Developer API · v1
Build on CAAC Go
Send WhatsApp messages and generate AI replies from your own apps. The API is REST over HTTPS, JSON in and out, authenticated with a workspace API key.
Base URL & authentication
All requests go to the base URL below. Pass your key (created under Settings → API keys) in the Authorization header. Keep it secret — it grants access to your workspace.
Base URL https://caacgo.cresclab.com
Header Authorization: Bearer cwa_your_keyEndpoints
/api/v1/meVerify a key and return the workspace it belongs to.
curl https://caacgo.cresclab.com/api/v1/me \
-H "Authorization: Bearer cwa_your_key"Response
{ "ok": true, "workspace": { "id": "…", "name": "Glow Skin Clinic", "plan": "trial" } }/api/v1/messagesSend a WhatsApp text message. Subject to WhatsApp's 24-hour customer-care window and template rules for proactive sends.
curl -X POST https://caacgo.cresclab.com/api/v1/messages \
-H "Authorization: Bearer cwa_your_key" \
-H "Content-Type: application/json" \
-d '{"to":"+5511988887777","text":"Hi! Thanks for reaching out 👋"}'Response
{ "ok": true }/api/v1/ai/replyGenerate an AI reply from your business content. Pass url to read answers from a website, or context with raw text.
curl -X POST https://caacgo.cresclab.com/api/v1/ai/reply \
-H "Authorization: Bearer cwa_your_key" \
-H "Content-Type: application/json" \
-d '{"message":"How much is a haircut?","url":"https://your-site.com"}'Response
{ "reply": "A men's haircut is $30 and takes about 30 minutes — want me to book you in?" }Webhooks
Get notified when things happen in your workspace. Add an endpoint in Settings → Webhooks and we’ll POST a signed JSON body to it when these events fire:
message.received— A visitor sent a message to your agent.conversation.escalated— The AI flagged a conversation for a human to follow up.contact.created— A new contact / lead was captured.lead.captured— The AI saved a visitor as a lead (the money event).appointment.requested— The AI recorded a booking request for your team to confirm.
Delivery
POST https://yourapp.com/webhooks/caac
Content-Type: application/json
X-CAAC-Event: message.received
X-CAAC-Signature: <hex HMAC-SHA256 of the raw body, keyed with your signing secret>
{
"id": "5f1c…",
"event": "message.received",
"createdAt": "2026-06-23T08:00:00.000Z",
"data": {
"conversationId": "…", "contactId": "…",
"channelType": "web", "body": "Hi! Do you ship overseas?",
"contact": { "name": null, "phone": null, "externalId": "…" }
}
}More payloads
// lead.captured — the money event
{ "event": "lead.captured", "data": {
"conversationId": "…", "contactId": "…",
"name": "Alex Tan", "email": "alex@example.com",
"phone": "+6591234567", "interest": "pricing"
} }
// appointment.requested
{ "event": "appointment.requested", "data": {
"conversationId": "…", "contactId": "…",
"service": "Consultation", "preferredTime": "Fri 3pm",
"name": "Alex Tan", "phone": "+6591234567"
} }Verify the signature (Node)
import crypto from "node:crypto";
const signature = req.headers["x-caac-signature"];
const expected = crypto.createHmac("sha256", WEBHOOK_SIGNING_SECRET)
.update(rawBody) // the exact raw request body string
.digest("hex");
const ok = signature.length === expected.length &&
crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));Respond 2xx to acknowledge. The last delivery status is shown next to each endpoint, and you can send a test event from the Webhooks page.
Errors
Errors return the matching HTTP status with a JSON body: { "error": "…" }
| Status | Meaning |
|---|---|
| 400 | Invalid or missing parameters. |
| 401 | Missing or invalid API key. |
| 422 | Could not read the provided URL. |
| 502 | Upstream WhatsApp or AI call failed. |
OpenAPI spec
Import the full machine-readable spec into Postman, Insomnia or Swagger UI:
/api/v1/openapi.jsonReady to start? Create your API key →