API Reference
The server exposes both MCP (SSE) and REST endpoints.
Health & Status
GET /health
Liveness probe. Always returns 200 if the server is running.
{
"status": "ok",
"uptime": 123.45,
"version": "0.1.0",
"environment": "development",
"demoMode": false
}GET /health/ready
Readiness probe. Checks all provider connections. Returns 503 if any provider is down.
{
"status": "ready",
"checks": {
"database": "ok",
"telephony": "ok",
"email": "ok",
"tts": "ok"
}
}GET /metrics
Prometheus-compatible metrics in text format. See Monitoring for details.
MCP Transport
GET /sse
Server-Sent Events endpoint for MCP client connections.
GET /sse?token=<agent-security-token>| Parameter | Description |
|---|---|
token | Required. Agent or org token for authentication |
agentId | Agent ID to register for voice routing and message delivery |
POST /messages
MCP message endpoint. Receives tool calls from connected agents.
Include Authorization: Bearer header if a security token is configured.
Webhooks
All webhooks are POST endpoints that receive provider callbacks. Signatures are validated on every request.
| Endpoint | Description |
|---|---|
POST /webhooks/:agentId/sms | Inbound SMS (validates X-Twilio-Signature) |
POST /webhooks/:agentId/email | Inbound email (validates Svix signature) |
POST /webhooks/:agentId/whatsapp | Inbound WhatsApp (validates X-Twilio-Signature) |
POST /webhooks/:agentId/line | Inbound LINE (validates X-Line-Signature) |
POST /webhooks/:agentId/voice | Inbound voice call — returns ConversationRelay TwiML |
POST /webhooks/:agentId/outbound-voice | Outbound call webhook |
POST /webhooks/:agentId/call-status | Call status updates |
WSS /webhooks/:agentId/voice-ws | Live AI voice WebSocket |
Blocked channels silently return 200 with no processing.
REST API v1
All endpoints at /api/v1/. Require Authorization: Bearer .
| Endpoint | Method | Description |
|---|---|---|
/api/v1/send-message | POST | Send SMS, email, WhatsApp, or LINE |
/api/v1/make-call | POST | Start an AI voice call |
/api/v1/call-on-behalf | POST | Secretary call — bridge if available |
/api/v1/send-voice-message | POST | Send TTS voice message |
/api/v1/transfer-call | POST | Transfer a live call |
/api/v1/waiting-messages | GET | Fetch dead letters (auto-acknowledges) |
/api/v1/channel-status | GET | Agent channel status |
/api/v1/usage | GET | Usage stats and limits |
/api/v1/billing | GET | Billing summary |
/api/v1/provision | POST | Provision agent channels |
/api/v1/deprovision | POST | Deprovision agent |
/api/v1/health | GET | Health check |
/api/v1/openapi.json | GET | OpenAPI 3.1 spec |
/api/v1/integration-guide | GET | Integration guide (markdown) |
Admin Endpoints
UI Routes
| Endpoint | Description |
|---|---|
GET /admin/setup | Web-based setup wizard |
GET /admin/dashboard | Admin dashboard (agents, costs, alerts) |
GET /admin/api-docs | Swagger UI with interactive API explorer |
API Routes
Most routes require Authorization: Bearer . Public endpoints (/health, /openapi.json, /integration-guide) do not require auth.
| Endpoint | Description |
|---|---|
GET /admin/api/status | Provider configuration status |
GET /admin/api/dashboard | Dashboard data (agents, usage, alerts) |
POST /admin/api/test/twilio | Test Twilio credentials |
POST /admin/api/test/elevenlabs | Test ElevenLabs credentials |
POST /admin/api/test/resend | Test Resend credentials |
POST /admin/api/save | Save credentials to .env |
POST /admin/api/deploy | Restart server with new settings |
GET /admin/api/agents | List all provisioned agents |
POST /admin/api/agents/:agentId/blocked-channels | Set blocked channels |
GET /admin/api/my-token | Get current org token |
POST /admin/api/regenerate-token | Regenerate org token |
Example
curl -X POST http://localhost:3100/admin/api/test/twilio \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_ORCHESTRATOR_TOKEN" \
-d '{"accountSid":"AC...","authToken":"..."}'