Plixa API
Introduction
REST API for the Plixa SaaS — WhatsApp customer service for small and medium businesses.
Plixa is API-first. Every action the customer panel takes is also available through this API, and the same contract powers the official SDKs and partner integrations.
Quickstart
- Generate an API token at app.plixa.app → Settings → API tokens.
- Send the token as a bearer header on every request:
curl https://api.plixa.app/v1/me \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Accept: application/json"
Response envelope
Every endpoint returns the same JSON shape — the panel and SDKs rely on this consistency:
{ "data": { ... }, "meta": null, "errors": null }Errors carry a machine-readable code so SDKs can switch on it
instead of parsing English:
{
"data": null,
"meta": null,
"errors": [{ "code": "AI_PLAN_REQUIRED", "message": "..." }]
}Rate limits
Mutating endpoints (sending messages, AI previews) are rate-limited
per tenant. When a limit is hit the response is HTTP 429 with the
usual Retry-After header — back off and retry.
Webhooks
Plixa pushes events (new conversations, inbound messages, status
changes) to URLs you configure in the panel. Payloads are signed
with HMAC-SHA256 in the X-Plixa-Signature header so
you can verify authenticity. See the Webhooks group below.
Authenticating requests
To authenticate requests, include an Authorization header with the value "Bearer {PLIXA_API_TOKEN}".
All authenticated endpoints are marked with a requires authentication badge in the documentation below.
Generate a token by calling POST /v1/auth/login or POST /v1/auth/register. Send it as Authorization: Bearer {token}.
AI configuration
On-demand quick-reply suggestions inside the inbox. Calls the AI provider once and returns 3 short, distinct candidates an operator can click into the composer, edit and send. Plan-gated to the same tier that allows automated replies — and rate-limited so the "click again" pattern can't blow the token budget.
Preview an AI reply without sending anything
Runs the AI provider against the supplied business description and either a single message or a multi-turn conversation. Lets operators iterate on their prompt before flipping the toggle on.
Plan-gated to Professional+ (same guard as production replies) so the playground can't be used as a free LLM proxy. Additionally throttled to 10 requests per minute per tenant.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/ai/preview" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"prompt\": \"We\'re a Brazilian bakery focused on sourdough...\",
\"message\": \"Do you ship to Vila Mariana?\",
\"history\": [
\"architecto\"
]
}"
Generate three reply candidates for a conversation
Headers
URL Parameters
Conversation id.
curl --request POST \
"https://api.plixa.app/v1/conversations/42/ai-suggestions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update the AI reply configuration
Refuses the update with 403 + AI_PLAN_REQUIRED when the active plan doesn't include AI replies (Starter).
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/ai-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"prompt\": \"We\'re a Brazilian bakery focused on sourdough...\",
\"enabled\": true
}"
POST v1/ai-faqs
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/ai-faqs" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"question\": \"b\",
\"answer\": \"n\"
}"
PUT v1/ai-faqs/{faq}
Headers
URL Parameters
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/ai-faqs/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"question\": \"b\",
\"answer\": \"n\"
}"
DELETE v1/ai-faqs/{faq}
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/ai-faqs/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Bulk reorder. Body shape: `{ "ids": [3, 1, 7, .
..] }`. Position is reassigned based on array order so the frontend can drag- and-drop without sending a full list of (id, position) pairs.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/ai-faqs/reorder" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"ids\": [
16
]
}"
POST v1/ai/improve-prompt
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/ai/improve-prompt" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"prompt\": \"b\"
}"
API tokens
Personal access tokens used by external integrations (the panel
itself uses its own tokens minted at login under the panel name;
this controller never returns those). All token names are prefixed
with api: server-side so the listing can be filtered cleanly.
Owner-gated AND plan-gated (api_access feature).
Create a new API token
The plain-text token is returned ONCE in this response — the panel must surface it for the operator to copy. Subsequent fetches only carry the hashed prefix.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/api-tokens" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"CRM integration\",
\"abilities\": [
\"read\",
\"write\"
],
\"expires_in_days\": 90
}"
Revoke an API token
Headers
URL Parameters
Token id.
curl --request DELETE \
"https://api.plixa.app/v1/api-tokens/11" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Account
The signed-in agent's own availability for taking NEW conversations. Self-service: every member manages only their own state here. The owner's read-only view of the whole team lives on the dashboard.
Current user and workspace
Returns the authenticated user and the workspace (tenant) they belong to. Useful for the panel boot-up: a single call hydrates the session state.
Headers
curl --request GET \
--get "https://api.plixa.app/v1/me" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"{
"data": {
"user": {
"id": 1,
"tenant_id": 1,
"name": "Lucia Pereira",
"email": "[email protected]",
"role": "owner"
},
"tenant": {
"id": 1,
"name": "Lucia Studios",
"slug": "lucia-studios-ab12cd",
"country_code": "BR",
"timezone": "America/Sao_Paulo",
"locale": "pt",
"status": "active"
}
},
"meta": null,
"errors": null
}Update the current user's preferences
Only fields the operator can edit on themselves — name, locale. Workspace-level settings (tenant.locale, plan, etc.) live on other endpoints.
Headers
Body Parameters
curl --request PATCH \
"https://api.plixa.app/v1/me" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"Lucia Pereira\",
\"locale\": \"pt-BR\"
}"
Set whether I'm accepting new conversations
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/me/availability" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"is_available\": false
}"
Presence heartbeat from the open panel
Headers
curl --request POST \
"https://api.plixa.app/v1/me/availability/heartbeat" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Schedule the workspace for permanent deletion.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/account/deletion" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"password\": \"secret-password\"
}"
Cancel a scheduled deletion and restore the workspace.
Headers
curl --request DELETE \
"https://api.plixa.app/v1/account/deletion" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Admin — Authentication
Sign-in for Plixa staff. Issues Sanctum tokens owned by the Admin model, resolved on subsequent requests by the AuthenticateAdmin middleware.
POST v1/admin/auth/login
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/auth/login" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"password\": \"|]|{+-\"
}"
POST v1/admin/auth/logout
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/auth/logout" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Admin — Email campaigns
Staff-authored marketing blasts sent from the backoffice through the verified Resend sender ([email protected]). Each send is recorded with per-recipient delivery status; every mutation lands in admin_audit_logs.
POST v1/admin/campaigns
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/campaigns" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Send a one-off test of the composed content to a single address so staff can eyeball the rendered email before blasting the list. Sent synchronously for immediate pass/fail feedback; not persisted.
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/campaigns/test" \
--header "Content-Type: application/json" \
--header "Accept: application/json"DELETE v1/admin/campaigns/{id}
Headers
URL Parameters
The ID of the campaign.
curl --request DELETE \
"https://api.plixa.app/v1/admin/campaigns/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Admin — Knowledge base
Staff CRUD over help articles. Reads bypass the published scope so drafts are editable; every mutation is recorded to admin_audit_logs.
POST v1/admin/kb/articles
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/kb/articles" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/kb/images
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/kb/images" \
--header "Content-Type: application/json" \
--header "Accept: application/json"PUT v1/admin/kb/articles/{article}
Headers
URL Parameters
The article.
curl --request PUT \
"https://api.plixa.app/v1/admin/kb/articles/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"DELETE v1/admin/kb/articles/{article}
Headers
URL Parameters
The article.
curl --request DELETE \
"https://api.plixa.app/v1/admin/kb/articles/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Admin — Support
Shared staff canned responses (macros) used to speed up replies. Global to the backoffice team, not tenant-scoped.
POST v1/admin/support/canned-replies
Headers
curl --request POST \
"https://api.plixa.app/v1/admin/support/canned-replies" \
--header "Content-Type: application/json" \
--header "Accept: application/json"PATCH v1/admin/support/canned-replies/{cannedReply}
Headers
URL Parameters
curl --request PATCH \
"https://api.plixa.app/v1/admin/support/canned-replies/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"DELETE v1/admin/support/canned-replies/{cannedReply}
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/admin/support/canned-replies/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/support/tags
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/support/tags" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\"
}"
DELETE v1/admin/support/tags/{id}
Headers
URL Parameters
The ID of the tag.
curl --request DELETE \
"https://api.plixa.app/v1/admin/support/tags/architecto" \
--header "Content-Type: application/json" \
--header "Accept: application/json"PUT v1/admin/support/tickets/{ticket}/tags
Headers
URL Parameters
The ticket.
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/admin/support/tickets/564/tags" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"tag_ids\": [
16
]
}"
Heartbeat for ticket presence; returns the other staff viewing it.
Headers
URL Parameters
The ticket.
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/viewing" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/support/tickets/{ticket}/priority
Headers
URL Parameters
The ticket.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/priority" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"priority\": \"architecto\"
}"
POST v1/admin/support/tickets/{ticket}/assign
Headers
URL Parameters
The ticket.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/assign" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"admin_id\": 16
}"
POST v1/admin/support/tickets/{ticket}/messages
Headers
URL Parameters
The ticket.
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/support/tickets/{ticket}/close
Headers
URL Parameters
The ticket.
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/close" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/support/tickets/{ticket}/reopen
Headers
URL Parameters
The ticket.
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/reopen" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Move the ticket through its lifecycle (open / pending / solved / closed).
Headers
URL Parameters
The ticket.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/support/tickets/564/status" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"status\": \"architecto\"
}"
Admin — Tenants
Cross-tenant oversight for staff: list every workspace with its plan, usage and status, drill into one, and run the safe lifecycle actions (suspend / reactivate). Every mutation is recorded to admin_audit_logs.
POST v1/admin/tenants/{tenant_id}/suspend
Headers
URL Parameters
The ID of the tenant.
curl --request POST \
"https://api.plixa.app/v1/admin/tenants/16/suspend" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/admin/tenants/{tenant_id}/reactivate
Headers
URL Parameters
The ID of the tenant.
curl --request POST \
"https://api.plixa.app/v1/admin/tenants/16/reactivate" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Mint a short-lived tenant token so staff can step into a customer's panel to debug. Time-boxed to 30 minutes and recorded to admin_audit_logs — this is a powerful, fully-traceable action.
Headers
URL Parameters
The ID of the tenant.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/tenants/16/impersonate" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"user_id\": 16
}"
Grant a manual, Plixa-issued license — independent of Stripe. Used to comp design partners / beta testers a plan for a custom window (`expires_in_months`) or for life (omit it). Unlocks the plan's features + seats immediately via Tenant::planKey().
Headers
URL Parameters
The ID of the tenant.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/tenants/16/license" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"plan_key\": \"architecto\",
\"expires_in_months\": 22
}"
Revoke a manual license grant — the tenant falls back to Stripe.
Headers
URL Parameters
The ID of the tenant.
curl --request DELETE \
"https://api.plixa.app/v1/admin/tenants/16/license" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Authentication
Register a new workspace
Creates a Tenant (workspace) and the owner User in a single transaction, then issues a Sanctum bearer token for the owner.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/auth/register" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"Lucia Pereira\",
\"email\": \"[email protected]\",
\"password\": \"super-secret-pw\",
\"company_name\": \"Lucia Studios\",
\"country_code\": \"BR\",
\"tax_id\": \"architecto\",
\"timezone\": \"America\\/Sao_Paulo\",
\"locale\": \"pt\",
\"password_confirmation\": \"super-secret-pw\"
}"
{
"data": {
"user": {
"id": 1,
"tenant_id": 1,
"name": "Lucia Pereira",
"email": "[email protected]",
"role": "owner"
},
"tenant": {
"id": 1,
"name": "Lucia Studios",
"slug": "lucia-studios-ab12cd",
"country_code": "BR",
"timezone": "America/Sao_Paulo",
"locale": "pt",
"status": "active"
},
"token": "1|abcdef0123456789"
},
"meta": null,
"errors": null
}Sign in
Returns a Sanctum bearer token on success. Email comparison is case-insensitive. Wrong email and wrong password both return the same 401 with code INVALID_CREDENTIALS — we don't leak user existence.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/auth/login" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"password\": \"super-secret-pw\"
}"
{
"data": {
"user": {
"id": 1,
"tenant_id": 1,
"name": "Lucia Pereira",
"email": "[email protected]",
"role": "owner"
},
"tenant": {
"id": 1,
"name": "Lucia Studios",
"slug": "lucia-studios-ab12cd",
"country_code": "BR",
"timezone": "America/Sao_Paulo",
"locale": "pt",
"status": "active"
},
"token": "1|abcdef0123456789"
},
"meta": null,
"errors": null
}Verify a TOTP or recovery code and complete the login.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/auth/2fa-challenge" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"code\": \"architecto\",
\"recovery_code\": \"architecto\"
}"
Sign out
Revokes the token that authenticated this request. Other tokens on the same account keep working (e.g. another device, another integration).
Headers
curl --request POST \
"https://api.plixa.app/v1/auth/logout" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"[Empty response]Auto-assignment
Per-workspace routing rules that pick an assignee for brand-new conversations. Listing is open to every member so agents can see why they got assigned; mutation is owner-only and plan-gated.
Create a new auto-assignment rule.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/auto-assignment-rules" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"priority\": 100,
\"condition_type\": \"keyword\",
\"condition_value\": \"architecto\",
\"action_type\": \"least_busy\",
\"action_user_id\": 16,
\"is_active\": false
}"
Preview which rule (if any) would fire for a hypothetical inbound and who it would route to — without assigning anything or advancing the round-robin cursor. Lets an owner verify rules before they act on real customers.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/auto-assignment-rules/preview" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"message\": \"I want a refund\",
\"label_id\": 16
}"
Update an existing auto-assignment rule.
Headers
URL Parameters
curl --request PUT \
"https://api.plixa.app/v1/auto-assignment-rules/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete an auto-assignment rule.
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/auto-assignment-rules/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"[Empty response]Billing
Start a Stripe Checkout session
Creates a Stripe Checkout Session for the authenticated user's workspace and returns the hosted URL the panel should redirect to. A 7-day free trial is applied to the workspace's first subscription.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/billing/checkout" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"plan\": \"professional\",
\"interval\": \"year\"
}"
{
"data": {
"url": "https://checkout.stripe.com/c/pay/cs_test_abc123",
"plan": "professional",
"interval": "month"
},
"meta": null,
"errors": null
}Open the Stripe Customer Portal
Returns a one-shot URL that lets the customer update card, change plan, see invoices, or cancel — all without us writing UI for it. The portal must be enabled in Stripe Dashboard → Settings → Billing → Customer portal (test mode and live mode are separate).
Headers
curl --request POST \
"https://api.plixa.app/v1/billing/portal" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"{
"data": {
"url": "https://billing.stripe.com/p/session/test_..."
},
"meta": null,
"errors": null
}Broadcasts
Mass-message campaigns. Owner-only writes, plan-gated to Professional+. Reads (list + detail + recipient breakdown) are open to every member so agents can see what's been sent and to whom.
Create and queue a broadcast.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/broadcasts" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"Black Friday 50% off\",
\"body\": \"Hi {{first_name}}! 50% off this Friday.\",
\"source\": \"manual\",
\"recipients\": [
\"architecto\"
],
\"label_id\": 16,
\"scheduled_at\": \"2052-07-03\"
}"
Cancel a broadcast still in flight. Already-sent recipients stay sent; pending ones are marked failed by the worker on the next check.
Headers
URL Parameters
The broadcast.
curl --request POST \
"https://api.plixa.app/v1/broadcasts/564/cancel" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Business hours
Per-workspace open/closed schedule. When enabled, inbound messages outside the configured window trigger an auto-reply instead of an AI reply. Available on every plan — closed-hours signalling is a trust feature, not a paywalled extra.
Update the business hours configuration
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/business-hours-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"enabled\": true,
\"message\": \"We\'re closed right now. We\'ll get back to you in the morning!\",
\"hours\": [
\"architecto\"
],
\"pause_sla\": false
}"
CSAT
Post-resolution satisfaction survey. When a conversation is resolved the bot asks the customer to rate it 1-5; a low score optionally asks for a comment. Owner-managed, available on every plan.
Update the CSAT configuration
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/csat-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"enabled\": true,
\"question\": \"How was your support? Reply 1-5.\",
\"follow_up_enabled\": true,
\"follow_up_question\": \"What could we improve?\",
\"thank_you\": \"Thanks for the feedback!\",
\"visible_to_agents\": true
}"
Contacts
Tenant-scoped contact directory. Reads are open to every member; writes are owner-gated because notes + field values are visible across the workspace and shouldn't be agent-mutable.
Custom field READS are always permitted (so agents see what the owner configured); only writes to definitions are plan-gated.
Create a contact (or return the existing one for the phone)
Idempotent per (tenant, phone): manual creation from the panel — e.g. booking an appointment for a walk-in who hasn't messaged yet — must not fail when that phone already wrote in. Open to every member because agents legitimately add customers while booking; only field-value writes and deletion stay owner-gated.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/contacts" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"contact_phone\": \"642559314232682282\",
\"contact_name\": \"u\"
}"
Attach a label to the contact
Idempotent: re-attaching is a no-op. Open to every workspace member so agents can tag customers without owner approval.
Headers
URL Parameters
The contact.
The label.
curl --request POST \
"https://api.plixa.app/v1/contacts/564/labels/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Detach a label from the contact
Headers
URL Parameters
The contact.
The label.
curl --request DELETE \
"https://api.plixa.app/v1/contacts/564/labels/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a contact's editable fields
Headers
URL Parameters
The ID of the contact.
Body Parameters
curl --request PATCH \
"https://api.plixa.app/v1/contacts/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"contact_name\": \"b\",
\"notes\": \"n\"
}"
Delete a contact
Field values cascade with the contact row. Conversations stay
(their contact_id becomes null via the FK on-delete rule);
the panel still shows them by phone.
Headers
URL Parameters
The ID of the contact.
curl --request DELETE \
"https://api.plixa.app/v1/contacts/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Set / clear the contact's custom field values in one shot
Body: { values: { [definition_id]: string|null } }. Empty
strings get coerced to null. Unknown definition ids are
silently skipped — keeps the panel resilient to an out-of-
date list. Owner-only, plan-gated.
Headers
URL Parameters
The contact.
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/contacts/564/custom-fields" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"values\": [
\"b\"
]
}"
Contacts (custom fields)
Per-tenant schema for the custom fields operators attach to Contact rows. Listing is open to every member (the inbox renders the definitions inline next to the contact's values). Writes are owner-only AND plan-gated (Professional+).
Create a new field definition
Headers
curl --request POST \
"https://api.plixa.app/v1/custom-field-definitions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a field definition
Headers
URL Parameters
curl --request PUT \
"https://api.plixa.app/v1/custom-field-definitions/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a field definition
Cascades: every value of this field across all contacts is wiped at the database level via the FK on-delete rule.
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/custom-field-definitions/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Reorder field definitions
Same pattern as saved-replies reorder: ids in the desired top-to-bottom order. Ids from other tenants get silently dropped at the SQL update layer.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/custom-field-definitions/reorder" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"ids\": [
16
]
}"
Conversations
Apply an action to many conversations in one request
Cuts the number of round-trips for operators triaging the inbox. Supported actions: close, reopen, assign, delete, add_label, remove_label. Returns the number of rows actually affected (silently skips ids that don't belong to the tenant — withoutGlobalScope is never applied here).
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/conversations/bulk" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"action\": \"close\",
\"ids\": [
12,
17,
19
],
\"assignee_id\": 7,
\"label_id\": 3
}"
Update a conversation
Edit the contact label shown for the conversation. WhatsApp doesn't always send a pushName, so operators need to tag contacts manually.
Headers
URL Parameters
The ID of the conversation.
Conversation id.
Body Parameters
curl --request PATCH \
"https://api.plixa.app/v1/conversations/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"contact_name\": \"Lucia Pereira\",
\"notes\": \"n\",
\"assigned_user_id\": 16
}"
Snooze a conversation
Hides the conversation from the default inbox list until the
given timestamp passes. The plixa:wake-snoozed-conversations
scheduled command clears the stamp at the right moment and
broadcasts a ConversationUpdated so the inbox refreshes
without a hard reload. Pass until: null to wake immediately.
Headers
URL Parameters
Conversation id.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/conversations/42/snooze" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"until\": \"2026-05-29T09:00:00Z\"
}"
POST v1/conversations/{conversation_id}/messages
Headers
URL Parameters
The ID of the conversation.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/conversations/architecto/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"body\": \"b\",
\"type\": \"text\",
\"quoted_message_id\": 16
}"
Send an outbound media message
Accepts a multipart upload (image, video, audio, document) plus an optional caption. The file is forwarded to Evolution as base64 — no S3 in MVP, no media URL we host. The resulting Message row stores trimmed metadata so the inbox renders a thumbnail / link inline just like inbound media.
Headers
URL Parameters
The ID of the conversation.
Conversation id.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/conversations/architecto/media-messages" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: multipart/form-data" \
--header "Accept: application/json" \
--form "caption=architecto"\
--form "voice=1"\
--form "duration_seconds=5"\
--form "waveform[]=7"\
--form "file=@/tmp/phpfooGmL" Delete a conversation
Permanently removes a conversation and every message inside it for the authenticated tenant. The contact on the customer's phone is unaffected — only Plixa's local copy goes. Useful while sandbox-testing.
Headers
URL Parameters
The ID of the conversation.
Conversation id.
curl --request DELETE \
"https://api.plixa.app/v1/conversations/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"[Empty response]Daily digest
Owner-only toggle for the daily activity email. Off by default; flipping it on enrolls the workspace in tomorrow's 9am UTC run.
Update the daily digest configuration
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/digest-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"enabled\": true,
\"frequency\": \"weekly\"
}"
Send a one-off "test" digest to the current authenticated user.
Uses the same stats payload + template as the scheduled job so the operator gets a real preview of what tomorrow's email will look like. Differences from the scheduled run:
- Recipient is the CURRENT user, not the owner. (An owner testing from their phone might want it sent to a personal inbox via a copy of the account.)
- Empty-activity workspaces still get the email — for a test, the operator wants the layout regardless.
Headers
curl --request POST \
"https://api.plixa.app/v1/digest-config/test" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Endpoints
POST v1/ai/extract-business-hours
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/ai/extract-business-hours" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"prompt\": \"b\"
}"
Flows
Visual conversation flows: the bot walks an inbound conversation through a graph of steps (greeting, menu, capture, route to a sector, hand off) before the AI or a human takes over. Owner-only — flows are workspace automation, not per-agent settings.
Editing saves a draft; the live graph only changes on Publish, so a half-finished edit never reaches a real customer.
Create a flow
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/flows" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"WhatsApp reception\",
\"reprompt_after_minutes\": 22,
\"close_after_minutes\": 7,
\"reprompt_message\": \"z\",
\"close_conversation_on_timeout\": true
}"
Save a flow draft
Persists the working graph without affecting live conversations.
Headers
URL Parameters
The ID of the flow.
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/flows/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"name\": \"b\",
\"reprompt_after_minutes\": 22,
\"close_after_minutes\": 7,
\"reprompt_message\": \"z\",
\"close_conversation_on_timeout\": true
}"
Publish a flow
Validates the draft graph and copies it into the live definition.
Headers
URL Parameters
The flow.
curl --request POST \
"https://api.plixa.app/v1/flows/564/publish" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Enable or disable a flow
Turning a flow on switches every other flow with the same trigger off, so only one reception flow runs at a time. A flow must be published before it can be enabled.
Headers
URL Parameters
The flow.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/flows/564/toggle" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"enabled\": true
}"
Delete a flow
Headers
URL Parameters
The ID of the flow.
curl --request DELETE \
"https://api.plixa.app/v1/flows/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Build / edit a flow draft via natural language
Headers
URL Parameters
The flow.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/flows/564/ai-build" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"history\": [
\"architecto\"
],
\"graph\": []
}"
Inbox
On-demand AI summary of an inbox thread. When an agent takes over a long conversation, this gives them a 3-6-sentence TL;DR so they don't have to scroll through hundreds of messages to ground themselves. Customer never sees the output — operator-facing only.
Plan-gated to the same tier that allows automated AI replies. Cached
on the conversation row; the cache invalidates when a new message
lands. A ?refresh=1 query param forces regeneration.
Generate or fetch the cached AI summary for a conversation
Headers
URL Parameters
Conversation id.
Query Parameters
Pass 1 to force regeneration even when the cache is fresh.
curl --request POST \
"https://api.plixa.app/v1/conversations/42/summary?refresh=1" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Labels
Workspace-level tags every member can pin onto conversations. Listing is open to every member (the inbox needs to render badges); creating, renaming, recoloring and deleting is owner-only — keeps the palette disciplined.
Attach a label to a conversation
Any workspace member can attach. Idempotent: re-attaching is a 200 with the same payload, not a duplicate row.
Headers
URL Parameters
The conversation.
The label.
curl --request POST \
"https://api.plixa.app/v1/conversations/564/labels/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Detach a label from a conversation
Headers
URL Parameters
The conversation.
The label.
curl --request DELETE \
"https://api.plixa.app/v1/conversations/564/labels/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Create a label
Owner-only.
Headers
curl --request POST \
"https://api.plixa.app/v1/labels" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a label
Owner-only.
Headers
URL Parameters
The ID of the label.
curl --request PUT \
"https://api.plixa.app/v1/labels/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a label
Owner-only. Also detaches the label from every conversation it's attached to (cascade on conversation_label).
Headers
URL Parameters
The ID of the label.
curl --request DELETE \
"https://api.plixa.app/v1/labels/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Messages API
External entry point for sending outbound WhatsApp messages through
Plixa. Authenticates via Sanctum personal access token, with the
write ability required. Plan-gated to api_access = true.
Looks up the tenant's first connected phone instance and uses it (Plixa MVP only supports one number per workspace anyway). Creates or reopens a conversation for the contact and persists the outbound Message row so the panel renders it just like any other reply.
POST v1/messages/send
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/messages/send" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"phone\": \"642559314232682282\",
\"body\": \"u\"
}"
Onboarding
Computes the "getting started" checklist the dashboard banner uses to nudge new workspaces through their first-run setup. State is derived from existing tables on the fly — no extra columns, no background jobs to keep in sync. The only persisted bit is whether the owner explicitly dismissed the banner.
POST v1/onboarding/dismiss
Headers
curl --request POST \
"https://api.plixa.app/v1/onboarding/dismiss" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Payments (Stripe Connect)
Owner-only. Connects each workspace's own Stripe account (Express) so booking deposits land there, and surfaces the payments the workspace has received. No API keys: Stripe hosts the onboarding.
Start (or resume) Stripe onboarding — returns a hosted URL to redirect to.
Headers
curl --request POST \
"https://api.plixa.app/v1/payments/connect" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"One-time login link to the workspace's Stripe Express dashboard.
Headers
curl --request POST \
"https://api.plixa.app/v1/payments/dashboard-link" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Phone instances
Add a WhatsApp number
Owner-only. Provisions a brand-new Evolution instance for the
tenant — up to the plan's whatsapp_numbers limit — and returns it
in pending_qr state so the panel can immediately show the pairing
QR. Rejected with PHONE_NUMBER_LIMIT_REACHED (409) once the plan's
allowance is exhausted.
Headers
curl --request POST \
"https://api.plixa.app/v1/phone-instances" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Disconnect a phone instance
Logs the WhatsApp session out of Evolution and flips the local
status to disconnected. The next pairing will require a fresh
QR scan. Owner-only — disconnecting silently mid-day would
disrupt the entire workspace.
Headers
URL Parameters
curl --request POST \
"https://api.plixa.app/v1/phone-instances/564/disconnect" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Restart a phone instance
Asks Evolution to bounce the connection without unpairing. Useful
when the panel shows "disconnected" but the WhatsApp session is
still valid upstream and just needs a nudge. Flips the local
status to pending_qr so the next QR poll picks up a fresh code.
Headers
URL Parameters
curl --request POST \
"https://api.plixa.app/v1/phone-instances/564/restart" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Push notifications
Browser-based push subscriptions backed by the W3C Push API + VAPID. The panel registers a service worker, asks the browser for a PushSubscription, and POSTs the endpoint + keys here. Notifications are then routed through the same Laravel queue as our emails.
Register or refresh a push subscription
Called by the panel right after the browser grants Notifications permission. Endpoint is unique per (user, browser) — the channel upserts so re-subscribing won't create duplicates.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/push/subscriptions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"endpoint\": \"b\",
\"keys\": {
\"p256dh\": \"architecto\",
\"auth\": \"architecto\"
},
\"content_encoding\": \"n\"
}"
Remove a push subscription
Called when the user turns notifications off in the panel or when the service worker reports the subscription has been revoked.
Headers
Body Parameters
curl --request DELETE \
"https://api.plixa.app/v1/push/subscriptions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"endpoint\": \"b\"
}"
Register or refresh a push subscription
Called by the panel right after the browser grants Notifications permission. Endpoint is unique per (user, browser) — the channel upserts so re-subscribing won't create duplicates.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/admin/push/subscriptions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"endpoint\": \"b\",
\"keys\": {
\"p256dh\": \"architecto\",
\"auth\": \"architecto\"
},
\"content_encoding\": \"n\"
}"
Remove a push subscription
Called when the user turns notifications off in the panel or when the service worker reports the subscription has been revoked.
Headers
Body Parameters
curl --request DELETE \
"https://api.plixa.app/v1/admin/push/subscriptions" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"endpoint\": \"b\"
}"
SLA targets
Two optional service-level targets per workspace:
first_response_seconds— how long the customer should wait before someone in the workspace answers their first message.resolution_seconds— how long a conversation should stay open before it gets closed.
NULL on either means "no target set"; the inbox and reports skip the SLA decoration entirely in that case. Each target is capped at 7 days (604800s) — anything longer is hardly an SLA.
Update the workspace SLA targets
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/sla-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"first_response_seconds\": 900,
\"resolution_seconds\": 86400
}"
Saved replies
Canned messages every workspace member can pick from while composing in the inbox. Visible to every member (no per-user replies in MVP), but only owners can create/edit/delete — keeps the dropdown curated.
Create a saved reply
Owner-only.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/saved-replies" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"label\": \"Hours\",
\"body\": \"We\'re open Monday to Saturday 9am-7pm.\"
}"
Update a saved reply
Owner-only.
Headers
URL Parameters
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/saved-replies/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"label\": \"b\",
\"body\": \"n\"
}"
Delete a saved reply
Owner-only.
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/saved-replies/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Reorder saved replies
Accepts an array of saved-reply ids in the desired display order.
Ids missing from the array keep their current position so a
partial drag (e.g., reordering 3 out of 30) doesn't trash the
rest. Owner-only.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/saved-replies/reorder" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"ids\": [
12,
7,
9
]
}"
Scheduling — appointments
The calendar feed plus staff actions: manual booking, reschedule, cancel, and marking a no-show. All tenant-scoped; open to every member.
Book an appointment manually (staff)
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"service_id\": 16,
\"start\": \"2026-06-10T00:37:58\",
\"provider_id\": 16,
\"contact_id\": 16,
\"notes\": \"n\",
\"occurrences\": 7
}"
Edit an appointment's basic fields
The booking form lets staff create an appointment without a contact (e.g. a slot reserved before the customer is on file). Those fields are otherwise stuck once the appointment exists — there's no generic edit — so this patches them in afterwards. Only the keys actually sent are touched, so the panel can update just the contact.
Headers
URL Parameters
The ID of the appointment.
Body Parameters
curl --request PATCH \
"https://api.plixa.app/v1/scheduling/appointments/16" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"contact_id\": 16,
\"notes\": \"n\"
}"
Reschedule an appointment
Headers
URL Parameters
The appointment.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/reschedule" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"start\": \"2026-06-10T00:37:58\"
}"
Cancel an appointment
Headers
URL Parameters
The appointment.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/cancel" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"reason\": \"b\"
}"
Mark an appointment as a no-show
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/no-show" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Mark an appointment as completed (the patient attended)
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/complete" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Mark that the patient has arrived / checked in (waiting to be seen)
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/arrive" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Create a Stripe Checkout link to collect an appointment's deposit / prepayment. Operational (owner + agent) so a front-desk agent can send the link. Returns 422 when nothing is owed.
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/payment-link" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Approve a pending (requested) booking → confirmed, and schedule its reminders. Owner only.
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/approve" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Decline a pending (requested) booking → cancelled. Owner only.
Headers
URL Parameters
The appointment.
curl --request POST \
"https://api.plixa.app/v1/scheduling/appointments/564/decline" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — base schedule
The workspace "base" weekly working hours: a template the owner defines once and imports into each provider, instead of typing the same hours for 30 people. Stored as JSON on the tenant; only the weekly open windows (no date overrides). Owner-only.
Replace the workspace base schedule (owner only)
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/scheduling/default-schedule" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"timezone\": \"Asia\\/Yekaterinburg\",
\"rules\": [
\"architecto\"
]
}"
Scheduling — calendar sync
Per-agent Google Calendar link. Each member connects their own Google account: Plixa writes their appointments to it and reads their free/busy back so outside commitments block Plixa slots. Tokens are encrypted at rest and never returned to the client.
Disconnect the current user's Google Calendar.
Headers
curl --request POST \
"https://api.plixa.app/v1/scheduling/calendar/google/disconnect" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — holidays
Owner toggle: import the workspace country's public holidays as closures so the AI never books on them. Enabling (or re-saving) runs a sync now; disabling drops future holiday closures. Owner-only (route group).
Enable or disable holiday blocking
Enabling imports holidays immediately; a network hiccup still saves the toggle (synced=false) and the scheduled sync retries later.
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/scheduling/holiday-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"block_holidays\": false
}"
Scheduling — provider availability
A provider's bookable working hours: a timezone plus a flat list of rules (recurring weekday windows and date overrides, open or blocked). Readable by members; the full-replace update is owner-only.
Replace a provider's schedule (owner only)
Sends the full set of rules; the previous rules are replaced wholesale.
Headers
URL Parameters
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/scheduling/providers/564/schedule" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"timezone\": \"Asia\\/Yekaterinburg\",
\"rules\": [
{
\"kind\": \"architecto\",
\"weekday\": 4,
\"date\": \"2026-06-10\",
\"start_time\": \"00:37\",
\"end_time\": \"00:37\"
}
]
}"
Scheduling — reminders
Owner setting: when the workspace sends appointment reminders, as a list of "minutes before the appointment". Null falls back to the system default; an empty list turns reminders off. A service can still override per-service. Owner-only (route group).
Set the workspace's reminder timing
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/scheduling/reminder-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"offsets\": [
16
]
}"
Scheduling — resources
Shared, capacity-limited assets (rooms, equipment). A booking of a linked service consumes one unit; the slot is full once capacity is reached. Readable by members; mutations owner-only.
Create a resource (owner only)
Headers
curl --request POST \
"https://api.plixa.app/v1/scheduling/resources" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a resource (owner only)
Headers
URL Parameters
The ID of the resource.
curl --request PUT \
"https://api.plixa.app/v1/scheduling/resources/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a resource (owner only)
Headers
URL Parameters
The ID of the resource.
curl --request DELETE \
"https://api.plixa.app/v1/scheduling/resources/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — saved filters
Per-user saved calendar filters: which providers, services and statuses to show on the agenda. Each person manages their own; one can be the default, applied automatically when they open the calendar. Every member (not just owners) keeps their own set.
Save a new filter
Headers
curl --request POST \
"https://api.plixa.app/v1/scheduling/calendar-filters" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a saved filter
Headers
URL Parameters
curl --request PUT \
"https://api.plixa.app/v1/scheduling/calendar-filters/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a saved filter
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/scheduling/calendar-filters/564" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — services
Bookable services. Readable by every member (the calendar + booking flows need them); create/update/delete are owner-only.
Create a service (owner only)
Headers
curl --request POST \
"https://api.plixa.app/v1/scheduling/services" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a service (owner only)
Headers
URL Parameters
The ID of the service.
curl --request PUT \
"https://api.plixa.app/v1/scheduling/services/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a service (owner only)
Headers
URL Parameters
The ID of the service.
curl --request DELETE \
"https://api.plixa.app/v1/scheduling/services/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — waitlist
Surfaces the appointment waitlist (built up by the AI when no slots are free) so staff can see who's waiting for which service and clear stale entries. Tenant-scoped; open to every member. The auto-notify-on-cancel flow lives in NativeSchedulingProvider — this is the human-facing view.
Remove a waitlist entry
Headers
URL Parameters
The ID of the entry.
curl --request DELETE \
"https://api.plixa.app/v1/scheduling/waitlist/16" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Scheduling — workspace closures
Days the whole workspace is closed. Adding one date blocks every provider (and the AI) for that day, so the owner closes the business once instead of editing each provider's schedule. Reads are open to members; create/delete are owner-only (route group).
Close the workspace on a date (owner only)
Idempotent per (tenant, date): re-closing an already-closed day just returns it. Manual source — a holiday sync owns its own rows.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/scheduling/closures" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"date\": \"2026-06-10\",
\"reason\": \"b\"
}"
Reopen the workspace on a date (owner only)
Headers
URL Parameters
The ID of the closure.
curl --request DELETE \
"https://api.plixa.app/v1/scheduling/closures/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Sectors
Business departments (Sales, Support, Finance…) the owner defines so conversations can be routed to the right team. Listing is open to every member (the inbox and the flow editor both need it); creating, renaming and assigning agents is owner-only.
Create a sector
Owner-only.
Headers
curl --request POST \
"https://api.plixa.app/v1/sectors" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Update a sector
Owner-only. Pass user_ids to replace the assigned agents.
Headers
URL Parameters
The ID of the sector.
curl --request PUT \
"https://api.plixa.app/v1/sectors/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Delete a sector
Owner-only. Conversations tagged with this sector keep their history but lose the tag (sector_id is set to null).
Headers
URL Parameters
The ID of the sector.
curl --request DELETE \
"https://api.plixa.app/v1/sectors/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Security
Workspace-wide security / access toggles:
require_two_factor— every member must enable 2FA before the panel grants access.agent_restricted_to_own_conversations— agents see only their own + unassigned conversations in the inbox. Off by default (matches the helpdesk industry pattern of a shared inbox); on is the multi-team / compliance choice.
Update the workspace security configuration
Toggling require_two_factor ON is gated on the owner having
their own 2FA enabled — otherwise the owner could lock themselves
out instantly. Turning it OFF has no such gate.
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/security-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"require_two_factor\": true,
\"agent_restricted_to_own_conversations\": false
}"
Support
The customer side of in-app support: a workspace member opens a ticket and converses with Plixa staff. Auto-scoped to the caller's tenant by the BelongsToTenant global scope on SupportTicket.
POST v1/support/tickets
Headers
curl --request POST \
"https://api.plixa.app/v1/support/tickets" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/support/tickets/{ticket_id}/messages
Headers
URL Parameters
The ID of the ticket.
curl --request POST \
"https://api.plixa.app/v1/support/tickets/16/messages" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/support/tickets/{ticket_id}/close
Headers
URL Parameters
The ID of the ticket.
curl --request POST \
"https://api.plixa.app/v1/support/tickets/16/close" \
--header "Content-Type: application/json" \
--header "Accept: application/json"POST v1/support/tickets/{ticket_id}/reopen
Headers
URL Parameters
The ID of the ticket.
curl --request POST \
"https://api.plixa.app/v1/support/tickets/16/reopen" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Customer satisfaction rating — only once the ticket is solved/closed.
Headers
URL Parameters
The ID of the ticket.
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/support/tickets/16/rating" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"rating\": 1,
\"comment\": \"n\"
}"
Team
Create an invitation
Owner-only. Returns the freshly issued invitation including the
one-shot accept_url so the panel can render a copy-to-clipboard
button. After the response the token is hidden — losing it means
re-issuing the invite.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/team/invitations" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"role\": \"agent\"
}"
Resend the invitation email
Owner-only. Queues the same InvitationCreated mailable that the initial create() does — same accept_url, same expiry. Returns the invitation with the link so the owner can also copy-paste it to another channel.
Headers
URL Parameters
Invitation id.
curl --request POST \
"https://api.plixa.app/v1/team/invitations/14/resend" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Cancel a pending invitation
Owner-only. Accepted invitations cannot be cancelled — remove the user from the workspace instead via MemberController::destroy.
Headers
URL Parameters
The ID of the invitation.
Invitation id.
curl --request DELETE \
"https://api.plixa.app/v1/team/invitations/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Remove a member
Owner-only. Unassigns any conversations that were attached to the removed user (their messages stay). Owners can't remove themselves — they should transfer ownership first (out of MVP scope).
Headers
URL Parameters
The ID of the member.
The user id.
curl --request DELETE \
"https://api.plixa.app/v1/team/members/architecto" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Accept an invitation
Public — creates the user, attaches them to the tenant, marks the invitation accepted, and returns a Sanctum token so the panel can sign them in immediately.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/team/invitations/accept" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"token\": \"aBcD1234…\",
\"name\": \"Lucia Pereira\",
\"password\": \"super-secret-pw\"
}"
Two-factor authentication
Endpoints the user hits from /account to set up, confirm, regenerate recovery codes for, and disable their own TOTP second factor. All mutations require the current password — defence in depth against stolen session tokens.
Layout:
- GET /v1/me/2fa → status (enabled, configured-but-not-confirmed)
- POST /v1/me/2fa/setup → mint a fresh secret + otpauth URL
- POST /v1/me/2fa/confirm → verify first code, return recovery codes
- POST /v1/me/2fa/recovery-codes → regenerate recovery codes
- DELETE /v1/me/2fa → disable 2FA entirely
POST v1/me/2fa/setup
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/me/2fa/setup" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"password\": \"|]|{+-\"
}"
POST v1/me/2fa/confirm
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/me/2fa/confirm" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"code\": \"architecto\"
}"
POST v1/me/2fa/recovery-codes
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/me/2fa/recovery-codes" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"password\": \"|]|{+-\"
}"
Revoke a single recovery code
For when an operator suspects ONE code leaked (left a printout somewhere, sent it in a Slack DM by mistake) but wants to keep the others valid instead of regenerating the whole list.
Password-gated, audit-logged. Returns the count of remaining codes — the panel uses it to surface "you have N codes left".
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/me/2fa/recovery-codes/revoke" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"password\": \"********\",
\"code\": \"a1b2c3d4e5\"
}"
DELETE v1/me/2fa
Headers
Body Parameters
curl --request DELETE \
"https://api.plixa.app/v1/me/2fa" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"password\": \"|]|{+-\"
}"
Waitlist
Join the public waitlist
Stores an email for early access. Plixa never sells this list. The landing page (plixa.app) posts here from its hero and footer forms.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/waitlist" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"email\": \"[email protected]\",
\"locale\": \"en-US\",
\"referrer\": \"https:\\/\\/news.ycombinator.com\\/\"
}"
{
"data": {
"id": 42,
"email": "[email protected]",
"created_at": "2026-05-25T12:00:00+00:00"
},
"meta": null,
"errors": null
}Webhooks
Handle a Stripe webhook call.
Headers
curl --request POST \
"https://api.plixa.app/v1/webhooks/stripe" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Webhooks (outbound)
Owner-only management of customer-facing webhook endpoints. Plixa
fires message.{inbound,outbound} and conversation.{created, updated,deleted} to every active subscribed endpoint, signed with
HMAC-SHA256 (X-Plixa-Signature).
The endpoint secret is shown ONCE at create time. Storage is encrypted, the API never echoes it back — operators who lose the secret rotate the endpoint instead.
POST v1/webhook-endpoints
Headers
curl --request POST \
"https://api.plixa.app/v1/webhook-endpoints" \
--header "Content-Type: application/json" \
--header "Accept: application/json"PUT v1/webhook-endpoints/{endpoint}
Headers
URL Parameters
curl --request PUT \
"https://api.plixa.app/v1/webhook-endpoints/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"DELETE v1/webhook-endpoints/{endpoint}
Headers
URL Parameters
curl --request DELETE \
"https://api.plixa.app/v1/webhook-endpoints/564" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Fire a synthetic `webhook.test` delivery so the operator can verify their receiver wiring without waiting for a real message.
Headers
URL Parameters
curl --request POST \
"https://api.plixa.app/v1/webhook-endpoints/564/test" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Re-fire a previously-failed delivery
Resets the delivery back to pending, zeroes the attempts
counter so the existing exponential-backoff schedule starts
fresh, and queues a new DeliverWebhookJob with the same
payload. Useful after an operator fixes the receiver — they
don't have to wait for another organic event to confirm.
Refuses to act on deliveries that aren't in a terminal
failed state (no point retrying a pending one — the job
already has it).
Headers
URL Parameters
curl --request POST \
"https://api.plixa.app/v1/webhook-deliveries/564/retry" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"Welcome message
Owner-defined greeting auto-sent the first time a contact reaches the workspace. Unlike the AI configuration, this is available on every plan — no plan gate.
Update the welcome message configuration
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/welcome-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"message\": \"Hi! Thanks for reaching out — we usually reply within 15 minutes.\",
\"enabled\": true,
\"delay_seconds\": 5
}"
Workspace configuration
Tenant-wide settings every member is bound to:
- timezone (IANA, e.g. America/Sao_Paulo). All scheduled features (business hours, digests, SLA windows, "today" rollups) anchor to THIS — never to the server fuso or the operator's browser.
- default locale (en | pt-BR | es). Used as the fallback UI language for members who haven't set their own in /account, and as the language for transactional emails the workspace sends.
Owner-only. Members see their personal locale override in /account.
Update the workspace timezone + default locale + currency
Owner-only. The timezone field accepts only real IANA identifiers (validated against DateTimeZone::listIdentifiers) so a typo can't silently corrupt every scheduled feature.
Headers
Body Parameters
curl --request PUT \
"https://api.plixa.app/v1/workspace-config" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"timezone\": \"Asia\\/Yekaterinburg\",
\"locale\": \"sr_BA\",
\"currency\": \"architecto\"
}"
Upload (or replace) the workspace logo
Owner-only. Stored on the shared public-image disk under a UUID key. PNG/JPEG/WebP, ≤ 1 MB — no SVG (XSS surface). Display size is enforced by the consumers (a fixed-height box), so any aspect ratio is fine.
Headers
Body Parameters
curl --request POST \
"https://api.plixa.app/v1/workspace-config/logo" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: multipart/form-data" \
--header "Accept: application/json" \
--form "logo=@/tmp/phpEBNBMg" Remove the workspace logo. Owner-only.
Headers
curl --request DELETE \
"https://api.plixa.app/v1/workspace-config/logo" \
--header "Authorization: Bearer {PLIXA_API_TOKEN}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"