All requests require a Bearer token in the header.
{ "Authorization": "Bearer YOUR_API_TOKEN", "Content-Type": "application/json" }
List all inboxes on the account.
{ "name": "Support", "channel": "WhatsApp", "phone_number": "+966500000000" }
List all contacts.
{ "name": "John Doe", "email": "john@company.com", "phone_number": "+123456789" }
Returns a list of all conversations.
{ "source_id": "CONTACT_ID", "inbox_id": "INBOX_ID" }
{ "content": "Hello, how can I help you?", "message_type": "outgoing" }
{ "subscription_level": "premium" }
Subscribe to events like:
message.created
conversation.updated
contact.updated
Set your webhook URL in the DOO CX dashboard under Settings > Webhooks. The endpoint must be HTTPS.
{ "event": "message.created", "timestamp": 1699999999, "account_id": 1, "data": { "id": 123, "content": "Hello from DOO", "message_type": "incoming", "sender": { "id": 9, "name": "Customer" }, "conversation": { "id": 999, "inbox_id": 2 } } }
conversation.created
conversation.updated
message.created
message.updated
contact.updated
We retry failed webhook deliveries up to 10 times using exponential backoff. We recommend responding with 200 OK
within 5 seconds.
Every webhook request includes an X-Signature
header. You can verify it using HMAC SHA256 with your webhook secret:
// Node.js example const crypto = require('crypto'); const payload = JSON.stringify(req.body); const signature = crypto .createHmac('sha256', WEBHOOK_SECRET) .update(payload) .digest('hex'); if (req.headers['x-signature'] === signature) { // Valid }
Set your webhook URL in the DOO CX dashboard under Settings > Webhooks. The endpoint must be HTTPS.
{ "event": "message.created", "timestamp": 1699999999, "account_id": 1, "data": { "id": 123, "content": "Hello from DOO", "message_type": "incoming", "sender": { "id": 9, "name": "Customer" }, "conversation": { "id": 999, "inbox_id": 2 } } }
conversation.created
conversation.updated
message.created
message.updated
contact.updated
We retry failed webhook deliveries up to 10 times using exponential backoff. We recommend responding with 200 OK
within 5 seconds.
Every webhook request includes an X-Signature
header. You can verify it using HMAC SHA256 with your webhook secret:
// Node.js example const crypto = require('crypto'); const payload = JSON.stringify(req.body); const signature = crypto .createHmac('sha256', WEBHOOK_SECRET) .update(payload) .digest('hex'); if (req.headers['x-signature'] === signature) { // Valid }