API Reference

Build on Orbinto. Integrate live chat, chatbots, and visitor data into your applications.

Base URLhttps://api.orbinto.com
v1
Get API KeyQuick StartRun in Postman

Quick Start

Make your first API call in under 5 minutes.

1Get your API key

Go to Settings → Developers → API Keys in your Orbinto dashboard and generate a new key.

2Make a request

List conversations
curl -X GET "https://api.orbinto.com/v1/conversations" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

3Response

200 OK
{
  "data": [
    {
      "id": "conv_abc123",
      "status": "open",
      "visitor": {
        "name": "Jane Doe",
        "email": "jane@example.com"
      },
      "assigned_to": "op_xyz789",
      "created_at": "2026-02-11T10:30:00Z",
      "updated_at": "2026-02-11T10:35:22Z",
      "messages_count": 5
    }
  ],
  "pagination": {
    "page": 1,
    "per_page": 25,
    "total": 142,
    "has_more": true
  }
}

Authentication

Two authentication methods are supported depending on your integration type.

API Key (Bearer Token)

For server-to-server integrations. Include your API key in the Authorization header of every request.

Authorization: Bearer sk_live_abc123...

Keys can be generated in Settings → Developers → API Keys. Each key has configurable scopes: read, write, or admin.

OAuth 2.0

For third-party apps that act on behalf of a user. Uses authorization code flow with PKCE.

# Redirect user to Orbinto authorization page
https://app.orbinto.com/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://yourapp.com/callback&
  response_type=code&
  scope=contacts:read conversations:read conversations:write

Available Scopes

ScopeAccess
contacts:readRead contact data
contacts:writeCreate, update, delete contacts
conversations:readRead conversations and messages
conversations:writeSend messages, assign, close
visitors:readRead visitor data and sessions
chatbots:readRead chatbot configurations
chatbots:writeCreate, update, delete chatbots
webhooks:manageCreate and delete webhooks
operators:readRead operator profiles

Base URL & Versioning

All API requests are made to:

https://api.orbinto.com/v1/

The API version is included in the URL path. The current stable version is v1. When we release breaking changes, a new version will be published while the previous version continues to work for a deprecation period of at least 12 months.

All requests must use HTTPS. HTTP requests are rejected with a 301 redirect.

Request and response bodies use JSON. Include Content-Type: application/json in all requests with a body.

Pagination

List endpoints support two pagination strategies.

ParameterTypeDefaultDescription
pageinteger1Page number (offset-based)
per_pageinteger25Items per page (max: 100)
afterstringCursor for forward pagination
limitinteger25Items to return (cursor-based, max: 100)
# Page-based pagination
curl "https://api.orbinto.com/v1/contacts?page=2&per_page=50" \
  -H "Authorization: Bearer YOUR_API_KEY"

# Cursor-based pagination (for large datasets)
curl "https://api.orbinto.com/v1/visitors?after=vis_abc123&limit=100" \
  -H "Authorization: Bearer YOUR_API_KEY"

Rate Limits

Rate limits are applied per API key and vary by plan.

PlanRate LimitBurst
Free60 req/min10 req/sec
Basic300 req/min30 req/sec
Professional1,000 req/min100 req/sec
Enterprise2,000 req/min200 req/sec

Rate Limit Headers

Every response includes rate limit information in the headers.

HTTP/1.1 200 OK
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1707654000
Retry-After: 30            # Only present on 429 responses

429 Too Many Requests — When you exceed your rate limit, the API returns a 429 status code with a Retry-After header indicating how many seconds to wait before retrying.

Endpoints

Contacts

6 endpoints

Manage contact records — visitors who have been identified by name or email.

GET/v1/contactsGET/v1/contacts/{id}POST/v1/contactsPATCH/v1/contacts/{id}DELETE/v1/contacts/{id}POST/v1/contacts/search
POST/v1/contactsCreate a contact

Body Parameters

NameTypeRequiredDescription
emailstringRequiredContact email address. Must be unique.
namestringOptionalFull name of the contact.
phonestringOptionalPhone number in E.164 format.
companystringOptionalCompany or organization name.
avatar_urlstringOptionalURL to a profile image.
custom_attributesobjectOptionalKey-value pairs of custom data. Keys must be strings.
tagsstring[]OptionalArray of tag names to assign.

Example

POST /v1/contacts
curl -X POST "https://api.orbinto.com/v1/contacts" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "name": "Jane Doe",
    "phone": "+1-555-0123",
    "company": "Acme Inc",
    "custom_attributes": {
      "plan": "professional",
      "signup_source": "landing_page"
    }
  }'

Operators

3 endpoints

Retrieve operator profiles, availability status, and assignments.

GET/v1/operatorsGET/v1/operators/{id}GET/v1/operators/{id}/availability

Webhooks

3 endpoints

Register and manage webhook endpoints for receiving real-time event notifications.

GET/v1/webhooksPOST/v1/webhooksDELETE/v1/webhooks/{id}

Coming SoonIn Development

Session Recordings API

Programmatic access to session recordings and heatmap data

AI Features API

Control AI writing assistant, auto-summaries, and NLP chatbot settings

CRM Sync API

Manage CRM connections, field mappings, and sync status

Webhooks

Receive real-time notifications when events occur in your Orbinto workspace. Configure webhooks in Settings → Developers → Webhooks or via the API.

Supported Events

EventDescription
conversation.createdA new conversation is started by a visitor
conversation.closedA conversation is closed by an operator or auto-close rule
conversation.assignedA conversation is assigned to an operator
conversation.ratedA visitor rates a completed conversation
message.createdA new message is sent in a conversation
contact.createdA new contact is identified
contact.updatedA contact record is modified
visitor.identifiedAn anonymous visitor is matched to a contact
visitor.page_viewedA tracked visitor navigates to a new page
chatbot.triggeredA chatbot workflow is activated for a visitor
chatbot.completedA chatbot workflow reaches its end state
operator.status_changedAn operator goes online or offline

Payload Structure

All webhook payloads follow a consistent envelope format:

message.created
{
  "event": "message.created",
  "timestamp": "2026-02-11T10:35:22Z",
  "data": {
    "id": "msg_def456",
    "conversation_id": "conv_abc123",
    "type": "visitor",
    "body": "Hi, I need help with my order",
    "visitor": {
      "id": "vis_ghi789",
      "name": "Jane Doe",
      "email": "jane@example.com"
    },
    "created_at": "2026-02-11T10:35:22Z"
  }
}

Signature Verification

Every webhook request includes an X-Orbinto-Signature header containing an HMAC-SHA256 hash of the request body. Verify this signature to ensure the request came from Orbinto.

const crypto = require("crypto");

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

// In your webhook handler:
const isValid = verifyWebhook(
  req.body,
  req.headers["x-orbinto-signature"],
  "your_webhook_secret"
);

Delivery & Retries

  • Webhooks are delivered within 5 seconds of the event.
  • If your endpoint returns a non-2xx status, Orbinto retries up to 5 times with exponential backoff (10s, 30s, 2m, 10m, 30m).
  • After all retries fail, the webhook is marked as failed. View delivery logs in Settings → Developers → Webhooks → Logs.
  • Your endpoint must respond within 10 seconds or the delivery is considered failed.

Error Handling

The API uses standard HTTP status codes and returns a structured JSON error object.

Error Response Format

{
  "error": {
    "type": "validation_error",
    "code": "invalid_parameter",
    "message": "The 'email' field must be a valid email address.",
    "param": "email",
    "status": 422,
    "request_id": "req_abc123def456"
  }
}
FieldTypeDescription
typestringError category: api_error, validation_error, authentication_error, rate_limit_error
codestringMachine-readable error code (e.g. invalid_parameter, not_found)
messagestringHuman-readable description of the error
paramstring?The parameter that caused the error (validation errors only)
statusintegerHTTP status code
request_idstringUnique request identifier for debugging. Include in support tickets.

HTTP Status Codes

CodeMeaning
200OK — Request succeeded
201Created — Resource created successfully
204No Content — Successful deletion
400Bad Request — Malformed JSON or invalid parameters
401Unauthorized — Missing or invalid API key
403Forbidden — Valid key but insufficient permissions (scope)
404Not Found — Resource does not exist
409Conflict — Resource already exists or state conflict
422Unprocessable — Validation errors in request body
429Too Many Requests — Rate limit exceeded
500Internal Server Error — Something went wrong on our end

SDKs & Libraries

Official client libraries to simplify API integration.

JS

JavaScript / Node.js

@orbinto/node · v1.2.0
Available
npm install @orbinto/node
PY

Python

orbinto · v1.1.0
Available
pip install orbinto
PHP

PHP

orbinto/orbinto-php
Coming Soon
RB

Ruby

orbinto-ruby
Coming Soon

Community SDKs welcome — contribute on GitHub.

Resources

Tools, specs, and support for building with Orbinto.

OpenAPI Specification

Download the OpenAPI 3.0 spec (JSON/YAML) for auto-generating clients, importing into Postman, or building custom tooling.

Postman Collection

Import the full API collection into Postman with pre-configured environments for development and production.

Changelog

Track API changes, new endpoints, deprecations, and breaking changes across versions.

API Status

Real-time operational status, uptime metrics, and incident history for all Orbinto services.

Developer Support

Need help with your integration? Reach out to our developer support team.

developers@orbinto.comGitHub Discussions