API Reference
The Aurogy Business API lets you integrate end-to-end encrypted messaging into your applications. Send text and media messages, manage conversations, receive real-time webhook events, and build customer-facing communication flows.
Authentication
All API requests require an API key passed in the Authorization header. You can generate API keys from your Aurogy Business Dashboard.
// Include in every request header Authorization: Bearer auro_live_sk_your_api_key_here
API keys come in two types:
- Live keys (
auro_live_sk_...) — for production traffic - Test keys (
auro_test_sk_...) — for development, messages are simulated
All requests must be made over HTTPS. Requests over plain HTTP will be rejected.
Send Text Message
Send an end-to-end encrypted text message to a recipient.
Request Body
| Parameter | Type | Description |
|---|---|---|
| torequired | string | Recipient phone hash or Aurogy ID |
| textrequired | string | Message body (max 4,096 characters) |
| reply_tooptional | string | Message ID to reply to |
| metadataoptional | object | Custom key-value pairs (max 10 keys, 256 chars each) |
Request
{
"to": "auro_usr_8f3k29d1a7",
"text": "Your order #4821 has been shipped!",
"metadata": {
"order_id": "4821",
"type": "shipping_notification"
}
}
Response
200 Message accepted
{
"id": "msg_a1b2c3d4e5f6",
"status": "queued",
"to": "auro_usr_8f3k29d1a7",
"created_at": "2026-04-13T14:30:00Z"
}
Send Media Message
Send an encrypted media message. The file is encrypted client-side, uploaded to IPFS, and the encrypted reference is delivered to the recipient.
Request Body
| Parameter | Type | Description |
|---|---|---|
| torequired | string | Recipient phone hash or Aurogy ID |
| media_urlrequired | string | URL of the media file to send (HTTPS only) |
| media_typerequired | string | MIME type: image/jpeg, image/png, video/mp4, audio/ogg, application/pdf |
| captionoptional | string | Caption text (max 1,024 characters) |
| filenameoptional | string | Display filename for documents |
Request
{
"to": "auro_usr_8f3k29d1a7",
"media_url": "https://cdn.example.com/invoice-4821.pdf",
"media_type": "application/pdf",
"caption": "Invoice for order #4821",
"filename": "invoice-4821.pdf"
}
Response
200 Message accepted
{
"id": "msg_f6e5d4c3b2a1",
"status": "queued",
"to": "auro_usr_8f3k29d1a7",
"media_cid": "bafybeigdyrzt5sfp7...",
"created_at": "2026-04-13T14:32:00Z"
}
Send Template Message
Send a pre-approved template message. Templates must be created and approved in the Business Dashboard before use.
Request Body
| Parameter | Type | Description |
|---|---|---|
| torequired | string | Recipient phone hash or Aurogy ID |
| templaterequired | string | Template name (e.g., order_confirmation) |
| languagerequired | string | Template language code (e.g., en) |
| variablesoptional | object | Key-value pairs for template placeholders |
Request
{
"to": "auro_usr_8f3k29d1a7",
"template": "order_confirmation",
"language": "en",
"variables": {
"customer_name": "Alex",
"order_id": "4821",
"delivery_date": "April 18, 2026"
}
}
Response
200 Message accepted
{
"id": "msg_t1e2m3p4l5a6",
"status": "queued",
"to": "auro_usr_8f3k29d1a7",
"template": "order_confirmation",
"created_at": "2026-04-13T14:35:00Z"
}
Get Message Status
Retrieve the delivery status of a previously sent message.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| message_idrequired | string | The message ID returned from a send request |
Response
200 Message found
{
"id": "msg_a1b2c3d4e5f6",
"status": "delivered",
"to": "auro_usr_8f3k29d1a7",
"created_at": "2026-04-13T14:30:00Z",
"delivered_at": "2026-04-13T14:30:02Z",
"read_at": null
}
Possible status values: queued, sent, delivered, read, failed
List Conversations
List all conversations for your business account, ordered by most recent activity.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| limitoptional | integer | Number of results (default: 20, max: 100) |
| cursoroptional | string | Pagination cursor from previous response |
| statusoptional | string | Filter: active, archived, all |
Response
200 Conversations list
{
"conversations": [
{
"id": "conv_x1y2z3",
"participant": "auro_usr_8f3k29d1a7",
"last_message_at": "2026-04-13T14:30:02Z",
"unread_count": 3,
"status": "active"
}
],
"next_cursor": "eyJsYXN0X2lkIjoiY29udl94...",
"has_more": true
}
Get / Update Profile
Retrieve your business profile information.
Response
200 Profile data
{
"id": "biz_a1b2c3d4",
"name": "Acme Corp",
"description": "Premium widgets and gadgets",
"avatar_url": "https://api.aurogy.com/v1/profile/avatar",
"verified": true,
"created_at": "2026-01-15T09:00:00Z"
}
Update your business profile. Only include fields you want to change.
Request Body
| Parameter | Type | Description |
|---|---|---|
| nameoptional | string | Business display name (max 128 chars) |
| descriptionoptional | string | Business description (max 512 chars) |
| avatar_urloptional | string | URL to new avatar image (HTTPS, max 5MB) |
Response
200 Profile updated
{
"id": "biz_a1b2c3d4",
"name": "Acme Corp",
"description": "Premium widgets, gadgets, and more",
"updated_at": "2026-04-13T15:00:00Z"
}
Webhook Events
Configure webhook URLs in your Business Dashboard to receive real-time notifications. All webhook payloads are signed with your webhook secret using HMAC-SHA256 in the X-Aurogy-Signature header.
Event Types
| Event | Description |
|---|---|
| message.received | A new message was received from a user |
| message.delivered | A sent message was delivered to the recipient's device |
| message.read | A sent message was read by the recipient |
| message.failed | A message failed to deliver |
| conversation.started | A user initiated a new conversation with your business |
| payment.received | An $AURO payment was received |
Webhook Payload Example
{
"event": "message.received",
"timestamp": "2026-04-13T14:45:00Z",
"data": {
"message_id": "msg_r1e2c3v4d5",
"conversation_id": "conv_x1y2z3",
"from": "auro_usr_8f3k29d1a7",
"type": "text",
"text": "When will my order arrive?",
"timestamp": "2026-04-13T14:44:58Z"
}
}
Verifying Signatures
// Node.js example const crypto = require('crypto'); function verifyWebhook(payload, signature, secret) { const expected = crypto .createHmac('sha256', secret) .update(payload) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(signature), Buffer.from(expected) ); }
Rate Limits
API requests are rate-limited per API key. Current limits:
| Endpoint | Limit | Window |
|---|---|---|
| POST /messages/* | 100 requests | Per minute |
| GET /messages/* | 300 requests | Per minute |
| GET /conversations | 60 requests | Per minute |
| PUT /profile | 10 requests | Per minute |
Rate limit information is returned in response headers:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 87 X-RateLimit-Reset: 1681395060
When rate limited, you will receive a 429 response with a Retry-After header indicating seconds to wait.
Error Codes
All errors follow a consistent format:
{
"error": {
"code": "invalid_recipient",
"message": "The recipient ID is not a valid Aurogy user.",
"status": 400
}
}
| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | invalid_request | Missing or invalid request parameters |
| 400 | invalid_recipient | Recipient ID does not exist or is not reachable |
| 400 | invalid_template | Template name not found or not approved |
| 400 | media_too_large | Media file exceeds the 100MB size limit |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | API key does not have permission for this action |
| 404 | not_found | Requested resource does not exist |
| 429 | rate_limited | Too many requests; retry after the indicated time |
| 500 | internal_error | Unexpected server error; contact support if persistent |
| 503 | service_unavailable | Service temporarily unavailable; retry with backoff |