Quick start
The Chatloom API lets you read and manage your agents from your own code. You authenticate with an API key that you generate in the dashboard and send on every request.
- Open Settings and go to the API Keys section.
- Click Generate API key. Copy it immediately — you won't see it again.
- Call any endpoint with your key in the
Authorizationheader.
curl https://chatloom.app/api/plugin/agents \
-H "Authorization: Bearer clf_your_api_key_here"A successful response returns JSON with the list of your agents:
{
"agents": [
{
"id": "agt_abc123",
"name": "Sales Assistant",
"primaryColor": "#611F69",
"secondaryColor": "#764ba2",
"position": "bottom-right",
"template": "modern",
"status": "active",
"createdAt": "2026-01-15T09:00:00.000Z"
}
],
"count": 1
}Authentication
All requests must include a valid API key. You can send it as either a bearer token or a custom header. Both work identically; pick whichever fits your client best.
Option 1: Authorization header (recommended)
Authorization: Bearer clf_your_api_key_hereOption 2: X-API-Key header
X-API-Key: clf_your_api_key_hereKeys always start with the clf_ prefix. Treat them like passwords: keep them server-side, never commit them to public repositories, and rotate them if you suspect they have been exposed. You can rotate a key at any time from the Settings page — the old key stops working the moment you generate a new one.
Base URL
https://chatloom.appAll endpoints below are relative to this base. The API serves only over HTTPS; plain http:// requests are redirected.
Endpoints
The current v1 surface is intentionally small — it covers the reads you need to build custom dashboards, audit workspaces, or embed Chatloom agents inside your own admin tools. See Roadmap for what's coming next.
GET/api/plugin/agents
Returns every agent in the authenticated workspace.
Response fields
| Field | Type | Description |
|---|---|---|
agents[] | array | List of agents ordered by createdAt (newest first). |
agents[].id | string | Unique agent identifier. Use this as the agentId in other endpoints and in embed snippets. |
agents[].name | string | Display name shown in the widget header. |
agents[].primaryColor | string | Hex color used for the launcher and primary accents. |
agents[].secondaryColor | string | Hex color used for gradients and secondary accents. |
agents[].position | string | One of bottom-right, bottom-left, top-right, top-left. |
agents[].template | string | Widget template name. |
agents[].status | string | Usually active. Deleted agents are excluded. |
agents[].createdAt | string (ISO 8601) | Creation timestamp. |
count | integer | Total number of agents in the response (same as agents.length). |
Example
const response = await fetch("https://chatloom.app/api/plugin/agents", {
headers: {
Authorization: `Bearer ${process.env.CHATLOOM_API_KEY}`,
},
})
if (!response.ok) {
throw new Error(`Chatloom API ${response.status}`)
}
const { agents, count } = await response.json()
console.log(`You have ${count} agents`)GET/api/plugin/agents/{agentId}/allowed-domains
Returns the active allowed-domain list for a single agent. Only the agents in your own workspace are accessible — requesting an agent you don't own returns 404.
Path parameters
| Parameter | Type | Description |
|---|---|---|
agentIdrequired | string | The agent's id (from GET /api/plugin/agents). |
Response fields
| Field | Type | Description |
|---|---|---|
domains[] | string[] | Domains the widget is allowed to load on, ordered by when they were added (oldest first). |
Example
curl https://chatloom.app/api/plugin/agents/agt_abc123/allowed-domains \
-H "Authorization: Bearer clf_your_api_key_here"{
"domains": ["example.com", "support.example.com"]
}Errors
Errors are returned as JSON with an error field and an appropriate HTTP status code. There is no envelope — a successful response returns the resource directly; an unsuccessful one returns the error object.
{
"error": "API key is required. Please provide it in Authorization or X-API-Key header."
}| Status | Meaning |
|---|---|
| 200 | The request succeeded. |
| 400 | The request body or parameters were malformed. The error message describes what to fix. |
| 401 | No API key was provided, or the key is invalid, expired, or malformed (wrong prefix). |
| 404 | The agent doesn't exist or isn't owned by the authenticated workspace. |
| 429 | You've hit a rate limit. Back off and retry with exponential backoff. |
| 500 | Something went wrong on our side. Retry with backoff and contact support if it persists. |
Rate limits
The API is intended for dashboards and background integrations, not for powering real-time widget traffic (the embed widget handles that on its own). A few hundred requests per minute per API key is comfortably within fair use.
If you need higher throughput for a specific integration, email us at support@chatloom.app with your use case and we'll help you design it.
Roadmap
The public API surface will grow as customers ask for specific flows. Items we're actively considering, based on user demand:
- Programmatic messaging — send and receive chat turns without embedding the widget.
- Conversation history export — read past conversations with filters for date range, channel, and satisfaction score.
- Training document management — upload, update, and delete documents in an agent's knowledge base.
- Webhooks — receive real-time events (conversation started, message received, escalation triggered). A webhook configuration UI already exists in the dashboard; full developer documentation is on its way.
- Analytics export — pull the same metrics the Analytics dashboard shows, in JSON or CSV.
If any of these matter to you, replying to us with your use case genuinely helps us prioritise.
Support
Email support@chatloom.app with your workspace name and a description of what you're trying to build. For issues that block a release, mention that in the subject line and we'll prioritise.
Found a bug in the docs or an endpoint that doesn't behave the way this page describes? That's a bug. Please send us the request and response so we can fix it.