the recipient reply continues in the same flow.
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "a8b4ef2d-a8a4-4650-9414-ab6f335e01b4",
    "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
    "queue": true,
    "data": {
      "customerName": "John Doe",
      "templateLanguage": "he",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID",
      "sourceRef": "crm-lead-90210",
      "campaignId": "recruitment-march"
    }
  }'
Approved Single Template -> Reply -> Same Flow
POST /api/webhook/outbound
Use explicit approved templateName/templateId first, then recipient reply enters the same flow.
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "a8b4ef2d-a8a4-4650-9414-ab6f335e01b4",
    "templateName": "rayon_hello_utility_04_20260315",
    "queue": true,
    "data": {
      "customerName": "John Doe",
      "templateLanguage": "he",
      "templateParams": ["123456"],
      "code": "123456",
      "phoneNumberId": "YOUR_META_PHONE_NUMBER_ID",
      "sourceRef": "crm-lead-90210",
      "campaignId": "recruitment-march"
    }
  }'
Send Lead to Flow
POST /api/webhook/flow/{flowId}/lead
Push lead payload from CRM/Form to a specific flow.
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{"phone":"+972501234567","name":"John Doe","email":"[email protected]"}'
Generate Flow with AI
POST /api/flows/generate
Generate a flow using text prompt (and optional PDF/image).
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Create a customer support flow for a taxi company'

Capabilities Mapping

Structured documentation of platform capabilities and the exact APIs used to implement each one.

WhatsApp Automation End-to-End
Inbound/outbound messaging, flow triggers, template-based messaging after 24h, delivery and failover support.
Inbound WhatsApp webhook processing (verify + signature + events)
Auth Type: Meta signature + webhook verify tokenTypical Flow: Meta WhatsApp -> /api/webhook/whatsapp -> flow engine -> logs/status
Webhook
Webhook
Outbound proactive trigger from external systems
Auth Type: JWT Bearer (clientId + apiKey -> /api/auth/api-token)Typical Flow: CRM/ERP -> /api/webhook/outbound -> outbound queue -> WhatsApp
Webhook
Flow API trigger (generic + lead mode)
Auth Type: JWT Bearer preferred (legacy per-flow auth also supported)Typical Flow: External source -> flow trigger API -> variable mapping -> journey start
Webhook
Webhook
Conversation response (text/media/template)
Auth Type: Session cookie (authenticated user)Typical Flow: Agent UI/API -> reply endpoint -> Meta send -> delivery updates
Internal
Internal
Internal
Template management + groups + fallback
Auth Type: Session cookieTypical Flow: Manage templates/groups -> send -> fallback engine on definitive fail
Internal
Internal
Internal
Internal
Internal
Delivery auditing and retries
Auth Type: Session cookie (admin/operator scope)Typical Flow: Monitor stale/failed -> audit -> manual/automatic retry
Admin
Admin
Admin
AI Flow Generation & Knowledge Base (RAG)
Generate production-ready flows from prompts/documents and ground AI with uploaded business knowledge.
Generate flow from prompt/PDF/image
Auth Type: Session cookieTypical Flow: User prompt/file -> /api/flows/generate -> AI model -> draft flow
Internal
Internal
Manage AI providers and defaults
Auth Type: Session cookieTypical Flow: Settings UI -> provider CRUD -> runtime model selection
Internal
Knowledge base upload/index/delete
Auth Type: Session cookieTypical Flow: Upload docs -> chunk/index -> retrieval during AI response
Internal
Monitor usage and provider balance
Auth Type: Session cookieTypical Flow: Usage tracking -> cost aggregation -> alerts/visibility
Internal
Internal
AI Ads Studio, Learning and Archive
Generate ad creatives, publish/manage ads, collect performance signals, rank and recommend actions.
Generate ad copy/image/full bundle with creative metadata
Auth Type: Session cookieTypical Flow: Business input -> AI generation -> creative logs/archive
Internal
Ads account operations (campaign/adset/ad + insights)
Auth Type: Session cookie + connected ads tokensTypical Flow: User action -> marketing API -> account objects/insights
Internal
Internal
Archive all ad assets with user access control
Auth Type: Session cookie (admin-only delete)Typical Flow: Creative/campaign event -> ad archive -> user-level visibility controls
Internal
Autopilot recommendations and actions
Auth Type: Session cookie + monitor flagsTypical Flow: Performance data -> recommender -> optional pause/boost actions
Internal
Internal
Meta/TikTok account connections for ads
Auth Type: Session cookie + provider OAuthTypical Flow: Connect account -> save tokens -> enable ads features
Internal
Internal
Internal
Internal
Multi-Channel Integrations
Connect and orchestrate Facebook, Instagram, TikTok, Telegram, and Email channels in one stack.
Facebook/Instagram settings and subscription
Auth Type: Session cookie + Meta app credentialsTypical Flow: Settings connect -> webhook subscribe -> inbound event routing
Internal
Internal
Webhook
Webhook
TikTok auth + webhook + ads
Auth Type: Session cookie + TikTok OAuthTypical Flow: OAuth connect -> save config -> webhook/ads operations
Internal
Internal
Webhook
Internal
Telegram bot webhooks (global and per config)
Auth Type: Session cookie + telegram secretTypical Flow: Bot setup -> webhook set -> inbound message -> flow
Internal
Webhook
Webhook
Email OAuth/connect/send/ingest
Auth Type: Session cookie + provider OAuthTypical Flow: Connect mailbox -> send/poll -> route emails to workflows
Internal
Internal
Internal
Webhook
WhatsApp embedded signup + config
Auth Type: Session cookie + Meta app credentialsTypical Flow: Embedded signup -> store phone/account IDs -> activate messaging
Internal
Internal
CRM, Workforce and Operational Control
Leads, contacts, employees, tasks, and admin observability for high-volume operations.
Lead lifecycle management
Auth Type: Session cookieTypical Flow: Lead ingestion -> status transitions -> follow-up automation
Internal
Internal
Internal
Internal
Contacts and profile avatars
Auth Type: Session cookieTypical Flow: Import/maintain contacts -> enrich with avatar metadata
Internal
Internal
Employees and permission-based operations
Auth Type: Session cookie (owner/admin scope)Typical Flow: Manage users/employees -> assign permissions -> scoped access
Internal
Internal
Internal
Internal
Task assignment and completion tracking
Auth Type: Session cookieTypical Flow: Create task -> assign team -> owner/employee completion
Internal
Internal
Admin analytics and DB tools
Auth Type: Session cookie (admin)Typical Flow: Operational dashboards -> system checks/actions
Admin
Admin
Debug and diagnostics
Auth Type: Debug key/admin cookieTypical Flow: Investigate incidents -> inspect logs/conversation state
Admin
Admin
Admin
Admin
Calendar & Booking Automation
Public booking funnels, internal scheduling, reminders, and Google Calendar sync.
Appointment CRUD and business scheduling
Auth Type: Session cookieTypical Flow: Staff schedule management -> create/update/cancel appointments
Internal
Internal
Public booking endpoint
Auth Type: Public endpointTypical Flow: Customer booking page -> book endpoint -> appointment record
Public
Reminder and notify pipelines
Auth Type: Session cookie/System schedulerTypical Flow: Scheduler scan -> reminder trigger -> channel notification
Internal
Internal
Calendar template flow integration
Auth Type: Session cookieTypical Flow: Calendar event state -> mapped flow/template action
Internal
Google OAuth connect/callback/disconnect
Auth Type: Session cookie + Google OAuthTypical Flow: Connect Google account -> token exchange -> sync/disconnect
Internal
Internal
Internal

Full REST Map

Complete inventory of system APIs (integration + internal), grouped by domain. Use this as the main map for third-party integration and AI orchestration.

Auth & Identity (9)
POST/api/auth/loginPublicLogin and set session cookie
POST/api/auth/registerPublicRegister account
POST/api/auth/logoutCookieLogout and clear cookie
GET/api/auth/meCookieCurrent user/session info
POST/api/auth/send-verificationPublicSend email/phone verification code
POST/api/auth/verify-codePublicVerify received code
POST/api/auth/socialPublicSocial login callback/token verify
POST/api/auth/languageCookieSave UI language
POST/api/auth/themeCookieSave UI theme
Flows & Conversations (14)
GET,POST/api/flowsCookieList/create flows
GET,PUT,DELETE/api/flows/{id}CookieFlow details/update/delete
GET,POST/api/flows/{id}/versionsCookieFlow versioning
POST/api/flows/generateCookieAI flow generation (text/PDF/image)
POST/api/flows/fix-shayCookie/AdminPreset migration/fix utility
GET/api/conversationsCookieList conversations + stats
GET,PUT/api/conversations/{id}CookieConversation details/claim state
POST/api/conversations/{id}/replyCookieSend reply (text/media/template)
GET,POST/api/leadsCookieLead list/create/update status
GET,PUT/api/leads/{phone}CookieLead by phone
POST/api/leads/import-jsonCookieBulk import leads from JSON
GET,POST/api/leads/targetsCookieLead targets/goal management
POST/api/contacts/importCookieImport contacts
GET,PUT,DELETE/api/contacts/avatarCookieContact avatar management
Templates & Messaging (8)
GET,POST/api/templatesCookieList/create templates
GET,PUT,DELETE/api/templates/{id}CookieTemplate details/update/delete
GET,POST,PUT,DELETE/api/templates/groupsCookieTemplate groups; optional preferredPhoneNumberId (default-scope WA line, same WABA)
POST/api/templates/bulk-sendCookieBulk send; body.phoneNumberId overrides line; else group.preferredPhoneNumberId; else primary
GET/api/templates/check-sentCookieTemplate delivery state checks
POST/api/templates/ai-variantsCookieGenerate AI variants from template
POST/api/webhook/outboundBearerPrimary outbound trigger for integrations
POST/api/webhook/outbound-statusBearer/CookieOutbound delivery/status callback helper
Channel Integrations (WhatsApp/Facebook/TikTok/Telegram/Email) (16)
GET,POST/api/settings/whatsappCookieWhatsApp config per user/flow
POST/api/whatsapp/embedded-signupCookieMeta embedded signup connect flow
POST/api/whatsapp/reset-wa-before-reconnectCookieDelete all WA configs for user before Embedded Signup reconnect
GET,POST/api/whatsapp/extra-wa-linesCookieList WABA phones not in FLOW; add secondary line (shared token); POST registerOnly registers PENDING phone with Meta Cloud API
GET,POST/api/settings/facebookCookieFacebook/Instagram settings
POST/api/settings/facebook-subscribeCookieSubscribe page/webhook fields
POST/api/facebook/connectCookieConnect FB page/account
GET,POST/api/facebook/adsCookieMeta Ads read/create/actions
GET,POST/api/settings/tiktokCookieTikTok settings
GET,POST/api/tiktok/connectCookieTikTok OAuth connect/callback
GET,POST/api/tiktok/adsCookieTikTok Ads read/create/actions
GET,POST/api/settings/telegramCookieTelegram bot config + webhook set/remove
GET,POST/api/settings/emailCookieEmail channel settings
GET/api/email/connectCookieGoogle/Microsoft OAuth connect/callback
POST/api/email/sendCookieSend outbound email
POST/api/push/subscribeCookieSave web push/FCM subscription
AI, Knowledge Base & Ads Learning (7)
GET,POST,DELETE/api/settings/aiCookieAI provider configs and defaults
GET,POST,DELETE/api/knowledge-baseCookieRAG documents and indexing
POST/api/uploadCookieMedia/file upload (GCS/local fallback)
GET,POST/api/ads/generateCookieGenerate copy/image/full ad + learning hooks
GET,POST,DELETE/api/ads/archiveCookie/AdminAd archive with user access control
GET,POST/api/ads/autopilotCookieRecommendation feed and auto-actions
GET/api/monitor/statusCookieAds monitor health (off/starting/healthy/stale)
Calendar & Booking (9)
GET,POST,PUT/api/calendar/appointmentsCookieAppointments CRUD
POST/api/calendar/bookPublicPublic booking endpoint
POST/api/calendar/notifyCookie/SystemCalendar notifications
GET,POST/api/calendar/remindersCookie/SystemReminder queue/trigger
GET,POST/api/calendar/settingsCookieCalendar settings and rules
GET,POST/api/calendar/template-flowCookieCalendar-trigger template flow mapping
GET/api/calendar/google/connectCookieGoogle Calendar OAuth start
GET/api/calendar/google/callbackCookieGoogle OAuth callback
POST/api/calendar/google/disconnectCookieRevoke Google Calendar connection
Users, Employees, Tasks, Usage, Admin (12)
GET,POST/api/usersCookie/AdminUser list/create
GET,PUT,DELETE/api/users/{id}Cookie/AdminUser details/update/delete
GET,POST/api/employeesCookieEmployees list/create
GET,PUT,DELETE/api/employees/{id}CookieEmployee details/update/delete
GET,POST/api/tasksCookieTasks list/create
GET,PUT,DELETE/api/tasks/{id}CookieTask details/update/delete
GET/api/usageCookieUsage logs and summaries
GET/api/usage/balanceCookieProvider balance and alerts
GET,POST/api/admin/analyticsCookie/AdminSystem analytics dashboards
GET,POST/api/admin/databaseCookie/AdminDatabase admin tools
POST/api/asterisk/callCookieDialer outbound call trigger
GET/api/asterisk/operatorsCookieDialer operators list
Incoming Webhooks, Monitoring & Diagnostics (19)
GET,POST/api/webhook/whatsappMeta SignatureWhatsApp webhook verify + incoming events
GET,POST/api/webhook/facebookMeta SignatureFacebook webhook verify + incoming events
GET,POST/api/webhook/fb-leadsMeta SignatureFB lead ads webhook handler
POST/api/webhook/tiktokTikTok SignatureTikTok webhook handler
POST/api/webhook/emailProvider/ConfigEmail poll/webhook ingestion
POST/api/webhook/telegramTelegram SecretTelegram incoming webhook
POST/api/webhook/telegram/{configId}Telegram SecretTenant-specific Telegram webhook
GET,POST/api/webhook/flow/{flowId}ConfigurableGeneric flow API trigger (not Meta callback URL)
POST/api/webhook/flow/{flowId}/leadConfigurableFlow lead API trigger endpoint (not Meta callback URL)
GET/api/webhook/logsCookie/AdminWebhook log stream
GET/api/webhook/api-logsCookie/AdminAPI request logs
GET/api/webhook/perf-logsCookie/AdminPerformance logs
GET/api/webhook/queue-logsCookie/AdminOutbound queue logs
POST/api/webhook/ui-client-errorPublic/CookieClient-side error telemetry
GET,POST/api/monitor/deliveryCookie/AdminDelivery monitor health/audit/retry
GET/api/debug/conversationsDebug keyConversations debug dump
GET/api/debug/conversation/{id}Debug keySingle conversation debug dump
GET/api/proxyCookieControlled proxy endpoint
POST/api/seedCookie/AdminSeed/demo bootstrap data
POST
/api/auth/loginLogin
Public

Authenticate and receive a session cookie (JWT). Use this cookie in subsequent authenticated requests.

Rate Limit: 10 requests / 15 min per IP
Notes: The response sets an HTTP-only cookie `wdf_token` which is automatically sent with subsequent requests. For API integrations, store and forward this cookie.
Request Body
{
  "username": "your_username",
  "password": "your_password"
}
Response
{
  "user": {
    "id": "uuid",
    "username": "your_username",
    "displayName": "Your Name",
    "email": "[email protected]",
    "role": "user"
  }
}
cURL Example
curl -X POST {BASE_URL}/api/auth/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{"username": "your_username", "password": "your_password"}'
POST
/api/auth/api-tokenExchange Client Credentials to API JWT
Public

Use the client credentials from Settings -> API Access to get a short-lived Bearer JWT for server-to-server API calls.

Rate Limit: 10 requests / 15 min per IP
Notes: Each customer has exactly one API credential set (clientId + apiKey). API usage is blocked by default until admin approval in User Management. Rotate keys from Settings -> API Access and keep keys in a secrets manager.
Request Body
{
  "clientId": "aiflow_....",
  "apiKey": "sk_xxxxxxxxxxxxxxxxx",
  "ttlSec": 3600
}
Response
{
  "success": true,
  "tokenType": "Bearer",
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresInSec": 3600,
  "clientNumber": "user-uuid",
  "clientId": "aiflow_...."
}
cURL Example
curl -X POST {BASE_URL}/api/auth/api-token \
  -H "Content-Type: application/json" \
  -d '{"clientId":"YOUR_CLIENT_ID","apiKey":"YOUR_API_KEY","ttlSec":3600}'
POST
/api/webhook/outboundTrigger Outbound Flow
Bearer

Send a proactive WhatsApp message by triggering an outbound flow. This is the primary endpoint for external systems to initiate conversations.

Authentication: Preferred: API JWT (Bearer FLOW_OUTBOUND_TOKEN_OR_JWT) from /api/auth/api-token. Legacy verify token is still accepted for backward compatibility.
Rate Limit: 30 requests / min
Notes: The `data` object is passed as flow variables, accessible via {{customerName}}, {{orderId}}, etc. in message nodes. The flow must have an "Outbound Trigger" node. For OTP/auth templates, send only `data.templateParams`: e.g. `["123456"]`. The server copies that value into flow variables (`code` / `otpCode`) automatically.
Request Body
{
  "phone": "+972501234567",
  "flowId": "your-flow-uuid",
  "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
  "data": {
    "customerName": "John Doe",
    "orderId": "ORD-12345",
    "templateParams": ["123456"],
    "code": "123456"
  }
}
Response
{
  "success": true,
  "message": "Outbound flow triggered for +972501234567",
  "flowId": "your-flow-uuid"
}
cURL Example
curl -X POST {BASE_URL}/api/webhook/outbound \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "flowId": "flow-uuid",
    "templateGroupId": "YOUR_TEMPLATE_GROUP_ID",
    "data": {
      "customerName": "John",
      "orderId": "ORD-123",
      "templateParams": ["123456"],
      "code": "123456"
    }
  }'
POST
/api/webhook/flow/{flowId}/leadSend Lead to Flow
Bearer

Send a lead from your CRM, website form, or any external system to trigger a specific flow. Fields are automatically mapped to flow variables.

Authentication: Preferred: API JWT (Bearer FLOW_OUTBOUND_TOKEN_OR_JWT). Legacy per-flow auth modes (API Key, Basic, Bearer, HMAC, None) are still supported.
Notes: The JSON fields are mapped to flow variables based on the field mapping configured in the flow's "API Lead Trigger" node. Any field you send can be used in the flow via {{fieldName}}.
Request Body
{
  "phone": "+972501234567",
  "name": "John Doe",
  "email": "[email protected]",
  "source": "website",
  "product": "Premium Plan"
}
Response
{
  "success": true,
  "message": "Lead received and flow started",
  "variables": ["phone", "name", "email", "source", "product"]
}
cURL Example
# Preferred (API JWT):
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer FLOW_OUTBOUND_TOKEN_OR_JWT" \
  -d '{
    "phone": "+972501234567",
    "name": "John Doe",
    "email": "[email protected]"
  }'

# With HMAC-SHA256:
BODY='{"phone":"+972501234567","name":"John"}'
SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "YOUR_HMAC_SECRET" | awk '{print $2}')
curl -X POST {BASE_URL}/api/webhook/flow/FLOW_ID/lead \
  -H "Content-Type: application/json" \
  -H "X-Signature-256: $SIGNATURE" \
  -d "$BODY"
GET
/api/flowsList Flows
Cookie

Retrieve all flows belonging to the authenticated user. Admin users can filter by userId.

Response
[
  {
    "id": "flow-uuid",
    "name": "Customer Support",
    "description": "Handles customer inquiries",
    "status": "active",
    "createdAt": "2025-01-15T10:00:00.000Z",
    "updatedAt": "2025-01-20T14:30:00.000Z"
  }
]
cURL Example
curl -X GET {BASE_URL}/api/flows \
  -b cookies.txt
GET
/api/conversationsList Conversations
Cookie

Retrieve all conversations for the authenticated user with optional statistics.

Response
[
  {
    "id": "conv-uuid",
    "waPhoneNumber": "+972501234567",
    "customerName": "John Doe",
    "flowId": "flow-uuid",
    "status": "active",
    "lastMessage": "Hello, I need help",
    "startedAt": "2025-01-20T10:00:00.000Z",
    "lastCustomerMessageAt": "2025-01-20T14:30:00.000Z"
  }
]
cURL Example
curl -X GET "{BASE_URL}/api/conversations?limit=50" -b cookies.txt
POST
/api/conversations/{id}/replySend Message to Customer
Cookie

Send a WhatsApp message to a customer within a conversation. Supports text, images, video, documents, and templates. Enforces WhatsApp 24-hour messaging window rules.

Notes: WhatsApp enforces a 24-hour messaging window. Within 24 hours of the last customer message, you can send free-form messages (text, image, video). After 24 hours, only pre-approved templates can be sent. The `windowOpen` field in the response indicates the current window status.
Request Body
// Text message:
{
  "messageType": "text",
  "text": "Hello! How can I help you?"
}

// Image message:
{
  "messageType": "image",
  "mediaUrl": "https://your-domain.com/uploads/photo.jpg",
  "caption": "Here is the information you requested"
}

// Template message (use after 24-hour window):
{
  "messageType": "template",
  "templateName": "order_update",
  "templateLanguage": "en",
  "templateParams": ["ORD-12345", "Shipped"]
}
Response
{
  "success": true,
  "messageId": "wamid.xxx",
  "windowOpen": true
}
cURL Example
# Send text message
curl -X POST {BASE_URL}/api/conversations/CONV_ID/reply \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{"messageType": "text", "text": "Hello! How can I help?"}'

# Send template (after 24h window)
curl -X POST {BASE_URL}/api/conversations/CONV_ID/reply \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "messageType": "template",
    "templateName": "order_update",
    "templateLanguage": "en",
    "templateParams": ["ORD-123", "Shipped"]
  }'
POST
/api/flows/generateGenerate Flow with AI
Cookie

Use AI to automatically generate a complete WhatsApp flow from a text description, PDF document, or image. This powers the AI Flow Generator feature.

Rate Limit: 10 requests / min per user
Request Body
// multipart/form-data:
// - prompt: "Create a customer support flow for a pizza restaurant"
// - file: (optional) PDF or image file
Response
{
  "success": true,
  "flow": {
    "id": "new-flow-uuid",
    "name": "Pizza Support Flow",
    "status": "draft",
    "drawflowData": {...}
  },
  "nodeCount": 8,
  "message": "Flow generated with 8 nodes"
}
cURL Example
# Text prompt
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Create a customer support flow for a pizza restaurant'

# With PDF document
curl -X POST {BASE_URL}/api/flows/generate \
  -b cookies.txt \
  -F 'prompt=Build a flow from this document' \
  -F 'file=@/path/to/document.pdf'

Error Codes

CodeMeaning
200Success
201Created successfully
400Bad Request — missing or invalid parameters
401Unauthorized — authentication required or invalid token
403Forbidden — insufficient permissions
404Not Found — resource does not exist
409Conflict — resource already exists
429Too Many Requests — rate limit exceeded
500Internal Server Error
Error Response Format:
{
  "error": "Human-readable error message"
}

Ready to integrate?

Create your free account and start building WhatsApp automation with our API.