API Reference
Use these endpoints to build custom integrations with HelpYap. Most users don't need the API — the embeddable widget and admin dashboard handle everything. The API is for advanced use cases like custom chat UIs, survey imports, or server-side event ingestion.
https://app.helpyap.comAuthentication
Public endpoints (widget config, chat) are rate-limited but do not require authentication. Versioned API endpoints require a project API key with the matching scope, passed as a bearer token. The social proof push endpoint requires a project-specific push secret.
Admin endpoints (used by the dashboard) require a JWT access token and are not covered in this reference.
Endpoints
/api/widget/configRetrieve the public configuration for a project's chat widget. Useful if you're building a custom chat UI instead of using the embeddable widget.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| project | string | Yes | Your project slug |
Response Example
{
"name": "Support Bot",
"company": "Acme Inc",
"welcomeMessage": "Hi! How can I help you today?",
"quickReplies": ["Pricing", "How to get started", "Talk to support"],
"theme": {
"primaryColor": "#3737f6",
"position": "bottom-right"
}
}/api/chatSend a message and receive a streaming AI response. Use this if you're building a custom chat interface.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectSlug | string | Yes | Your project slug |
| sessionId | string (UUID) | Yes | Unique session identifier (generate a UUID client-side) |
| messages | array | Yes | Array of message objects: [{ "role": "user", "content": "..." }] |
| sessionToken | string | No | Session token returned by the server on first request (include on subsequent requests) |
Request Example
{
"projectSlug": "my-store",
"sessionId": "550e8400-e29b-41d4-a716-446655440000",
"messages": [
{ "role": "user", "content": "What is your return policy?" }
]
}Response is a server-sent event stream (text/event-stream). The session token is returned in the X-Session-Token response header on the first request. Include it in subsequent requests.
/api/v1/chat-messagesSend a customer-visible agent message to a widget session. Requires an API key with conversations:write.
Headers
| Parameter | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | Bearer <your-api-key> |
| Content-Type | string | Yes | application/json |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| sessionId | string (UUID) | Yes | Widget or in-app session to message |
| content | string | Yes | Agent message body, up to 4,000 characters |
| string | No | Visitor email to attach if the conversation does not have one yet |
Example
curl -X POST https://app.helpyap.com/api/v1/chat-messages \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"sessionId": "550e8400-e29b-41d4-a716-446655440000",
"content": "Your trial workspace is ready. Want help connecting Slack?",
"email": "ada@example.com"
}'/api/v1/approvalsList pending or completed approval requests for safe AI actions. Requires an API key with approvals:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | No | Filter by pending, executed, rejected, or failed |
| conversationId | string | No | Filter approvals for one conversation |
| targetKind | string | No | Filter by issue, knowledge, or action |
Decision Example
curl -X PATCH https://app.helpyap.com/api/v1/approvals \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"approvalRequestId": "approval_123",
"conversationId": "conversation_123",
"decision": "approved"
}'Approval decisions require approvals:write. Approved issue and knowledge requests execute through the same server-side approval path used by the dashboard.
/api/v1/workflowsList safe inbox workflow rules for SLA risk, outside-hours handling, and channel-based automation. Requires an API key with workflows:read.
Update Notes
Use PUT /api/v1/workflows with workflows:write to replace the full workflow rule list. Rules support `sla_breached`, `sla_due_soon`, `outside_hours`, and `channel` conditions, with `add_tag` and `set_status` actions only.
Update Example
curl -X PUT https://app.helpyap.com/api/v1/workflows \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"workflows": [
{
"id": "sla-risk",
"name": "SLA risk",
"enabled": true,
"condition": { "type": "sla_due_soon" },
"actions": [
{ "type": "add_tag", "tag": "sla-risk" },
{ "type": "set_status", "status": "needs_followup" }
]
}
]
}'/api/v1/custom-domainsList branded help center and roadmap domains for the authenticated project. Requires an API key with domains:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | No | Filter by pending, verified, or disabled |
| surface | string | No | Filter by help_center, roadmap, or all |
| limit | number | No | Maximum records to return, 1-100 |
Create Example
curl -X POST https://app.helpyap.com/api/v1/custom-domains \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"hostname": "help.example.com",
"surface": "all"
}'Creating or deleting domains requires domains:write. New domains return a verificationToken that should be added to DNS before the domain can be verified.
/api/v1/brandingRead white-label branding controls for the widget, public help center, and roadmap. Requires an API key with branding:read.
Update Example
curl -X PUT https://app.helpyap.com/api/v1/branding \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"removeHelpYapBranding": true,
"publicBrandName": "Acme Support",
"logoUrl": "https://example.com/logo.png",
"faviconUrl": "/favicon.ico",
"supportUrl": "https://support.example.com"
}'Updates require branding:write. Public URLs must be HTTPS or relative paths.
/api/v1/enterpriseRead enterprise profile details and computed entitlements for invoice billing, priority support, dedicated Slack, CSM, and SOC 2 access. Requires an API key with enterprise:read.
Update Example
curl -X PUT https://app.helpyap.com/api/v1/enterprise \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"supportTier": "enterprise",
"prioritySupport": true,
"invoiceBilling": true,
"billingContactEmail": "ap@example.com",
"billingPaymentTerms": "net_60",
"dedicatedSlackChannel": "#acme-support",
"csmName": "Ada Lovelace",
"csmEmail": "ada@example.com",
"soc2ReportUrl": "https://example.com/security/soc2.pdf",
"securityContactEmail": "security@example.com"
}'Updates require enterprise:write. Responses include the normalized profile and an entitlement list suitable for dashboards, billing checks, and support operations.
/api/v1/channelsRead support-channel readiness for widget, in-app, email, SMS, WhatsApp, Instagram, and Facebook Messenger without exposing credentials. Requires an API key with channels:read.
The response reports whether each channel is enabled, inbound ready, outbound ready, and which setup fields are missing.
Reply Example
curl -X POST https://app.helpyap.com/api/v1/channel-replies \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"conversationId": "conversation_123",
"content": "Thanks for the details. I checked this and your WhatsApp integration is now connected."
}'Sending replies requires channels:write. Replies are restricted to existing project conversations and are delivered through that conversation's original channel.
/api/v1/ai-toolsRead the AI Copilot and tool inventory across widget, in-app, and custom webhook surfaces. Requires an API key with ai_tools:read.
Update Example
curl -X PUT https://app.helpyap.com/api/v1/ai-tools \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"agentToolsEnabled": true,
"inAppSupportEnabled": true,
"actionSuggestionsEnabled": true,
"conversationMemoryEnabled": true,
"learningLoopEnabled": true,
"allowedInAppActions": [
"summarize_account_context",
"check_knowledge_base_status",
"create_bug_report"
],
"customTools": [
{
"name": "lookup_order",
"description": "Lookup order status by order id.",
"endpoint": "https://api.example.com/support/orders",
"method": "GET",
"params_schema": { "type": "object" }
}
]
}'Updates require ai_tools:write. Custom tool endpoints must be HTTPS public URLs, and in-app actions must match HelpYap's structured action registry.
/api/v1/ai-usageReturn token usage and estimated model cost for AI features. Requires an API key with ai_usage:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| from | ISO date | No | Start date for usage events, defaulting to the last 30 days |
| to | ISO date | No | End date for usage events, defaulting to now |
| limit | number | No | Maximum usage events to aggregate, capped at 5,000 |
The response includes total calls, input tokens, output tokens, total tokens, estimated cost in micro USD and USD, plus breakdowns by feature, model, and provider.
/api/v1/reports/support-summaryReturn support analytics for BI dashboards and operational reporting. Requires an API key with reports:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| from | ISO date | No | Start date for conversations, defaulting to the last 30 days |
| to | ISO date | No | End date for conversations, defaulting to now |
| limit | number | No | Maximum conversations to include, capped at 5,000 |
The response includes total conversations, active-today count, resolution and escalation rates, average first response time, AI-only resolution rate, channel breakdown, intent breakdown, source coverage, daily counts, and hourly counts.
/api/v1/reports/engagement-summaryReturn outreach engagement analytics for announcements, banners, checklists, tours, tooltips, modals, and push prompts. Requires an API key with reports:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| from | ISO date | No | Start date for engagement events, defaulting to the last 30 days |
| to | ISO date | No | End date for engagement events, defaulting to now |
| limit | number | No | Maximum events to aggregate, capped at 5,000 |
The response includes total events, impressions, clicks, dismissals, checklist step completions, guide completions, push-permission outcomes, click rate, completion rate, and per-announcement or per-guide metrics.
/api/v1/issuesList support issues and tickets with assignment, due-date, and computed SLA state. Requires an API key with issues:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | No | Filter by issue status |
| severity | string | No | Filter by severity |
| conversationId | string | No | Filter issues for one conversation |
Issue responses include an sla object with status, deadline, met time, remaining minutes, and a display label. Creating or updating issues requires issues:write.
/api/v1/integrationsAudit project integration readiness across Slack, email, WhatsApp, Instagram, Messenger, webhooks, API access, Stripe, and custom domains. Requires an API key with integrations:read.
Headers
| Parameter | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | Bearer <your-api-key> |
Response Notes
The endpoint returns sanitized status cards and summary counts. It does not expose Slack tokens, webhook URLs, Meta credentials, phone number IDs, or other integration secrets.
/api/v1/email-campaignsList email campaigns and newsletters with metered send estimates. Requires an API key with outreach:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | string | No | Filter by draft, scheduled, sending, sent, failed, or archived |
| audience | string | No | Filter by all_customers or active_customers |
Create Example
curl -X POST https://app.helpyap.com/api/v1/email-campaigns \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"name": "June newsletter",
"subject": "New support workflows are live",
"previewText": "See what changed this month.",
"body": "Your team can now route, summarize, and approve support workflows faster.",
"audience": "active_customers",
"status": "draft"
}'Creating campaigns requires outreach:write. API-created campaigns are prepared as drafts or scheduled campaigns; sending remains controlled from the dashboard.
/api/v1/announcementsList outreach announcements such as banners, news, and release notes. Requires an API key with outreach:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| kind | string | No | Filter by banner, release_note, or news |
| status | string | No | Filter by draft, scheduled, published, or archived |
Create Example
curl -X POST https://app.helpyap.com/api/v1/announcements \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"title": "New AI inbox summaries",
"body": "Agents can now review every handoff faster.",
"kind": "release_note",
"status": "published",
"ctaLabel": "Read more",
"ctaUrl": "https://example.com/releases/ai-summaries"
}'Creating announcements requires the outreach:write scope.
Published announcements are delivered through the widget config. The widget records impressions, CTA clicks, and dismissals as outreach engagement events for campaign analytics.
/api/v1/engagement-guidesList in-widget engagement guides such as checklists, product tours, tooltips, modals, and push prompts. Requires an API key with outreach:read.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| kind | string | No | Filter by checklist, tour, tooltip, modal, or push_prompt |
| status | string | No | Filter by draft, published, or archived |
Create Example
curl -X POST https://app.helpyap.com/api/v1/engagement-guides \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"title": "Connect your first channel",
"description": "Guide new admins through setup.",
"kind": "checklist",
"status": "published",
"steps": [
{
"title": "Connect Slack",
"body": "Route escalations into your team channel.",
"ctaLabel": "Open integrations",
"ctaUrl": "https://example.com/admin/integrations"
}
]
}'Creating guides requires the outreach:write scope.
Published guides are delivered through the widget config. The widget records impressions, CTA clicks, dismissals, checklist step completions, guide completions, and push-permission outcomes as outreach engagement events.
/api/v1/survey-responsesList micro-survey responses for a project. Requires an API key with surveys:read.
Headers
| Parameter | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | Bearer <your-api-key> |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| limit | number | No | Number of responses to return, from 1 to 100 |
| sessionId | string | No | Filter responses by widget or in-app session |
| string | No | Filter responses by visitor email | |
| q | string | No | Search question, response, visitor name, or email |
| includeMetadata | boolean | No | Set to true to include response metadata |
Import Example
curl -X POST https://app.helpyap.com/api/v1/survey-responses \
-H "Content-Type: application/json" \
-H "Authorization: Bearer hy_live_your_api_key" \
-d '{
"question": "What stopped you from upgrading?",
"response": "I need invoice billing.",
"visitorEmail": "ada@example.com",
"pageUrl": "https://example.com/pricing",
"metadata": { "plan": "business" }
}'Creating responses requires the surveys:write scope.
/api/widget/salespop-pushPush a custom social proof event from your server. Requires a push secret generated in Project Settings > Social Proof.
Headers
| Parameter | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | Bearer <your-push-secret> |
| Content-Type | string | Yes | application/json |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| project | string | Yes | Your project slug |
| type | string | Yes | Event type: purchased, subscribed, signed_up, added_to_cart, or custom |
| name | string | No | Customer name (e.g. "Sarah K.") |
| location | string | No | Location (e.g. "Austin, TX") |
| product | string | No | Product or plan name |
| message | string | No | Custom notification message |
Example
curl -X POST https://app.helpyap.com/api/widget/salespop-push \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sp_your_push_secret" \
-d '{
"project": "my-store",
"type": "signed_up",
"name": "Sarah K.",
"location": "Austin, TX",
"product": "Pro Plan"
}'Rate Limits
All endpoints are rate-limited per IP address.
| Endpoint | Limit | Window |
|---|---|---|
| POST /api/chat | 20 requests | 60 seconds |
| POST /api/widget/salespop-push | 10 requests | 60 seconds |
| Other widget endpoints | 60 requests | 60 seconds |
Error Responses
Errors return a JSON object with an error field:
{ "error": "Invalid push secret" }| Status Code | Meaning |
|---|---|
| 400 | Bad request (missing or invalid parameters) |
| 401 | Unauthorized (invalid credentials) |
| 403 | Forbidden (valid credentials but insufficient permissions) |
| 404 | Project not found |
| 429 | Rate limit exceeded |