Bob Ask Bob Documentation

Complete API Reference and Integration Guide

← Back to Home Login Portal Help Center System Status

🔐 Authentication

POST /api/auth/login
Authenticate admin users and obtain access token 
{
  "email": "admin@office16852.com",
  "password": "your_password"
}
POST /api/customers/auth/login
Authenticate customer users (multi-tenant) 
{
  "email": "customer@business.com",
  "password": "customer_password"
}

💬 Chat & Conversations

Three paths: (1) Public same-origin anonymousPOST /api/chat (e.g. marketing site widget; no login). (2) Cross-origin embedPOST /api/widget/chat with X-Widget-Key and allowed Origin. (3) Authenticated app / Mission ControlPOST /api/chat/session and POST /api/chat/message (requires chat.manage and session/CSRF for cookie auth) — not for anonymous fetch from public pages.

1) Public anonymous (same-origin)

POST /api/chat
Unified pipeline for visitors on your own domain without signing in. Body includes message, session_id, optional business_id.

2) Cross-origin widget

POST /api/widget/chat
Embeds on customer sites. Headers: X-Widget-Key, Content-Type: application/json. Origin must be allowed for the key. See docs/REQUEST_FLOWS.md in the repository for CORS details.

3) Authenticated session / admin UI only

POST /api/chat/session
Create session when logged into Mission Control or dashboard (RBAC + CSRF for cookies).
POST /api/chat/message
Send a message from authenticated admin/chat UI (chat.manage). Returns 401 if called anonymously from a public page — use POST /api/chat for that case instead. 
{
  "session_id": "session_123",
  "message": "Hello, I need help with my order"
}
GET /api/chat/history/:session_id
Retrieve chat conversation history (authenticated)

📊 Analytics & Monitoring

GET /api/analytics/overview
Get system analytics overview
GET /api/health
Check system health status
GET /api/metrics/business
Get business-specific metrics

🏢 Multi-Tenant Customer Management

GET /api/customers/dashboard/:businessId
Get customer dashboard data for specific business
GET /api/customers/analytics/:businessId
Get business analytics for specific customer
GET /api/customers/integration/:businessId/status
Check integration status for business

🎯 UnityXpressions Pilot

GET /api/unityxpressions/dashboard
UnityXpressions pilot dashboard data
GET /api/pilot/metrics/realtime
Real-time pilot performance metrics
GET /api/pilot/feedback/recent
Recent customer feedback from pilot

🎓 Training & Learning

POST /api/training/unityxpressions/analyze
Analyze UnityXpressions business for training
POST /api/training/unityxpressions/quick-setup
Quick setup training for UnityXpressions
GET /api/learning/health
Learning engine health status

🔌 Widget Installation

Add Bob to any website with a single script tag. After onboarding, your widget embed code is available in the Customer Portal under Widget Setup.

<!-- Paste before </body> -->
<script
  src="https://your-domain.com/widget/loader.js"
  data-widget-key="YOUR_WIDGET_KEY"
  data-position="bottom-right"
  async>
</script>
GET /api/customer-portal/widget-code
Returns ready-to-paste embed code for your website. Requires customer JWT.

🎭 Persona Customization

Personas control how Bob communicates — tone, name, and system instructions. Every tenant gets a default persona on signup; you can customize it from the Admin Dashboard or the API.

GET /api/personas/:tenantId
List all personas for a tenant.
POST /api/personas/:tenantId
Create a new persona. Body: { name, description, tone, systemPrompt }
PUT /api/personas/:tenantId/:personaId
Update an existing persona's tone, instructions, or name.

💰 Plans & Pricing

Feature Starter Professional Enterprise
Monthly messages 1,000 10,000 Unlimited
Knowledge items 100 1,000 Unlimited
Custom personas 1 5 Unlimited
Integrations Web widget + Slack, Email All channels
Support Community Priority email Dedicated CSM
GET /api/checkout/plans
Returns available plans with pricing. No authentication required.

🛠️ Integration Examples

Use the block that matches your scenario. Do not copy the admin example into anonymous marketing HTML.

Public same-origin (anonymous)

const response = await fetch('/api/chat', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    session_id: sessionId,
    message: userMessage,
    business_id: 'office16852-platform'
  })
});
const data = await response.json();

Cross-origin widget

const response = await fetch('https://office16852.com/api/widget/chat', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Widget-Key': 'pk_live_...',
    'Origin': 'https://your-customer-site.com'
  },
  body: JSON.stringify({ session_id: sessionId, message: userMessage })
});

Authenticated admin only (Bearer)

// JavaScript — requires logged-in admin / Mission Control (Bearer)
const response = await fetch('/api/chat/message', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer ' + token
  },
  body: JSON.stringify({
    session_id: sessionId,
    message: userMessage
  })
});
const data = await response.json();
// Python — authenticated only
import requests
response = requests.post(
    'https://office16852.com/api/chat/message',
    headers={
        'Content-Type': 'application/json',
        'Authorization': f'Bearer {token}'
    },
    json={ 'session_id': session_id, 'message': user_message }
)