Skip to main content

REST APIs

Qefro’s versioned HTTP API lives at https://api.qefro.com. REST covers multipart uploads, webhooks, streaming chat, widget fallbacks, billing, org RBAC, and Business Tools. Day-to-day Admin Console reads/writes also use GraphQL at POST /graphql with the same user JWT.

Short definition (citation-ready)

The Qefro REST surface under /api/v1 is the programmatic contract for documents, conversations, billing, widget channels, organization RBAC, Business Tools, and provider webhooks — authenticated primarily with user JWTs or widget tokens.

Auth details: API Authentication. Copy-paste samples: Examples.

Base URL and conventions

ItemValue
Basehttps://api.qefro.com
Version prefix/api/v1/… (plus a few top-level routes)
JSONContent-Type: application/json unless multipart
ErrorsHTTP status + { "code", "message" } — see Error Codes
QuotasMessage/document limits enforced by middleware on chat/upload routes

Highlighted endpoints

GET/api/v1/billing/plans

List sellable plans and entitlement limits (messages, documents, users, business tools).

POST/api/v1/documents

Multipart document upload into a workspace (enforces documents quota).

POST/api/v1/tools/:id/test

Execute a Business Tool test invocation with encrypted credentials.

POST/api/v1/billing/webhook

Razorpay webhook receiver (signature verified).

Health and ops

MethodPathAuthPurpose
GET/healthPublicLiveness
GET/readyPublicReadiness
GET/metricsBearer METRICS_AUTH_TOKEN or public flagPrometheus metrics

Widget and realtime chat

MethodPathAuthPurpose
GET/widget.jsPublicEmbeddable widget script
GET/ws/chatWidget token (?token=)Streaming Customer AI WebSocket
POST/api/v1/widget/chatWidget tokenHTTP chat fallback (message quota)
GET/api/v1/widget/settingsWidget tokenWidget settings bootstrap
POST/api/v1/widget/leadsWidget tokenLead capture
POST/api/v1/widget/messages/:id/feedbackWidget tokenMessage feedback
POST/api/v1/widget/conversations/:id/handoffWidget tokenHuman handoff trigger
GET/api/v1/widget/conversations/:id/messagesWidget tokenConversation messages
POST/api/v1/widget/identity/clearWidget tokenClear identify() state
POST/api/v1/widget/sttUser JWT or widget tokenSpeech-to-text
POST/api/v1/widget/ttsUser JWT or widget tokenText-to-speech

Guides: Deploy Website Widget, Identity Forwarding.

Documents (knowledge)

MethodPathAuthPurpose
POST/api/v1/documentsUser JWTMultipart upload (workspace_id + file); documents quota
POST/api/v1/documents/textUser JWTCreate document from raw text; documents quota
POST/api/v1/documents/:id/reindexUser JWTRebuild index for a document
GET/api/v1/documents/:id/viewAuthorized viewerView/download document content

Additional crawl/console flows may use GraphQL. Concept: Knowledge Platform.

Authenticated chat and conversations

MethodPathAuthPurpose
POST/api/v1/chatUser JWTChat (message quota)
POST/api/v1/chat/streamUser JWTStreaming chat (message quota)
GET/api/v1/conversationsUser JWTList conversations
PATCH/api/v1/conversations/:idUser JWTRename conversation
DELETE/api/v1/conversations/:idUser JWTDelete conversation
PUT/api/v1/conversations/:id/statusUser JWTUpdate status
GET/api/v1/conversations/:id/messagesUser JWTList messages
POST/api/v1/conversations/:id/messagesUser JWTSend agent message

Optional end-user headers on chat: X-End-User-Token, X-End-User-Session.

Sessions (self)

MethodPathAuthPurpose
GET/api/v1/me/sessionsUser JWTList your sessions
DELETE/api/v1/me/sessions/:jtiUser JWTRevoke session

Tenant analytics and integrations config

MethodPathAuthPurpose
GET/api/v1/tenant/analyticsUser JWTTenant analytics
GET/api/v1/tenant/feedbacksUser JWTFeedback list
GET/POST/api/v1/tenant/crmUser JWTCRM connector config
GET/POST/api/v1/tenant/handoffUser JWTHandoff webhook config

Billing (Razorpay)

MethodPathAuthPurpose
GET/api/v1/billing/plansUser JWTList plans
POST/api/v1/billing/checkoutUser JWTStart checkout
POST/api/v1/billing/confirmUser JWTConfirm payment
GET/api/v1/billing/subscriptionUser JWTCurrent subscription
POST/api/v1/billing/subscriptionUser JWTCancel (also POST /billing/cancel)
POST/api/v1/billing/cancelUser JWTCancel subscription
GET/api/v1/billing/paymentsUser JWTPayment history (incl. failures)
POST/api/v1/billing/webhookRazorpay signatureProvider webhook

See Webhooks. Prefer idempotent clients on confirm/capture paths.

Team invitations (membership)

MethodPathAuthPurpose
GET/api/v1/team/membersUser JWTList members
DELETE/api/v1/team/members/:idUser JWTRemove member
POST/api/v1/team/inviteUser JWTInvite member
GET/api/v1/team/invitationsUser JWTList invitations
POST/api/v1/team/invitations/:id/revokeUser JWTRevoke invitation
POST/api/v1/team/accept-inviteUser JWT / invite flowAccept invitation
GET/api/v1/team/invite-previewPublic/previewPreview invite
POST/api/v1/team/switch-tenantUser JWTSwitch active tenant
GET/api/v1/team/my-tenantsUser JWTList tenants for user

Organization RBAC (Teams / workspaces / audit)

MethodPathAuthPurpose
GET/api/v1/org/rolesMember+Role catalog
GET/api/v1/org/membersMember+Member profiles
GET/api/v1/org/members/:idMember+Member profile
PUT/api/v1/org/members/:id/roleAdmin/Owner rulesChange role
PUT/api/v1/org/members/:id/statusAdmin/Owner rulesChange status
GET/api/v1/org/members/:id/sessionsAdminList sessions
DELETE/api/v1/org/members/:id/sessions/:jtiAdminRevoke session
POST/api/v1/org/transfer-ownershipOwnerTransfer ownership
GET/POST/api/v1/org/teamsAdmin patternsList/create teams
GET/PATCH/DELETE/api/v1/org/teams/:idAdmin patternsTeam CRUD
PUT/api/v1/org/teams/:id/membersAdminSet team members
PUT/api/v1/org/teams/:id/members/:user_id/writeAdminDocument write flag
PUT/api/v1/org/teams/:id/workspacesAdminGrant workspaces
GET/api/v1/org/workspacesMember+List workspaces
GET/api/v1/org/workspaces/:idMember+Get workspace
PUT/api/v1/org/workspaces/:id/teamsAdminSet workspace teams
GET/api/v1/org/audit-logsAdmin/OwnerAudit trail

Guides: Configure RBAC, Teams.

Business Tools (integrations + OpenAPI)

MethodPathAuthPurpose
GET/POST/api/v1/workspaces/:workspace_id/integrationsUser JWTList/create integrations
POST/api/v1/workspaces/:workspace_id/integrations/import/previewUser JWTOpenAPI preview (URL)
POST/api/v1/workspaces/:workspace_id/integrations/import/preview/uploadUser JWTOpenAPI preview (upload)
POST/api/v1/workspaces/:workspace_id/integrations/import/applyUser JWTApply import
GET/PATCH/DELETE/api/v1/integrations/:idUser JWTIntegration CRUD
POST/api/v1/integrations/:id/reimportUser JWTReimport OpenAPI
GET/POST/api/v1/workspaces/:workspace_id/toolsUser JWTList/create tools
GET/PATCH/DELETE/api/v1/tools/:idUser JWTTool CRUD
POST/api/v1/tools/:id/testUser JWTTest invocation
GET/api/v1/tools/:id/logsUser JWTExecution logs

Guides: Connect REST APIs, Import OpenAPI, Secure Business Actions.

WhatsApp

MethodPathAuthPurpose
GET/api/v1/whatsapp/webhookMeta verify tokenWebhook verification
POST/api/v1/whatsapp/webhookMeta signatureInbound messages

Growth+ entitlement. Guide: Deploy WhatsApp AI.

Public tenant helpers

MethodPathAuthPurpose
GET/chat/:tenant_slugPublicPublic chat page
GET/api/v1/public/tenant-brandingPublicPortal/widget branding bootstrap
GET/api/v1/public/tenant-slug-availablePublicSlug availability

Super Admin (platform operators)

Requires JWT from POST /api/v1/admin/auth/login.

MethodPathPurpose
POST/api/v1/admin/auth/loginAdmin login
GET/POST/api/v1/admin/tenantsList/create tenants
GET/PUT/DELETE/api/v1/admin/tenants/:idTenant CRUD
POST/api/v1/admin/tenants/:id/suspendSuspend
POST/api/v1/admin/tenants/:id/unsuspendUnsuspend
POST/api/v1/admin/tenants/:id/impersonateImpersonate
GET/PUT/api/v1/admin/tenants/:id/quotasQuotas
GET/api/v1/admin/analytics/*Fleet analytics
GET/api/v1/admin/usage/*LLM usage
GET/POST/api/v1/admin/plansPlan admin
GET/PUT/DELETE/api/v1/admin/plans/:idPlan CRUD
GET/PUT/api/v1/admin/settingsPlatform settings
GET/PUT/api/v1/admin/whatsapp/configGlobal WA config
GET/api/v1/admin/whatsapp/configsList WA configs
GET/api/v1/admin/emailsEmail logs
GET/api/v1/admin/paymentsAll payments

Not for tenant day-to-day integrations.

GraphQL

MethodPathAuthPurpose
POST/graphqlUser JWTAdmin Console operations (workspaces, login/register/OTP, settings, …)
GET/graphqlOptionalPlayground only when ENABLE_GRAPHQL_PLAYGROUND=true

User login / register / OTP / password reset are GraphQL mutations, not REST.

Discovery workflow

Integrate against REST

  1. Obtain the right credentialUser JWT vs widget token — see Authentication.
  2. Hit /healthConfirm environment.
  3. Start with one groupDocuments, tools, or billing.
  4. Handle errors + 429Error Codes and Rate Limits.
  5. Add webhooks lastVerify signatures before processing.

Best practices

  • Always send workspace_id where uploads/tools require it
  • Prefer idempotent billing confirm clients
  • Use tool /test before enabling chat invocation
  • Treat Admin Console network traces as a living complement until a public OpenAPI file ships

FAQ

Where is the downloadable OpenAPI file?
Not published as a static artifact yet. This page mirrors the live Rust route table; OpenAPI import is for *your* APIs into Business Tools.
Should I use REST or GraphQL?
Use REST for uploads, webhooks, widget HTTP, billing, org RBAC, and tools. Use GraphQL for console-style queries/mutations (including auth).
Do route paths change?
Treat /api/v1 as stable; read Release Notes for additions. Confirm critical paths in a staging org before production automation.