@@ -17,8 +17,8 @@ See [SECURITY.md](./SECURITY.md) for production configuration.
1717
1818## Authentication
1919
20- - ** Token Creation ** - Basic Auth with ` CLIENT_ID:CLIENT_SECRET `
21- - ** Device Operations** - Bearer Auth with Matrix token (` mt_xxxxx ` )
20+ - ** Token/Credential Management ** - Basic Auth with ` CLIENT_ID:CLIENT_SECRET `
21+ - ** Device/Webhook Operations** - Bearer Auth with Matrix token (` mt_xxxxx ` )
2222
2323## Token Management
2424
@@ -127,6 +127,8 @@ curl -X GET http://localhost:8080/api/v1/devices \
127127
128128### Send Message
129129
130+ #### Text Only (JSON)
131+
130132``` bash
131133curl -X POST http://localhost:8080/api/v1/devices/237123456789/message \
132134 -H " Authorization: Bearer $TOKEN " \
@@ -138,6 +140,19 @@ curl -X POST http://localhost:8080/api/v1/devices/237123456789/message \
138140 }'
139141```
140142
143+ #### Text + File (Multipart)
144+
145+ ``` bash
146+ curl -X POST http://localhost:8080/api/v1/devices/237123456789/message \
147+ -H " Authorization: Bearer $TOKEN " \
148+ -F " contact=1234567890" \
149+ -F " platform=wa" \
150+ -F " text=Check out this document" \
151+ -F " file=@/path/to/document.pdf"
152+ ```
153+
154+ File must have an extension.
155+
141156### Delete Device
142157
143158``` bash
@@ -150,6 +165,109 @@ curl -X DELETE http://localhost:8080/api/v1/devices \
150165 }'
151166```
152167
168+ ## Webhooks
169+
170+ Receive incoming message notifications via HTTP POST.
171+
172+ ### Add Webhook
173+
174+ ``` bash
175+ curl -X POST http://localhost:8080/api/v1/webhooks \
176+ -H " Authorization: Bearer $TOKEN " \
177+ -H " Content-Type: application/json" \
178+ -d ' {"url": "https://your-server.com/webhook"}'
179+ ```
180+
181+ ** Response:**
182+
183+ ``` json
184+ {
185+ "id" : 1 ,
186+ "url" : " https://your-server.com/webhook" ,
187+ "active" : true ,
188+ "created_at" : " 2026-04-27T10:00:00Z" ,
189+ "updated_at" : " 2026-04-27T10:00:00Z"
190+ }
191+ ```
192+
193+ ### List Webhooks
194+
195+ ``` bash
196+ curl -X GET http://localhost:8080/api/v1/webhooks \
197+ -H " Authorization: Bearer $TOKEN "
198+ ```
199+
200+ ### Update Webhook
201+
202+ ``` bash
203+ curl -X PUT http://localhost:8080/api/v1/webhooks/1 \
204+ -H " Authorization: Bearer $TOKEN " \
205+ -H " Content-Type: application/json" \
206+ -d ' {"url": "https://new-url.com/webhook", "active": false}'
207+ ```
208+
209+ Fields are optional. Omit to keep current value.
210+
211+ ### Delete Webhook
212+
213+ ``` bash
214+ curl -X DELETE http://localhost:8080/api/v1/webhooks/1 \
215+ -H " Authorization: Bearer $TOKEN "
216+ ```
217+
218+ ## Credentials (Admin Only)
219+
220+ Manage API client credentials. Requires Basic Auth with admin credentials.
221+
222+ ### Create Credential
223+
224+ ``` bash
225+ curl -X POST http://localhost:8080/api/v1/credentials \
226+ -u " $CLIENT_ID :$CLIENT_SECRET " \
227+ -H " Content-Type: application/json" \
228+ -d ' {
229+ "client_id": "my-app",
230+ "description": "Production API client"
231+ }'
232+ ```
233+
234+ ** Response:**
235+
236+ ``` json
237+ {
238+ "message" : " Credential created successfully" ,
239+ "credential" : {
240+ "client_id" : " my-app" ,
241+ "role" : " user" ,
242+ "scopes" : [],
243+ "description" : " Production API client" ,
244+ "active" : true ,
245+ "created_at" : " 2026-04-27T10:00:00Z" ,
246+ "updated_at" : " 2026-04-27T10:00:00Z"
247+ },
248+ "client_secret" : " xxxxxxxxxxxx"
249+ }
250+ ```
251+
252+ > [ !IMPORTANT]
253+ > Save ` client_secret ` immediately. It's only shown once.
254+
255+ ### List Credentials
256+
257+ ``` bash
258+ curl -X GET http://localhost:8080/api/v1/credentials \
259+ -u " $CLIENT_ID :$CLIENT_SECRET "
260+ ```
261+
262+ ### Delete Credential
263+
264+ ``` bash
265+ curl -X DELETE http://localhost:8080/api/v1/credentials/my-app \
266+ -u " $CLIENT_ID :$CLIENT_SECRET "
267+ ```
268+
269+ Cannot delete super admin credentials.
270+
153271## API Reference
154272
155273Swagger UI: ** < http://localhost:8080/docs/index.html > **
0 commit comments