JSON API Reference

All endpoints accept POST with Content-Type: application/json. Authentication is via authToken in the request body, stripped before storage.

The name field on every User request body must be sent empty (""). User nicknames never travel as a plain field — they're carried only inside the encrypted payloads of messages, so the server cannot index or read them.

Endpoints

  1. POST /register — Register user
  2. POST /register2 — Create group
  3. POST /receive — Poll notifications
  4. POST /connect — Send friend request
  5. POST /connect2 — Reply to friend request
  6. POST /postmsg — Send direct message
  7. POST /groupinv — Invite user to group
  8. POST /postgroup — Send group message
  9. POST /pollgroup — Poll single group
  10. POST /pollgroups — Poll multiple groups
  11. POST /longpoll — Long-poll groups
  12. Common error responses
POST /register

Register a new user. No request body required. Returns a generated user ID and an auth token.

Response 200

{
  "object": "User",
  "userId": "<generated-hex-id>",
  "name": "",
  "authToken": "<generated-token>"
}
429 Rate limited (plain text)
POST /register2

Generate a new group ID. Caller must authenticate.

Request body

{
  "object": "User",
  "userId": "<userId>",
  "name": "",
  "authToken": "<authToken>"
}

Response 200

{
  "object": "Group",
  "groupId": "<generated-group-id>",
  "name": ""
}
429 Rate limited (plain text)
POST /receive

Poll for pending notifications (friend requests, friend responses, group invites, direct messages) since a given timestamp.

Request body

{
  "object": "User",
  "userId": "<userId>",
  "name": "",
  "authToken": "<authToken>",
  "lastMessageTimestamp": 1712345678000
}

Response 200

{
  "object": "Notifications",
  "friendRequests": [
    {
      "object": "FriendRequest",
      "fromUserId": "<id>",
      "toUserId": "<id>",
      "protocol": "DH_AND_AES",
      "cryptoData": "<base64-key-exchange>",
      "timestamp": 1712345678000
    }
  ],
  "friendResponses": [
    {
      "object": "FriendResponse",
      "fromUserId": "<id>",
      "toUserId": "<id>",
      "cryptoData": "<base64-key-exchange>",
      "timestamp": 1712345678000
    }
  ],
  "groupInvites": [
    {
      "object": "GroupInvite",
      "fromUserId": "<id>",
      "toUserId": "<id>",
      "groupId": "<groupId>",
      "algorithm": "AES_256",
      "cryptoData": "<encrypted-group-key>",
      "timestamp": 1712345678000
    }
  ],
  "messages": [
    {
      "object": "SendMessage",
      "fromUserId": "<id>",
      "toId": "<id>",
      "encContent": "<encrypted-message>",
      "timestamp": 1712345678000
    }
  ]
}
429 Rate limited (plain text)
POST /connect

Send a friend request. Initiates the key exchange by delivering the caller's Diffie-Hellman public key to the target user's notification queue.

Request body

{
  "object": "FriendRequest",
  "fromUserId": "<userId>",
  "authToken": "<authToken>",
  "toUserId": "<targetUserId>",
  "protocol": "DH_AND_AES",
  "cryptoData": "<base64-dh-public-key>"
}
200 Empty body
404 Target user does not exist
429 Rate limited
POST /connect2

Reply to a friend request. Completes the key exchange by delivering the responder's Diffie-Hellman public key to the original sender.

Request body

{
  "object": "FriendResponse",
  "fromUserId": "<userId>",
  "authToken": "<authToken>",
  "toUserId": "<targetUserId>",
  "cryptoData": "<base64-dh-public-key>"
}
200 Empty body
429 Rate limited
POST /postmsg

Send an encrypted direct message to another user.

Request body

{
  "object": "SendMessage",
  "fromUserId": "<userId>",
  "authToken": "<authToken>",
  "toId": "<targetUserId>",
  "encContent": "<encrypted-message-payload>"
}
200 Empty body
429 Rate limited
POST /groupinv

Invite a user to a group. Delivers the AES-256 encrypted group key to the recipient's notification queue. Both the target user and the group must already exist.

Request body

{
  "object": "GroupInvite",
  "fromUserId": "<userId>",
  "authToken": "<authToken>",
  "toUserId": "<targetUserId>",
  "groupId": "<groupId>",
  "algorithm": "AES_256",
  "cryptoData": "<encrypted-group-key>"
}
200 Empty body
429 Rate limited
POST /postgroup

Send an encrypted message to a group. Uses the same schema as /postmsg with toId set to the group ID.

Request body

{
  "object": "SendMessage",
  "fromUserId": "<userId>",
  "authToken": "<authToken>",
  "toId": "<groupId>",
  "encContent": "<encrypted-message-payload>"
}
200 Empty body
429 Rate limited
POST /pollgroup

Poll for new messages in a single group since a given timestamp.

Request body

{
  "object": "PollGroup",
  "userId": "<userId>",
  "authToken": "<authToken>",
  "groupId": "<groupId>",
  "lastMessageTimestamp": 1712345678000
}

Response 200

{
  "object": "GroupNotifications",
  "messages": [
    {
      "object": "SendMessage",
      "fromUserId": "<id>",
      "toId": "<groupId>",
      "encContent": "<encrypted-message>",
      "timestamp": 1712345678000
    }
  ]
}
429 Rate limited
POST /pollgroups

Poll for new messages across multiple groups at once since a given timestamp.

Request body

{
  "object": "PollGroups",
  "userId": "<userId>",
  "authToken": "<authToken>",
  "groupIds": ["<groupId1>", "<groupId2>"],
  "lastMessageTimestamp": 1712345678000
}

Response 200

Same GroupNotifications schema as /pollgroup.

429 Rate limited
POST /longpoll

Long-poll across multiple groups. Blocks server-side until a new message arrives for the user in any of the listed groups, then returns immediately.

Request body

{
  "object": "PollGroups",
  "userId": "<userId>",
  "authToken": "<authToken>",
  "groupIds": ["<groupId1>", "<groupId2>"],
  "lastMessageTimestamp": 1712345678000
}

Response 200

Plain text: the group ID that received a new message, or empty string if the wait timed out.

429 Rate limited
Common error responses
StatusMeaning
400Malformed or missing required fields
404Target user or group does not exist
429Rate limited — back off and retry
500Internal server error (plain text exception message)
SecBot Support
Questions about the API? Ask me anything!