Base URL
Authentication
Every request requires a workspace API token in theAuthorization header:
Errors
All errors share one envelope:details:
| Status | Code | Meaning |
|---|---|---|
| 400 | VALIDATION_ERROR | The request body failed validation. Check details. |
| 400 | WHATSAPP_SERVICE_WINDOW_CLOSED | WhatsApp’s 24-hour reply window has closed for this conversation. |
| 400 | LAST_ADMIN | The change would leave the workspace without an admin. |
| 400 | AGENT_MANAGED | The agent is managed by Adraa Inbox (the AI agent) and can’t be changed. |
| 401 | MISSING_TOKEN | No Authorization header was sent. |
| 401 | INVALID_API_TOKEN | The token is unknown or has been revoked. |
| 403 | COMPANY_MISMATCH | The agent belongs to a different workspace than the conversation. |
| 404 | CONVERSATION_NOT_FOUND | The conversation does not exist in your workspace. |
| 404 | AGENT_NOT_FOUND | The agent is not an active member of your workspace. |
| 409 | AGENT_ALREADY_MEMBER | The email already belongs to a workspace member. |
| 409 | NICKNAME_TAKEN | The display name is already in use across Adraa Inbox. |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests. Back off and retry. |
A
404 is returned for conversations that exist but belong to another
workspace. The API never reveals whether a resource exists outside the
token’s workspace.Rate limits
Write endpoints (assign, send message) accept 60 requests per minute. All other endpoints accept 100 requests per minute per IP. Exceeding a limit returns429 RATE_LIMIT_EXCEEDED.
IDs
Resources use cuid identifiers likecmbxgz9pq0003ph01m4n5o6p7. To find a conversation’s ID, open it in the agent console — it’s the last segment of the URL: