API Reference

Use these endpoints to build custom integrations with HelpYap. Most users don't need the API — the embeddable widget and admin dashboard handle everything. The API is for advanced use cases like custom chat UIs, survey imports, or server-side event ingestion.

Base URL: https://app.helpyap.com

Authentication

Public endpoints (widget config, chat) are rate-limited but do not require authentication. Versioned API endpoints require a project API key with the matching scope, passed as a bearer token. The social proof push endpoint requires a project-specific push secret.

Admin endpoints (used by the dashboard) require a JWT access token and are not covered in this reference.

Endpoints

GET/api/widget/config

Retrieve the public configuration for a project's chat widget. Useful if you're building a custom chat UI instead of using the embeddable widget.

Query Parameters

ParameterTypeRequiredDescription
projectstringYesYour project slug

Response Example

JSON
{
  "name": "Support Bot",
  "company": "Acme Inc",
  "welcomeMessage": "Hi! How can I help you today?",
  "quickReplies": ["Pricing", "How to get started", "Talk to support"],
  "theme": {
    "primaryColor": "#3737f6",
    "position": "bottom-right"
  }
}
POST/api/chat

Send a message and receive a streaming AI response. Use this if you're building a custom chat interface.

Request Body

ParameterTypeRequiredDescription
projectSlugstringYesYour project slug
sessionIdstring (UUID)YesUnique session identifier (generate a UUID client-side)
messagesarrayYesArray of message objects: [{ "role": "user", "content": "..." }]
sessionTokenstringNoSession token returned by the server on first request (include on subsequent requests)

Request Example

JSON
{
  "projectSlug": "my-store",
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "messages": [
    { "role": "user", "content": "What is your return policy?" }
  ]
}

Response is a server-sent event stream (text/event-stream). The session token is returned in the X-Session-Token response header on the first request. Include it in subsequent requests.

POST/api/v1/chat-messages

Send a customer-visible agent message to a widget session. Requires an API key with conversations:write.

Headers

ParameterTypeRequiredDescription
AuthorizationstringYesBearer <your-api-key>
Content-TypestringYesapplication/json

Request Body

ParameterTypeRequiredDescription
sessionIdstring (UUID)YesWidget or in-app session to message
contentstringYesAgent message body, up to 4,000 characters
emailstringNoVisitor email to attach if the conversation does not have one yet

Example

bash
curl -X POST https://app.helpyap.com/api/v1/chat-messages \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "sessionId": "550e8400-e29b-41d4-a716-446655440000",
    "content": "Your trial workspace is ready. Want help connecting Slack?",
    "email": "ada@example.com"
  }'
GET/api/v1/approvals

List pending or completed approval requests for safe AI actions. Requires an API key with approvals:read.

Query Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by pending, executed, rejected, or failed
conversationIdstringNoFilter approvals for one conversation
targetKindstringNoFilter by issue, knowledge, or action

Decision Example

bash
curl -X PATCH https://app.helpyap.com/api/v1/approvals \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "approvalRequestId": "approval_123",
    "conversationId": "conversation_123",
    "decision": "approved"
  }'

Approval decisions require approvals:write. Approved issue and knowledge requests execute through the same server-side approval path used by the dashboard.

GET/api/v1/workflows

List safe inbox workflow rules for SLA risk, outside-hours handling, and channel-based automation. Requires an API key with workflows:read.

Update Notes

Use PUT /api/v1/workflows with workflows:write to replace the full workflow rule list. Rules support `sla_breached`, `sla_due_soon`, `outside_hours`, and `channel` conditions, with `add_tag` and `set_status` actions only.

Update Example

bash
curl -X PUT https://app.helpyap.com/api/v1/workflows \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "workflows": [
      {
        "id": "sla-risk",
        "name": "SLA risk",
        "enabled": true,
        "condition": { "type": "sla_due_soon" },
        "actions": [
          { "type": "add_tag", "tag": "sla-risk" },
          { "type": "set_status", "status": "needs_followup" }
        ]
      }
    ]
  }'
GET/api/v1/custom-domains

List branded help center and roadmap domains for the authenticated project. Requires an API key with domains:read.

Query Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by pending, verified, or disabled
surfacestringNoFilter by help_center, roadmap, or all
limitnumberNoMaximum records to return, 1-100

Create Example

bash
curl -X POST https://app.helpyap.com/api/v1/custom-domains \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "hostname": "help.example.com",
    "surface": "all"
  }'

Creating or deleting domains requires domains:write. New domains return a verificationToken that should be added to DNS before the domain can be verified.

GET/api/v1/branding

Read white-label branding controls for the widget, public help center, and roadmap. Requires an API key with branding:read.

Update Example

bash
curl -X PUT https://app.helpyap.com/api/v1/branding \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "removeHelpYapBranding": true,
    "publicBrandName": "Acme Support",
    "logoUrl": "https://example.com/logo.png",
    "faviconUrl": "/favicon.ico",
    "supportUrl": "https://support.example.com"
  }'

Updates require branding:write. Public URLs must be HTTPS or relative paths.

GET/api/v1/enterprise

Read enterprise profile details and computed entitlements for invoice billing, priority support, dedicated Slack, CSM, and SOC 2 access. Requires an API key with enterprise:read.

Update Example

bash
curl -X PUT https://app.helpyap.com/api/v1/enterprise \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "supportTier": "enterprise",
    "prioritySupport": true,
    "invoiceBilling": true,
    "billingContactEmail": "ap@example.com",
    "billingPaymentTerms": "net_60",
    "dedicatedSlackChannel": "#acme-support",
    "csmName": "Ada Lovelace",
    "csmEmail": "ada@example.com",
    "soc2ReportUrl": "https://example.com/security/soc2.pdf",
    "securityContactEmail": "security@example.com"
  }'

Updates require enterprise:write. Responses include the normalized profile and an entitlement list suitable for dashboards, billing checks, and support operations.

GET/api/v1/channels

Read support-channel readiness for widget, in-app, email, SMS, WhatsApp, Instagram, and Facebook Messenger without exposing credentials. Requires an API key with channels:read.

The response reports whether each channel is enabled, inbound ready, outbound ready, and which setup fields are missing.

Reply Example

bash
curl -X POST https://app.helpyap.com/api/v1/channel-replies \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "conversationId": "conversation_123",
    "content": "Thanks for the details. I checked this and your WhatsApp integration is now connected."
  }'

Sending replies requires channels:write. Replies are restricted to existing project conversations and are delivered through that conversation's original channel.

GET/api/v1/ai-tools

Read the AI Copilot and tool inventory across widget, in-app, and custom webhook surfaces. Requires an API key with ai_tools:read.

Update Example

bash
curl -X PUT https://app.helpyap.com/api/v1/ai-tools \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "agentToolsEnabled": true,
    "inAppSupportEnabled": true,
    "actionSuggestionsEnabled": true,
    "conversationMemoryEnabled": true,
    "learningLoopEnabled": true,
    "allowedInAppActions": [
      "summarize_account_context",
      "check_knowledge_base_status",
      "create_bug_report"
    ],
    "customTools": [
      {
        "name": "lookup_order",
        "description": "Lookup order status by order id.",
        "endpoint": "https://api.example.com/support/orders",
        "method": "GET",
        "params_schema": { "type": "object" }
      }
    ]
  }'

Updates require ai_tools:write. Custom tool endpoints must be HTTPS public URLs, and in-app actions must match HelpYap's structured action registry.

GET/api/v1/ai-usage

Return token usage and estimated model cost for AI features. Requires an API key with ai_usage:read.

Query Parameters

ParameterTypeRequiredDescription
fromISO dateNoStart date for usage events, defaulting to the last 30 days
toISO dateNoEnd date for usage events, defaulting to now
limitnumberNoMaximum usage events to aggregate, capped at 5,000

The response includes total calls, input tokens, output tokens, total tokens, estimated cost in micro USD and USD, plus breakdowns by feature, model, and provider.

GET/api/v1/reports/support-summary

Return support analytics for BI dashboards and operational reporting. Requires an API key with reports:read.

Query Parameters

ParameterTypeRequiredDescription
fromISO dateNoStart date for conversations, defaulting to the last 30 days
toISO dateNoEnd date for conversations, defaulting to now
limitnumberNoMaximum conversations to include, capped at 5,000

The response includes total conversations, active-today count, resolution and escalation rates, average first response time, AI-only resolution rate, channel breakdown, intent breakdown, source coverage, daily counts, and hourly counts.

GET/api/v1/reports/engagement-summary

Return outreach engagement analytics for announcements, banners, checklists, tours, tooltips, modals, and push prompts. Requires an API key with reports:read.

Query Parameters

ParameterTypeRequiredDescription
fromISO dateNoStart date for engagement events, defaulting to the last 30 days
toISO dateNoEnd date for engagement events, defaulting to now
limitnumberNoMaximum events to aggregate, capped at 5,000

The response includes total events, impressions, clicks, dismissals, checklist step completions, guide completions, push-permission outcomes, click rate, completion rate, and per-announcement or per-guide metrics.

GET/api/v1/issues

List support issues and tickets with assignment, due-date, and computed SLA state. Requires an API key with issues:read.

Query Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by issue status
severitystringNoFilter by severity
conversationIdstringNoFilter issues for one conversation

Issue responses include an sla object with status, deadline, met time, remaining minutes, and a display label. Creating or updating issues requires issues:write.

GET/api/v1/integrations

Audit project integration readiness across Slack, email, WhatsApp, Instagram, Messenger, webhooks, API access, Stripe, and custom domains. Requires an API key with integrations:read.

Headers

ParameterTypeRequiredDescription
AuthorizationstringYesBearer <your-api-key>

Response Notes

The endpoint returns sanitized status cards and summary counts. It does not expose Slack tokens, webhook URLs, Meta credentials, phone number IDs, or other integration secrets.

GET/api/v1/email-campaigns

List email campaigns and newsletters with metered send estimates. Requires an API key with outreach:read.

Query Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by draft, scheduled, sending, sent, failed, or archived
audiencestringNoFilter by all_customers or active_customers

Create Example

bash
curl -X POST https://app.helpyap.com/api/v1/email-campaigns \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "name": "June newsletter",
    "subject": "New support workflows are live",
    "previewText": "See what changed this month.",
    "body": "Your team can now route, summarize, and approve support workflows faster.",
    "audience": "active_customers",
    "status": "draft"
  }'

Creating campaigns requires outreach:write. API-created campaigns are prepared as drafts or scheduled campaigns; sending remains controlled from the dashboard.

GET/api/v1/announcements

List outreach announcements such as banners, news, and release notes. Requires an API key with outreach:read.

Query Parameters

ParameterTypeRequiredDescription
kindstringNoFilter by banner, release_note, or news
statusstringNoFilter by draft, scheduled, published, or archived

Create Example

bash
curl -X POST https://app.helpyap.com/api/v1/announcements \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "title": "New AI inbox summaries",
    "body": "Agents can now review every handoff faster.",
    "kind": "release_note",
    "status": "published",
    "ctaLabel": "Read more",
    "ctaUrl": "https://example.com/releases/ai-summaries"
  }'

Creating announcements requires the outreach:write scope.

Published announcements are delivered through the widget config. The widget records impressions, CTA clicks, and dismissals as outreach engagement events for campaign analytics.

GET/api/v1/engagement-guides

List in-widget engagement guides such as checklists, product tours, tooltips, modals, and push prompts. Requires an API key with outreach:read.

Query Parameters

ParameterTypeRequiredDescription
kindstringNoFilter by checklist, tour, tooltip, modal, or push_prompt
statusstringNoFilter by draft, published, or archived

Create Example

bash
curl -X POST https://app.helpyap.com/api/v1/engagement-guides \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "title": "Connect your first channel",
    "description": "Guide new admins through setup.",
    "kind": "checklist",
    "status": "published",
    "steps": [
      {
        "title": "Connect Slack",
        "body": "Route escalations into your team channel.",
        "ctaLabel": "Open integrations",
        "ctaUrl": "https://example.com/admin/integrations"
      }
    ]
  }'

Creating guides requires the outreach:write scope.

Published guides are delivered through the widget config. The widget records impressions, CTA clicks, dismissals, checklist step completions, guide completions, and push-permission outcomes as outreach engagement events.

GET/api/v1/survey-responses

List micro-survey responses for a project. Requires an API key with surveys:read.

Headers

ParameterTypeRequiredDescription
AuthorizationstringYesBearer <your-api-key>

Query Parameters

ParameterTypeRequiredDescription
limitnumberNoNumber of responses to return, from 1 to 100
sessionIdstringNoFilter responses by widget or in-app session
emailstringNoFilter responses by visitor email
qstringNoSearch question, response, visitor name, or email
includeMetadatabooleanNoSet to true to include response metadata

Import Example

bash
curl -X POST https://app.helpyap.com/api/v1/survey-responses \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer hy_live_your_api_key" \
  -d '{
    "question": "What stopped you from upgrading?",
    "response": "I need invoice billing.",
    "visitorEmail": "ada@example.com",
    "pageUrl": "https://example.com/pricing",
    "metadata": { "plan": "business" }
  }'

Creating responses requires the surveys:write scope.

POST/api/widget/salespop-push

Push a custom social proof event from your server. Requires a push secret generated in Project Settings > Social Proof.

Headers

ParameterTypeRequiredDescription
AuthorizationstringYesBearer <your-push-secret>
Content-TypestringYesapplication/json

Request Body

ParameterTypeRequiredDescription
projectstringYesYour project slug
typestringYesEvent type: purchased, subscribed, signed_up, added_to_cart, or custom
namestringNoCustomer name (e.g. "Sarah K.")
locationstringNoLocation (e.g. "Austin, TX")
productstringNoProduct or plan name
messagestringNoCustom notification message

Example

bash
curl -X POST https://app.helpyap.com/api/widget/salespop-push \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sp_your_push_secret" \
  -d '{
    "project": "my-store",
    "type": "signed_up",
    "name": "Sarah K.",
    "location": "Austin, TX",
    "product": "Pro Plan"
  }'

Rate Limits

All endpoints are rate-limited per IP address.

EndpointLimitWindow
POST /api/chat20 requests60 seconds
POST /api/widget/salespop-push10 requests60 seconds
Other widget endpoints60 requests60 seconds

Error Responses

Errors return a JSON object with an error field:

JSON
{ "error": "Invalid push secret" }
Status CodeMeaning
400Bad request (missing or invalid parameters)
401Unauthorized (invalid credentials)
403Forbidden (valid credentials but insufficient permissions)
404Project not found
429Rate limit exceeded