logo
Developer

API Documentation

Version 1.0 | Base URL: https://api.chat.co

1. Overview

The Chat.co API allows you to programmatically integrate your chatbots into custom applications, websites, and workflows. With this API, you can create and manage conversations, send messages, receive AI-powered responses, and stream responses in real-time.

1.1 Key Features

FeatureDescription
RESTful APIStandard HTTP methods (GET, POST, DELETE)
Streaming SupportReal-time response streaming via SSE or plain text
Scoped API KeysKeys can be restricted to specific chatbots for security
Citation SupportAI responses include source citations when available
Document ContextAttach uploaded documents to enhance AI responses

1.2 Getting Started

To use the Chat.co API, you need to:

  • Create a Chat.co account and set up a chatbot
  • Generate an API key from your Settings page
  • Assign the API key to a specific chatbot
  • Use the API key in your application's requests

2. Authentication

2.1 API Key Format

All Client API requests require authentication using an API key. API keys follow this format:

sk_live_<random-base64url-string>

Example: sk_live_abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx

2.2 Authorization Header

Include your API key in the Authorization header of every request:

Authorization: Bearer sk_live_your_api_key_here

You can also send the key without the Bearer prefix:

Authorization: sk_live_your_api_key_here

2.3 Security Best Practices

Important: Never expose API keys in client-side code (JavaScript, mobile apps). Store keys in environment variables or secure vaults.

  • Use chatbot-scoped keys when possible to limit access
  • Set expiration dates for temporary integrations
  • Rotate keys periodically
  • Delete unused keys promptly
  • Never commit API keys to version control

3. API Key Management

These endpoints require JWT authentication (your user session from the dashboard), not API key authentication.

3.1 Generate API Key

Creates a new API key for your account.

POST /api-keys

Request Body

{
  "name": "My Integration Key",
  "expiresAt": "2026-12-31T23:59:59Z",
  "chatbotId": "507f1f77bcf86cd799439011"
}
FieldTypeRequiredDescription
namestringNoUser-friendly name (max 100 chars)
expiresAtISO 8601 dateNoExpiration date (must be in future)
chatbotIdstringNoChatbot ID to scope the key

Response (201 Created)

{
  "success": true,
  "message": "API key generated successfully...",
  "data": {
    "id": "507f1f77bcf86cd799439011",
    "key": "sk_live_abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx",
    "keyPrefix": "sk_live_abcd1234efgh5678...",
    "name": "My Integration Key",
    "expiresAt": "2026-12-31T23:59:59.000Z",
    "createdAt": "2025-11-10T12:00:00.000Z"
  }
}

Warning: The full key value is shown only once. Store it securely immediately.

3.2 List API Keys

GET /api-keys?page=1&limit=10

Returns a paginated list of your API keys (prefixes only, not full keys).

3.3 Delete API Key

DELETE /api-keys/:id

Soft-deletes an API key. The key will immediately become invalid.

4. Client API Endpoints

All Client API endpoints require API key authentication and are prefixed with /client/v1.

Important: Your API key must be associated with a chatbot. Keys without a chatbot assignment will receive a CHATBOT_ACCESS_DENIED error.

4.1 Get Chatbot Details

GET /client/v1/chatbot

Retrieves the chatbot configuration and appearance settings associated with your API key.

Response

{
  "success": true,
  "data": {
    "chatbot": {
      "id": "507f1f77bcf86cd799439011",
      "name": "Customer Support Bot",
      "isPublic": true,
      "appearance": {
        "title": "Support Assistant",
        "welcomeMessage": "Hello! How can I help you today?",
        "placeholderText": "Type your question...",
        "suggestions": [
          { "value": "What are your hours?" }
        ],
        "enableDocumentUpload": true,
        "showCitations": true
      },
      "createdAt": "2025-01-15T10:00:00.000Z"
    }
  }
}

4.2 List Conversations

GET /client/v1/conversations

Query Parameters

ParameterTypeDefaultDescription
pageinteger1Page number
limitinteger20Items per page (max 100)
sortBystringcreatedAtcreatedAt or updatedAt
sortOrderstringdescasc or desc
startDateISO 8601-Filter from this date
endDateISO 8601-Filter until this date

4.3 Create Conversation

POST /client/v1/conversations

Request Body

{
  "metadata": {
    "source": "mobile-app",
    "clientId": "user-12345"
  }
}

Response (201 Created)

{
  "success": true,
  "data": {
    "conversation": {
      "id": "507f1f77bcf86cd799439011",
      "chatbotId": "507f1f77bcf86cd799439012",
      "chatbot": {
        "id": "507f1f77bcf86cd799439012",
        "name": "Customer Support Bot"
      },
      "createdAt": "2025-11-10T10:00:00.000Z"
    }
  }
}

4.4 Get Conversation

GET /client/v1/conversations/:conversationId

Retrieves a conversation with all its messages.

4.5 Send Message (Non-Streaming)

POST /client/v1/conversations/:conversationId/messages

Request Body

{
  "message": "What are your business hours?",
  "documentIds": ["507f1f77bcf86cd799439015"]
}
FieldTypeRequiredDescription
messagestringYesMessage content (max 8,000 chars)
documentIdsarrayNoIDs of uploaded documents

Response

{
  "success": true,
  "data": {
    "userMessage": {
      "id": "507f1f77bcf86cd799439016",
      "content": "What are your business hours?",
      "isFromUser": true,
      "createdAt": "2025-11-10T10:16:00.000Z"
    },
    "botResponse": {
      "id": "507f1f77bcf86cd799439017",
      "content": "Our business hours are Monday through Friday, 9:00 AM to 5:00 PM EST.",
      "isFromUser": false,
      "createdAt": "2025-11-10T10:16:03.000Z",
      "citations": [
        {
          "title": "Contact Information",
          "url": "https://example.com/contact",
          "snippet": "Hours of operation: Mon-Fri 9AM-5PM EST"
        }
      ]
    }
  }
}

4.6 Send Message (Streaming)

POST /client/v1/conversations/:conversationId/messages/stream

Sends a message and receives the AI response as a real-time stream. See Section 5 for streaming details.

5. Streaming Responses

The streaming endpoint supports two formats via the format query parameter.

5.1 Plain Text Format (Default)

Best for simple integrations and testing with tools like Postman.

[START:507f1f77bcf86cd799439016]
Our return policy allows you to return most items within 30 days of purchase.

1. Items must be in original condition
2. You'll need the original receipt

[COMPLETE]
{"botMessageId":"507f1f77bcf86cd799439017","citations":[...]}
MarkerDescription
[START:id]Stream started, includes user message ID
<content>Streamed response text (arrives incrementally)
[COMPLETE]Stream finished successfully
[ERROR]An error occurred during streaming

5.2 Server-Sent Events (SSE) Format

Best for JavaScript applications using the EventSource API. Use ?format=sse.

data: {"type":"start","userMessageId":"507f1f77bcf86cd799439016"}

data: {"type":"content","content":"Our return policy"}

data: {"type":"content","content":" allows you to return"}

data: {"type":"complete","botMessageId":"507f1f77bcf86cd799439017","citations":[]}
Event TypeFieldsDescription
startuserMessageIdStream started
contentcontentText chunk to append
completebotMessageId, citationsStream finished
errorerrorError message

6. Error Handling

6.1 Response Format

All API responses follow a consistent format:

Success Response

{
  "success": true,
  "data": { ... }
}

Error Response

{
  "success": false,
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable error description"
  }
}

6.2 Error Codes

CodeHTTP StatusDescription
INVALID_API_KEY401API key is missing, malformed, expired, or invalid
RATE_LIMIT_EXCEEDED401/429Too many failed attempts or message rate limit
CHATBOT_NOT_FOUND404Chatbot does not exist
CHATBOT_ACCESS_DENIED403API key not associated with chatbot
CHATBOT_FROZEN403Chatbot is frozen due to plan downgrade
CONVERSATION_NOT_FOUND404Conversation does not exist
CONVERSATION_ACCESS_DENIED403No access to this conversation
MESSAGE_LIMIT_EXCEEDED403Monthly message credit limit reached
INVALID_REQUEST400Request body validation failed
INTERNAL_ERROR500Unexpected server error

7. Rate Limiting

7.1 Authentication Rate Limits

To protect against brute-force attacks, authentication is rate-limited:

LimitValue
Failed attempts5 per IP address
Lockout duration15 minutes

7.2 Message Rate Limits

Message rate limits are based on your subscription plan. Exceeding your monthly message limit returns MESSAGE_LIMIT_EXCEEDED.

8. Code Examples

8.1 cURL Examples

Get Chatbot

curl -X GET "https://api.chat.co/client/v1/chatbot" \
  -H "Authorization: Bearer sk_live_your_api_key"

Create Conversation

curl -X POST "https://api.chat.co/client/v1/conversations" \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{}'

Send Message

curl -X POST "https://api.chat.co/client/v1/conversations/CONVERSATION_ID/messages" \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello, I need help"}'

Stream Message

curl -X POST "https://api.chat.co/client/v1/conversations/CONVERSATION_ID/messages/stream?format=plain" \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"message": "Tell me about your products"}' \
  --no-buffer

8.2 Node.js Example

const axios = require('axios');

const API_KEY = 'sk_live_your_api_key';
const BASE_URL = 'https://api.chat.co/client/v1';

const client = axios.create({
  baseURL: BASE_URL,
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json'
  }
});

async function chat() {
  // 1. Create a new conversation
  const { data: convResponse } = await client.post('/conversations');
  const conversationId = convResponse.data.conversation.id;
  console.log('Created conversation:', conversationId);

  // 2. Send a message
  const { data: msgResponse } = await client.post(
    `/conversations/${conversationId}/messages`,
    { message: 'What services do you offer?' }
  );

  console.log('Bot response:', msgResponse.data.botResponse.content);
  console.log('Citations:', msgResponse.data.botResponse.citations);
}

chat();

8.3 Python Example

import requests

API_KEY = 'sk_live_your_api_key'
BASE_URL = 'https://api.chat.co/client/v1'

headers = {
    'Authorization': f'Bearer {API_KEY}',
    'Content-Type': 'application/json'
}

# Create conversation
response = requests.post(f'{BASE_URL}/conversations', headers=headers, json={})
conversation_id = response.json()['data']['conversation']['id']
print(f'Created conversation: {conversation_id}')

# Send message
response = requests.post(
    f'{BASE_URL}/conversations/{conversation_id}/messages',
    headers=headers,
    json={'message': 'What are your pricing plans?'}
)

result = response.json()
print(f"Bot: {result['data']['botResponse']['content']}")

8.4 Python Streaming Example

import requests

API_KEY = 'sk_live_your_api_key'
BASE_URL = 'https://api.chat.co/client/v1'

headers = {
    'Authorization': f'Bearer {API_KEY}',
    'Content-Type': 'application/json'
}

conversation_id = 'your_conversation_id'

# Stream response
response = requests.post(
    f'{BASE_URL}/conversations/{conversation_id}/messages/stream?format=plain',
    headers=headers,
    json={'message': 'Explain your features in detail'},
    stream=True
)

for chunk in response.iter_content(chunk_size=None, decode_unicode=True):
    if chunk:
        print(chunk, end='', flush=True)

Need Help?

If you have questions or need assistance with the API, our team is here to help.

Email: support@chat.co

© 2026 SA Cyber LLC d/b/a Chat.co. All rights reserved.

logo

Empowering your growth, one chatbot at a time

Site Map

FeaturesUse CasesPricing and PlansAdd-ons

Contact

Get In Touch

Information

About UsFAQ

© Copyright 2026 - Chat.co

Terms and Conditions-Privacy Policy