← Back to docs
API reference

Integrate ReplySuite into your product and channels.

Use the hosted widget for browser integrations and server routes for secure automation around chat, config, and WhatsApp webhooks.

Base URL

https://replysuite.app

Endpoints

Available integration routes

These are the public-facing routes used by the hosted widget and WhatsApp webhook flow.

GET/api/public/config/:chatbotId

Returns public chatbot/widget configuration for approved website usage.

POST/api/public/chat

Sends a website chat message to a public chatbot and records the conversation.

GET/api/whatsapp/webhook

Meta webhook verification challenge endpoint.

POST/api/whatsapp/webhook

Receives WhatsApp Business messages, records inbound messages, and dispatches assistant replies.

Website widget

Embed your chatbot on an approved domain.

The easiest integration path is the hosted widget script. Configure allowed domains in ReplySuite before installing it on production websites.

Embed snippet
<script src="https://replysuite.app/embed.js" data-chatbot-id="YOUR_CHATBOT_ID" async></script>
Chat request
POST /api/public/chat
Content-Type: application/json

{
  "chatbotId": "YOUR_CHATBOT_ID",
  "message": "What are your opening hours?",
  "sessionId": "optional-existing-session-id",
  "metadata": {
    "pageUrl": "https://example.com/pricing"
  }
}
Chat response
{
  "reply": "We are open Monday to Friday from 9:00 AM to 5:00 PM.",
  "sessionId": "chat-session-id",
  "sources": []
}
Public config

Load chatbot display settings.

GET /api/public/config/YOUR_CHATBOT_ID

Use this route only for public widget configuration. Private automation should use authenticated server-side routes.

WhatsApp webhook

Receive WhatsApp messages safely.

Meta sends webhook payloads to ReplySuite. The app verifies signatures when configured, records inbound messages first, then generates and sends assistant replies.

Example webhook shape
POST /api/whatsapp/webhook
X-Hub-Signature-256: sha256=...

{
  "object": "whatsapp_business_account",
  "entry": [
    {
      "changes": [
        {
          "field": "messages",
          "value": {
            "metadata": { "phone_number_id": "..." },
            "messages": [{ "type": "text", "text": { "body": "Hello" } }]
          }
        }
      ]
    }
  ]
}
Security

Keep secrets on the server.

ReplySuite public integrations are designed so browser code uses only public chatbot identifiers and hosted scripts.

Never expose Supabase service-role keys, training worker secrets, or provider API keys in browser code.
Only use public chatbot IDs and the hosted embed script on the frontend.
Restrict website widgets with allowed domains from the dashboard.
Verify WhatsApp webhook signatures with the Meta app secret in production.
Use server-side routes for any privileged integration or custom automation.
If you need a private API key flow, build it as a server-side integration instead of calling secret-bearing APIs from the browser.

Need setup guidance too?

Read the guidance docs for the recommended dashboard workflow before wiring custom integrations.

Open guidance