Skip to main content

Surfaces

Channels
Knowledge Base
Live Chat

Connect

Integrations
Live Data
BYOK

Insights

Analytics
PricingAboutLog in
NebulaHex API · v1

Build on NebulaHex programmatically

Twelve REST endpoints for bot management, conversation queries, programmatic actions, and webhook subscriptions. Bearer-token auth via workspace API keys. Rate-limited per key. Events emit on every action so your other systems stay in sync.

Get an API keySee all endpoints ↓

Bearer-token auth · 60 req/min/key · HMAC-signed webhooks · CORS-friendly

curlNode.jsPython201 CREATED
# Send a programmatic reply into a live conversation
curl -X POST \
"https://nebulahex.com/api/v1/actions/send-message" \
-H "Authorization: Bearer nhx_sk_•••" \
-H "Content-Type: application/json" \
-d '{
"conversationId": "cnv_4a7b2",
"message": "Hi — Sarah from Support here."
}'
Customer sees the message in the same chat window. Bot pauses on this thread. Event message.sent fires to your webhook subscribers with channel: "api".
12 endpoints · v1 · liveBearer token auth
Jump to section

01

Quickstart

The NebulaHex API is a small, scoped REST surface for the operations your bots do every day — sending messages, capturing leads, resolving conversations, and subscribing your own systems to events as they happen. It runs against the same data and authorization model your dashboard does. Whatever your role in the workspace lets you do in the dashboard, the API key issued to you can do over HTTP.

Three steps to a working integration:

  1. Open your dashboard → Settings → API Keys, click New Key, name it, copy the full key value once (we don’t show it back to you after that).
  2. Send the key as a Bearer token in the Authorization header on every request.
  3. Hit GET /api/v1/auth/me to confirm the key works. The response contains your workspace identity.

Everything below is shipped and reachable today. We’re running v1 of the API; the version is part of every URL. When v2 arrives, v1 keeps working as-is.

02

Authentication

Authentication uses a Bearer token model. Every request must include:

HTTP header
Authorization: Bearer nhx_sk_•••••••••••••••••••••••••••••••••••

Where the key comes from.Workspace owners and admins can create keys from Settings → API Keys in the dashboard. Each key is scoped to one workspace, never crosses workspace boundaries, and is fully revocable from the same screen.

Reveal-once semantics. When a key is created, the dashboard shows the full nhx_sk_... value exactly once. If you lose it, revoke that key and create a new one. There is a one-time POST /api/v1/auth/keys/{keyId}/reveal escape hatch you can call programmatically right after key creation if your provisioning flow needs it.

Forensics. Every API-injected message and lead is stamped with the apiKeyId that produced it. If a key is ever compromised, you can trace exactly what it did before revocation.

03

Endpoints

Every endpoint is scoped to your workspace via the API key you authenticate with. Resources from other workspaces return 404— we don’t leak existence through errors.

Bots

Read your workspace’s bots. Used by integrations like Zapier for dynamic dropdown fields.

GET/api/v1/botsList all bots in your workspace

Conversations

Query conversation history scoped to your workspace.

GET/api/v1/conversationsList conversations with filters (botId, status, since)

Actions

Programmatically intervene in live conversations.

POST/api/v1/actions/send-messageInject a message into a conversation as your team
POST/api/v1/actions/create-leadRecord a lead capture from a conversation
POST/api/v1/actions/resolve-conversationMark a conversation resolved; bot resumes on next message

Webhooks

Subscribe your own endpoint to NebulaHex events.

GET/api/v1/hooksList your webhook subscriptions
POST/api/v1/hooksCreate a new webhook subscription
GET/api/v1/hooks/{hookId}Get one subscription’s details
DELETE/api/v1/hooks/{hookId}Remove a subscription

Triggers

Sample payloads for testing your webhook integration locally.

GET/api/v1/triggers/samplesGet example event payloads for every event type

Authentication

Manage API keys for your workspace.

GET/api/v1/auth/meReturn the workspace and key identity authenticating this request
GET/api/v1/auth/keysList your workspace’s API keys (metadata only)
POST/api/v1/auth/keysCreate a new API key
GET/api/v1/auth/keys/{keyId}Get one key’s metadata
POST/api/v1/auth/keys/{keyId}/revealReveal the full key value (one-time after creation)
DELETE/api/v1/auth/keys/{keyId}Revoke a key

The endpoint groups above cover the lifecycle most integrations need: read your bots and conversations, take programmatic action on live threads, subscribe to events, and manage your own access. The Actions group is where most production integrations spend their time — sending replies, capturing leads to your CRM, marking threads resolved when a downstream ticket gets closed.

04

Webhooks

Polling for state changes is a tax on both ends. Subscribe a webhook endpoint to NebulaHex events and we push events to you when they happen. Subscriptions are managed through POST /api/v1/hooks.

Every delivery is HMAC-signed with a secret you control. The signature is in the X-NebulaHex-Signatureheader. Verify it before processing — the signature is what proves the request came from us and nobody’s spoofing.

Available event types:

message.sentBot, widget, or API-injected message lands in a conversation

data: { conversationId, botId, sessionId, messageId, channel, confidenceScore, wasFallback, sentAt }

lead.capturedBot collected a lead during a conversation (email, name, phone)

data: { conversationId, botId, leadId, capturedFields, sessionId, capturedAt }

order.lookupBot resolved an order via Shopify or another live data source

data: { conversationId, botId, sessionId, orderId, lookupSource, lookedUpAt }

conversation.fallbackBot couldn’t answer and fell back to a generic response

data: { conversationId, botId, sessionId, lastMessage, confidenceScore, fellBackAt }

conversation.escalationConversation routed to your team (customer requested or bot unsure)

data: { conversationId, botId, sessionId, reason, transcript, escalatedAt }

Sample payloads. Hit GET /api/v1/triggers/samples to get an example payload for every event type. Useful for testing your webhook handler locally before flipping the real subscription on.

Retries. Failed deliveries (any non-2xx response, network error, or timeout) are retried with exponential backoff. After a delivery has failed enough times to indicate the endpoint is gone, the subscription is paused and surfaced in the dashboard for you to fix.

05

Rate limits & CORS

Every endpoint is rate-limited per API key on a 60-second sliding window. The default ceiling is 60 requests per minute per key. Hit the limit and you get a 429 with a Retry-After header in seconds. Wait, retry.

If your production workload is consistently hitting the ceiling, you can either parallelize across multiple API keys (each key has its own bucket) or contact us about a higher limit on your account.

CORS. Every endpoint responds to OPTIONS preflight requests with the headers you need to call from a browser. The Authorization header is allowed; standard content types are accepted.

06

Code examples

Three patterns that cover most production usage.

List bots in your workspace (curl)

bash
# GET /api/v1/bots
curl https://nebulahex.com/api/v1/bots \
  -H "Authorization: Bearer $NEBULAHEX_API_KEY"

# Response
{
  "bots": [
    {
      "id": "bot_4a7b2",
      "name": "Help center bot",
      "isActive": true,
      "createdAt": "2026-03-14T09:21:47Z"
    }
  ]
}

Subscribe a webhook (Node.js)

javascript
// Listen for escalations on your own URL
const res = await fetch("https://nebulahex.com/api/v1/hooks", {
  method: "POST",
  headers: {
    "Authorization": `Bearer $${process.env.NEBULAHEX_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    event: "conversation.escalation",
    targetUrl: "https://yourapp.com/hooks/nebulahex"
  })
});

const { hookId, signingSecret } = await res.json();
// Store signingSecret server-side — we won’t show it again.

Inject a message and resolve a conversation (curl)

bash
# Step 1: Send a reply as your team
curl -X POST \
  https://nebulahex.com/api/v1/actions/send-message \
  -H "Authorization: Bearer $NEBULAHEX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"conversationId":"cnv_4a7b2", "message":"Refund processed, you’ll see it in 3 business days."}'

# Step 2: Mark the conversation resolved so the bot takes over next message
curl -X POST \
  https://nebulahex.com/api/v1/actions/resolve-conversation \
  -H "Authorization: Bearer $NEBULAHEX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"conversationId":"cnv_4a7b2"}'

07

Status & reference docs

Everything documented here is shipped and reachable today. We’re running v1 of the API and committed to backward compatibility within v1 — new fields may be added to responses, but existing fields and shapes won’t change without a major version bump.

Reference docs (OpenAPI / Swagger) are in progress.Until they ship, this page covers the surface most integrations need; for endpoint-level field details we haven’t documented yet, the easiest path is to call the endpoint against a test workspace and inspect the response. Reach us via the contact form if you hit a blocker.

Get an API key. Start building.

The Free plan includes API access. Build a working integration against a test bot, then upgrade when you’re ready to push real volume through it.

Build your bot for freeNeed higher limits? Contact us →