StartupCore

API Reference

Endpoints, API keys, scopes, rate limits, and errors.

Endpoints

POST/v1/auth/tokenExchange an API key for a session token
GET/v1/keysList API keys for the current environment
POST/v1/keysPublic widget key vs secret server key — create a new key
POST/v1/chatbot/botsCreate a chatbot
GET/v1/chatbot/bots/:idFetch bot configuration and status
POST/v1/chatbot/sessionsStart a widget or authenticated chat session
POST/v1/chatbot/messagesSend a message and get a response
GET/v1/usageRead usage and billing counters
GET/v1/errorsError codes, rate limits, and idempotency keys

Authentication

Bearer token

Exchange your API key for a short-lived session token and include it in the Authorization header.

Authorization: Bearer <token>

Rate limits

Rate limits are returned in response headers. When exceeded, the API returns HTTP 429. Implement exponential backoff for retry logic.

Error format

All errors return a JSON body with a machine-readable code and a human-readable message.

{ "code": "rate_limit_exceeded", "message": "..." }

API key scopes

pk_…

Public key

Safe for client-side use. Scoped to your allowed domains. Used by the widget and React component.

sk_…

Secret key

Server-side only. Full API access. Never expose in frontend code or public repos.

Start with the SDK

The JavaScript SDK wraps the API for a faster integration experience.

View SDK Docs