Rivan
← All docs

API reference

Rivan exposes a versioned REST API under /api/v1. All endpoints require an authenticated session (cookie) or, for server-to-server calls, a scoped API token. Responses are JSON.

This reference covers the public surface. The agent's /internal/* API is private and not part of the public contract.

Authentication

`` POST /api/v1/auth/login { email, password } → sets session cookie POST /api/v1/auth/refresh → rotates session POST /api/v1/auth/logout → clears session POST /api/v1/auth/register { email, password, companyName } ``

Tickets

`` GET /api/v1/tickets ?status=&cursor= → paginated list GET /api/v1/tickets/{id} → ticket + analysis + proposed reply POST /api/v1/tickets/{id}/reply { content } → send/approve a reply GET /api/v1/tickets/stream → Server-Sent Events of live updates ``

Knowledge base

`` GET /api/v1/kb → list KB entries POST /api/v1/kb { title, content } → add + embed ``

AI config

`` GET /api/v1/ai-config → current model + agent name (no secrets) POST /api/v1/ai-config { apiKey, model, agentName } POST /api/v1/ai-config/test → validate the Anthropic connection ``

Integrations

`` GET /api/v1/integrations → connection status POST /api/v1/integrations/crisp { websiteId, token } → connect Crisp ``

Audit log

`` GET /api/v1/audit-log → owner-only, append-only event history ``

Webhooks (inbound)

`` POST /api/webhooks/crisp → Crisp events (HMAC-verified, deduped) ``

Errors

Errors use standard HTTP status codes with a JSON body:

``json { "error": { "code": "unauthorized", "message": "..." } } ``

| Status | Meaning | |---|---| | 400 | Validation error | | 401 | Not authenticated | | 403 | Authenticated but not allowed (RBAC) | | 404 | Not found / not in your tenant | | 429 | Rate limited |