Complete API reference for application developers
🔐 Authentication (two key types):
X-APP-API-KEY (or legacy X-API-Key) – can only access its own application.X-ADMIN-API-KEY – can act on any application.
🔒 Multi-Tenant Isolation: When using X-APP-API-KEY, all operations are automatically scoped to your own app_id.
📝 Note: For admin keys, pass the target app_id in the path, body, or query as documented per endpoint.
All API endpoints require authentication using either an App API Key or an Admin API Key:
# App owner
X-APP-API-KEY: your-app-api-key-here
# Legacy (still supported)
X-API-Key: your-app-api-key-hereAlternatively, you can pass it as a query parameter:
?api_key=your-api-key-hereGenerate a JWT token for client authentication. The token automatically includes app_id in the payload for security. This endpoint does NOT require API key authentication.
| Parameter | Type | Required |
|---|---|---|
| app_id | string | Required |
| app_secret | string | Required |
| payload | object | Optional |
Example Request:
POST /api/token
Content-Type: application/json
{
"app_id": "my-app-123",
"app_secret": "your-app-secret",
"payload": {
"user_id": "user-123",
"name": "John Doe"
}
}Example Response:
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 86400,
"expires_at": "2024-01-02T12:00:00.000Z"
}
// Token payload includes:
// {
// "app_id": "my-app-123", // Automatically included
// "user_id": "user-123", // From payload
// "name": "John Doe", // From payload
// }Broadcast an event to all subscribers in a room. Rate limited by API Key (1000 requests/minute per application).
| Parameter | Type | Required |
|---|---|---|
| app_id | string | Optional* |
| room | string | Required |
| event | string | Required |
| data | object | Optional |
* app_id is automatically extracted from API Key. Only include if you want to verify it matches.
Example Request (app_id optional):
POST /api/broadcast
X-API-Key: your-api-key
Content-Type: application/json
{
"room": "chat-room-1",
"event": "new-message",
"data": {
"user_id": "user-123",
"message": "Hello everyone!",
"timestamp": 1704110400000
}
}Example Response:
{
"success": true,
"room": "app-my-app-123-chat-room-1",
"event": "new-message",
"subscriber_count": 5,
"timestamp": 1704110400000
}Get your application details.
GET /api/applications
X-API-Key: your-api-keyUpdate your application settings.
PUT /api/applications/my-app-123
X-API-Key: your-api-key
Content-Type: application/json
{
"allowed_domain": "example.com",
"rate_limit": 60,
"status": true
}Regenerate your API key.
POST /api/applications/my-app-123/regenerate-api-key
X-API-Key: your-api-keyGet analytics and metrics for your application. The app_id is automatically extracted from your API key.
GET /api/analytics?period=24h
X-API-Key: your-api-keyExample Response:
{
"success": true,
"app_id": "my-app-123",
"period": "24h",
"metrics": {
"connections": {
"total": 150,
"current": 25
},
"events": {
"total": 5000,
"broadcasts": 3000
},
"users": {
"online": 25,
"total": 25
}
},
"timestamp": 1234567890
}Register a webhook to receive event notifications. The app_id is automatically extracted from your API key.
POST /api/webhooks
X-API-Key: your-api-key
Content-Type: application/json
{
"url": "https://your-app.com/webhook",
"secret": "your-webhook-secret",
"events": ["new-message", "user-joined", "*"]
}Example Response:
{
"success": true,
"webhook": {
"id": "webhook_1234567890_abc123",
"url": "https://your-app.com/webhook",
"events": ["new-message", "user-joined", "*"],
"enabled": true
}
}List all webhooks for your application.
GET /api/webhooks
X-API-Key: your-api-keyDelete a webhook.
DELETE /api/webhooks/webhook_1234567890_abc123
X-API-Key: your-api-keyAll endpoints return errors in the following format:
{
"success": false,
"error": "Error message here"
}Rate Limiting:
retry_after header