openapi: 3.0.1 info: title: Signal Server API license: name: AGPL-3.0-only url: https://www.gnu.org/licenses/agpl-3.0.txt servers: - url: https://chat.signal.org description: Production service - url: https://chat.staging.signal.org description: Staging service paths: /v1/accounts/account/{identifier}: head: tags: - Account summary: Check whether an account exists description: | Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists. operationId: accountExists parameters: - name: identifier in: path description: An ACI or PNI account identifier to check required: true schema: $ref: '#/components/schemas/ServiceIdentifier' responses: "200": description: An account with the given identifier was found. "400": description: Request must not be authenticated. "404": description: An account was not found for the given identifier. "422": description: Invalid request format. "429": description: Rate-limited. security: - authenticatedAccount: [] - {} /v1/accounts/username_hash/confirm: put: tags: - Account summary: Confirm username hash description: | Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken by this account. operationId: confirmUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmUsernameHashRequest' required: true responses: "200": description: Username hash confirmed successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameHashResponse' "401": description: Account authentication check failed. "409": description: Given username hash doesn't match the reserved one or no reservation found. "410": description: Username hash not available (username can't be used). "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/me: get: tags: - Account operationId: getMe responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' deprecated: true security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteAccount responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/apn: put: tags: - Account operationId: setApnRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/ApnRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteApnRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/gcm: put: tags: - Account operationId: setGcmRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/GcmRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteGcmRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash: delete: tags: - Account summary: Delete username hash description: | Authenticated endpoint. Deletes previously stored username for the account. operationId: deleteUsernameHash responses: "204": description: Username successfully deleted. "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/accounts/username_link: put: tags: - Account summary: Set username link description: | Authenticated endpoint. For the given encrypted username generates a username link handle. The username link handle can be used to lookup the encrypted username. An account can only have one username link at a time; this endpoint overwrites the previous encrypted username if there was one. operationId: updateUsernameLink requestBody: content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' required: true responses: "200": description: Username Link updated successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameLinkHandle' "401": description: Account authentication check failed. "409": description: Username is not set for the account. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] delete: tags: - Account summary: Delete username link description: | Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted and username link handle is deactivated. operationId: deleteUsernameLink responses: "204": description: Username Link successfully deleted. "401": description: Account authentication check failed. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/turn: get: tags: - Account operationId: getTurnToken responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/TurnToken' deprecated: true security: - authenticatedAccount: [] /v1/accounts/username_hash/{usernameHash}: get: tags: - Account summary: Lookup username hash description: | Forced unauthenticated endpoint. For the given username hash, look up a user ID. operationId: lookupUsernameHash parameters: - name: usernameHash in: path required: true schema: type: string responses: "200": description: Account found for the given username. content: application/json: schema: $ref: '#/components/schemas/AccountIdentifierResponse' "400": description: Request must not be authenticated. "404": description: Account not found for the given username. security: - authenticatedAccount: [] - {} /v1/accounts/username_link/{uuid}: get: tags: - Account summary: Lookup username link description: | Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username. If found, encrypted username is returned, otherwise responds with 404 Not Found. operationId: lookupUsernameLink parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: "200": description: Username link with the given handle was found. content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' "400": description: Request must not be authenticated. "404": description: Username link was not found for the given handle. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] - {} /v1/accounts/registration_lock: put: tags: - Account operationId: setRegistrationLock requestBody: content: '*/*': schema: $ref: '#/components/schemas/RegistrationLock' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: removeRegistrationLock responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash/reserve: put: tags: - Account summary: Reserve username hash description: | Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken, and reserves it for the current account. operationId: reserveUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashRequest' required: true responses: "200": description: Username hash reserved successfully. content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashResponse' "401": description: Account authentication check failed. "409": description: All username hashes from the list are taken. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/attributes: put: tags: - Account operationId: setAccountAttributes parameters: - name: X-Signal-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/accounts/name: put: tags: - Account operationId: setName requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceName' required: true responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/whoami: get: tags: - Account operationId: whoAmI responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' security: - authenticatedAccount: [] /v2/accounts/number: put: tags: - Account summary: Change number description: Changes a phone number for an existing account. operationId: changeNumber parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangeNumberRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: Verification failed for the provided Registration Recovery Password "409": description: Mismatched number of devices or device ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: Mismatched registration ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/StaleDevices' "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v2/accounts/phone_number_identity_key_distribution: put: tags: - Account summary: Set phone-number identity keys description: Updates key material for the phone-number identity for all devices and sends a synchronization message to companion devices operationId: distributePhoneNumberIdentityKeys parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest' required: true responses: "200": description: Indicates the transaction was successful and returns basic information about this account. content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: This endpoint can only be invoked from the account's primary device. "422": description: The request body failed validation. "409": description: The set of devices specified in the request does not match the set of devices active on the account. content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: The registration IDs provided for some devices do not match those stored on the server. content: application/json: schema: $ref: '#/components/schemas/StaleDevices' security: - authenticatedAccount: [] /v2/accounts/data_report: get: tags: - Account summary: Produces a report of non-ephemeral account data stored by the service operationId: getAccountDataReport responses: "200": description: Response with data report. A plain text representation is a field in the response. content: application/json: schema: $ref: '#/components/schemas/AccountDataReportResponse' security: - authenticatedAccount: [] /v2/accounts/phone_number_discoverability: put: tags: - Account operationId: setPhoneNumberDiscoverability requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/archives/upload/form: get: tags: - Archive summary: Fetch message backup upload form description: Retrieve an upload form that can be used to perform a resumable upload of a message backup. operationId: backup parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/MessageBackupResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives: get: tags: - Archive summary: Fetch backup info description: Retrieve information about the currently stored backup operationId: backupInfo parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupInfoResponse' "404": description: No existing backups found "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} post: tags: - Archive summary: Refresh backup description: | Indicate that this backup is still active. Clients must periodically upload new backups or perform a refresh via a POST request. If a backup is not refreshed, after 30 days it may be deleted. operationId: refresh parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "204": description: The backup was successfully refreshed "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media/batch: put: tags: - Archive summary: Batched backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original already encrypted attachment will be encrypted with the provided key material before being copied If the batch request is processed at all, a 207 will be returned and the outcome of each constituent copy will be provided as a separate entry in the response. operationId: copyMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchRequest' required: true responses: "207": description: | The request was processed and each operation's outcome must be inspected individually. This does NOT necessarily indicate the operation was a success. content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchResponse' "413": description: All media capacity has been consumed. Free some space to continue. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media: get: tags: - Archive summary: List media objects description: | Retrieve a list of media objects stored for this backup-id. A client may have previously stored media objects that are no longer referenced in their current backup. To reclaim storage space used by these orphaned objects, perform a list operation and remove any unreferenced media objects via DELETE /v1/backups/. operationId: listMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string - name: cursor in: query description: A cursor returned by a previous call schema: type: string - name: limit in: query description: The number of entries to return per call schema: type: integer format: int32 responses: "200": content: application/json: schema: $ref: '#/components/schemas/ListResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation security: - authenticatedAccount: [] - {} put: tags: - Archive summary: Backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original, already encrypted, attachment will be encrypted with the provided key material before being copied. A particular destination media id should not be reused with a different source media id or different encryption parameters. operationId: copyMedia_1 parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaRequest' required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/CopyMediaResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "413": description: All media capacity has been consumed. Free some space to continue. "410": description: The source object was not found. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation security: - authenticatedAccount: [] - {} /v1/archives/media/delete: post: tags: - Archive summary: Delete media objects description: Delete media objects stored with this backup-id operationId: deleteMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeleteMedia' required: true responses: "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/auth: get: tags: - Archive summary: 'Fetch ZK credentials ' description: | After setting a blinded backup-id with PUT /v1/archives/, this fetches credentials that can be used to perform operations against that backup-id. Clients may (and should) request up to 7 days of credentials at a time. The redemptionStart and redemptionEnd seconds must be UTC day aligned, and must not span more than 7 days. operationId: getBackupZKCredentials parameters: - name: redemptionStartSeconds in: query required: true schema: type: integer format: int64 - name: redemptionEndSeconds in: query required: true schema: type: integer format: int64 responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupAuthCredentialsResponse' "400": description: The start/end did not meet alignment/duration requirements "404": description: Could not find an existing blinded backup id "429": description: Rate limited. security: - authenticatedAccount: [] /v1/archives/auth/read: get: tags: - Archive summary: Get CDN read credentials description: Retrieve credentials used to read objects stored on the backup cdn operationId: readAuth parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/ReadAuthResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/backupid: put: tags: - Archive summary: Set backup id description: | Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated using /v1/archives/auth. The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret. operationId: setBackupId requestBody: content: application/json: schema: $ref: '#/components/schemas/SetBackupIdRequest' required: true responses: "204": description: The backup-id was set "400": description: The provided backup auth credential request was invalid "429": description: Rate limited. Too many attempts to change the backup-id have been made security: - authenticatedAccount: [] /v1/archives/keys: put: tags: - Archive summary: Set public key description: | Permanently set the public key of an ED25519 key-pair for the backup-id. All requests that provide a anonymous BackupAuthCredentialPresentation (including this one!) must also sign the presentation with the private key corresponding to the provided public key. operationId: setPublicKey parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SetPublicKeyRequest' required: true responses: "204": description: The public key was set "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/art/auth: get: tags: - Art operationId: getAuth responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/attachments/form/upload: get: tags: - Attachments operationId: getAttachmentUploadForm parameters: - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV2' security: - authenticatedAccount: [] /v3/attachments/form/upload: get: tags: - Attachments operationId: getAttachmentUploadForm_1 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' security: - authenticatedAccount: [] /v4/attachments/form/upload: get: tags: - Attachments summary: Get an upload form description: | Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number indicating what protocol should be used to perform the upload. operationId: getAttachmentUploadForm_2 responses: "200": description: "Success, response body includes upload form" content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/call-link/create-auth: post: tags: - CallLink summary: Generate a credential for creating call links description: | Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge group infrastructure, the server does not know the room ID. operationId: getCreateAuth requestBody: content: '*/*': schema: $ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest' required: true responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/CreateCallLinkCredential' "400": description: Invalid create call link credential request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/calling/relays: get: tags: - Calling summary: Get 1:1 calling relay options for the client description: | Get 1:1 relay addresses in IpV4, Ipv6, and URL formats. operationId: getCallingRelays responses: "200": description: '`JSON` with call endpoints.' content: application/json: schema: $ref: '#/components/schemas/TurnToken' "400": description: Invalid get call endpoint request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/certificate/delivery: get: tags: - Certificate operationId: getDeliveryCertificate parameters: - name: includeE164 in: query schema: type: boolean default: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeliveryCertificate' security: - authenticatedAccount: [] /v1/certificate/auth/group: get: tags: - Certificate operationId: getGroupAuthenticationCredentials parameters: - name: redemptionStartSeconds in: query schema: type: integer format: int64 - name: redemptionEndSeconds in: query schema: type: integer format: int64 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/GroupCredentials' security: - authenticatedAccount: [] /v1/challenge: put: tags: - Challenge summary: Submit proof of a challenge completion description: | Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing. Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then continue their original operation. operationId: handleChallengeResponse parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/AnswerPushChallengeRequest' - $ref: '#/components/schemas/AnswerCaptchaChallengeRequest' responses: "200": description: Indicates the challenge proof was accepted "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/challenge/push: post: tags: - Challenge summary: Request a push challenge description: | Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be sent to the requesting account’s main device. When the push is received it may be provided as proof of completed challenge to /v1/challenge. APNs challenge payloads will be formatted as follows: ``` { "aps": { "sound": "default", "alert": { "loc-key": "APN_Message" } }, "rateLimitChallenge": "{CHALLENGE_TOKEN}" } ``` FCM challenge payloads will be formatted as follows: ``` {"rateLimitChallenge": "{CHALLENGE_TOKEN}"} ``` Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must implement an exponential back-off system and limit the total number of retries. operationId: requestPushChallenge responses: "200": description: | Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push notification, they may issue a PUT request to /v1/challenge. "404": description: | The server does not have a push notification token for the authenticated account’s main device; clients may add a push token and try again "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devices/provisioning/code: get: tags: - Devices operationId: createDeviceToken responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationCode' security: - authenticatedAccount: [] /v1/devices: get: tags: - Devices operationId: getDevices responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeviceInfoList' security: - authenticatedAccount: [] /v1/devices/link: put: tags: - Devices summary: Link a device to an account description: | Links a device to an account identified by a given phone number. operationId: linkDevice parameters: - name: Authorization in: header schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkDeviceRequest' required: true responses: "200": description: The new device was linked to the calling account content: application/json: schema: $ref: '#/components/schemas/DeviceResponse' "403": description: The given account was not found or the given verification code was incorrect "411": description: The given account already has its maximum number of linked devices "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/devices/{device_id}: delete: tags: - Devices operationId: removeDevice parameters: - name: device_id in: path required: true schema: type: string format: byte responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/capabilities: put: tags: - Devices operationId: setCapabilities requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceCapabilities' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/unauthenticated_delivery: put: tags: - Devices operationId: setUnauthenticatedDelivery responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v2/directory/auth: get: tags: - Directory operationId: getAuthToken responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/donation/redeem-receipt: post: tags: - Donations operationId: redeemReceipt requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemReceiptRequest' required: true responses: default: description: default response content: application/json: {} text/plain: {} security: - authenticatedAccount: [] /v1/keepalive: get: tags: - Keep Alive operationId: getKeepAlive requestBody: content: '*/*': schema: $ref: '#/components/schemas/WebSocketSessionContext' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] - {} /v1/keepalive/provisioning: get: tags: - Keep Alive operationId: getProvisioningKeepAlive responses: default: description: default response content: '*/*': {} /v2/keys/check: post: tags: - Keys summary: Check keys description: | Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients submit a digest of their repeated-use key material. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) operationId: checkKeys parameters: - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that client and server have consistent views of repeated-use keys "401": description: Account authentication check failed "409": description: |2 Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could not be found "422": description: Invalid request format security: - authenticatedAccount: [] /v2/keys/{identifier}/{device_id}: get: tags: - Keys summary: Fetch public keys for another user description: Retrieves the public identity key and available device prekeys for a specified account or phone-number identity operationId: getDeviceKeys parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path description: the account or phone-number identifier to retrieve keys for required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: device_id in: path description: "the device id of a single device to retrieve prekeys for, or\ \ `*` for all enabled devices" required: true schema: type: string - name: User-Agent in: header schema: type: string responses: "200": description: Indicates at least one prekey was available for at least one requested device. content: application/json: schema: $ref: '#/components/schemas/PreKeyResponse' "401": description: Account authentication check failed and unidentified-access key was not supplied or invalid. "404": description: "Requested identity or device does not exist, is not active,\ \ or has no available prekeys." "429": description: Rate limit exceeded. headers: Retry-After: description: "If present, a positive integer indicating the number of\ \ seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] - {} /v2/keys: get: tags: - Keys summary: Get prekey count description: Gets the number of one-time prekeys uploaded for this device and still available operationId: getStatus parameters: - name: identity in: query schema: type: string default: aci enum: - ACI - PNI responses: "200": description: Body contains the number of available one-time prekeys for the device. content: application/json: schema: $ref: '#/components/schemas/PreKeyCount' "401": description: Account authentication check failed. security: - authenticatedAccount: [] put: tags: - Keys summary: Upload new prekeys description: Upload new pre-keys for this device. operationId: setKeys parameters: - name: identity in: query allowEmptyValue: true schema: type: string description: whether this operation applies to the account (aci) or phone-number (pni) identity default: aci enum: - ACI - PNI - aci - pni - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that new keys were successfully stored. "401": description: Account authentication check failed. "403": description: Attempt to change identity key from a non-primary device. "422": description: Invalid request format. security: - authenticatedAccount: [] /v2/keys/signed: put: tags: - Keys summary: Upload a new signed prekey description: |2 Upload a new signed elliptic-curve prekey for this device. Deprecated; use PUT /v2/keys instead. operationId: setSignedKey parameters: - name: User-Agent in: header schema: type: string - name: identity in: query schema: type: string default: aci enum: - ACI - PNI requestBody: content: application/json: schema: $ref: '#/components/schemas/ECSignedPreKey' responses: "200": description: Indicates that new prekey was successfully stored. "401": description: Account authentication check failed. "422": description: Invalid request format. deprecated: true security: - authenticatedAccount: [] /v1/messages: get: tags: - Messages operationId: getPendingMessages parameters: - name: X-Signal-Receive-Stories in: header schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] /v1/messages/uuid/{uuid}: delete: tags: - Messages operationId: removePendingMessage parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/report/{source}/{messageGuid}: post: tags: - Messages operationId: reportSpamMessage parameters: - name: source in: path required: true schema: type: string - name: messageGuid in: path required: true schema: type: string format: uuid - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SpamReport' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/{destination}: put: tags: - Messages operationId: sendMessage parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: User-Agent in: header schema: type: string - name: destination in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: story in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/IncomingMessageList' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} /v1/messages/multi_recipient: put: tags: - Messages summary: Send multi-recipient sealed-sender message description: | Deliver a common-payload message to multiple recipients. An unidentifed-access key for all recipients must be provided, unless the message is a story. operationId: sendMultiRecipientMessage parameters: - name: Unidentified-Access-Key in: header description: The bitwise xor of the unidentified access keys for every recipient of the message. Will be replaced with group send credentials schema: $ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys' - name: Group-Send-Credential in: header description: A group send credential covering all (included and excluded) recipients of the message. Must not be combined with `Unidentified-Access-Key` or set on a story message. schema: $ref: '#/components/schemas/GroupSendCredentialHeader' - name: User-Agent in: header schema: type: string - name: online in: query description: "If true, deliver the message only to recipients that are online\ \ when it is sent" schema: type: boolean - name: ts in: query description: The sender's timestamp for the envelope schema: type: integer format: int64 - name: urgent in: query description: "If true, this message should cause push notifications to be\ \ sent to recipients" schema: type: boolean default: true - name: story in: query description: "If true, the message is a story; access tokens are not checked\ \ and sending to nonexistent recipients is permitted" schema: type: boolean requestBody: description: The sealed-sender multi-recipient message payload as serialized by libsignal content: application/vnd.signal-messenger.mrm: schema: $ref: '#/components/schemas/SealedSenderMultiRecipientMessage' required: true responses: "200": description: Message was successfully sent to all recipients "400": description: The envelope specified delivery to the same recipient device multiple times "401": description: The message is not a story and the unauthorized access key or group send credential is missing or incorrect "404": description: The message is not a story and some of the recipient service IDs do not correspond to registered Signal users "409": description: Incorrect set of devices supplied for some recipients content: application/json: schema: type: string "410": description: Mismatched registration ids supplied for some recipient devices content: application/json: schema: type: string /v1/payments/auth: get: tags: - Payments operationId: getAuth_1 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v1/payments/conversions: get: tags: - Payments operationId: getConversions responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CurrencyConversionEntityList' security: - authenticatedAccount: [] /v1/profile/{identifier}/{version}: get: tags: - Profile operationId: getProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VersionedProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}/{version}/{credentialRequest}: get: tags: - Profile operationId: getProfile_1 parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string - name: credentialRequest in: path required: true schema: type: string - name: credentialType in: query schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CredentialProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}: get: tags: - Profile operationId: getUnversionedProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: User-Agent in: header schema: type: string - name: identifier in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: ca in: query schema: type: boolean responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BaseProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/identity_check/batch: post: tags: - Profile operationId: runBatchIdentityCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckResponse' /v1/profile: put: tags: - Profile operationId: setProfile requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateProfileRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/provisioning/{destination}: put: tags: - Provisioning operationId: sendProvisioningMessage parameters: - name: destination in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ProvisioningMessage' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/registration: post: tags: - Registration summary: Registers an account description: "Registers a new account or attempts to “re-register” an existing\ \ account. It is expected that a well-behaved client\ncould make up to three\ \ consecutive calls to this API:\n1. gets 423 from existing registration lock\ \ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n" operationId: register parameters: - name: Authorization in: header required: true schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: X-Signal-Agent in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistrationRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "403": description: Verification failed for the provided Registration Recovery Password "409": description: "The caller has not explicitly elected to skip transferring\ \ data from another device, but a device transfer is technically possible" "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/config: get: tags: - Remote Config operationId: getAll responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/UserRemoteConfigList' security: - authenticatedAccount: [] /v1/storage/auth: get: tags: - Secure Storage operationId: getAuth_2 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR2 credentials description: | Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2. operationId: authCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponse' "422": description: Provided list of SVR2 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v2/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR2 description: | Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_3 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v3/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR3 credentials description: | Over time, clients may wind up with multiple sets of SVR3 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR3 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR3. operationId: authCheck_1 requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponse' "422": description: Provided list of SVR3 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v3/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR3 description: | Generate SVR3 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_4 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/sticker/pack/form/{count}: get: tags: - Stickers operationId: getStickersForm parameters: - name: count in: path required: true schema: maximum: 201 minimum: 1 type: integer format: int32 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/StickerPackFormUploadAttributes' security: - authenticatedAccount: [] /v1/subscription/boost/paypal/confirm: post: tags: - Subscriptions operationId: confirmPayPalBoost requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmPayPalBoostRequest' required: true responses: default: description: default response content: application/json: {} /v1/subscription/boost/create: post: tags: - Subscriptions operationId: createBoostPaymentIntent requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostRequest' required: true responses: default: description: default response content: application/json: {} /v1/subscription/boost/receipt_credentials: post: tags: - Subscriptions operationId: createBoostReceiptCredentials parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: {} /v1/subscription/boost/paypal/create: post: tags: - Subscriptions operationId: createPayPalBoost requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBoostRequest' required: true responses: default: description: default response content: application/json: {} /v1/subscription/{subscriberId}/create_payment_method/paypal: post: tags: - Subscriptions operationId: createPayPalPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBillingAgreementRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/create_payment_method: post: tags: - Subscriptions operationId: createPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: type in: query schema: type: string default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/receipt_credentials: post: tags: - Subscriptions operationId: createSubscriptionReceiptCredentials parameters: - name: User-Agent in: header schema: type: string - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/GetReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}: get: tags: - Subscriptions operationId: getSubscriptionInformation parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} put: tags: - Subscriptions operationId: updateSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} delete: tags: - Subscriptions operationId: deleteSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} /v1/subscription/bank_mandate/{bankTransferType}: get: tags: - Subscriptions operationId: getBankMandate parameters: - name: bankTransferType in: path required: true schema: type: string enum: - SEPA_DEBIT responses: default: description: default response content: application/json: {} /v1/subscription/boost/badges: get: tags: - Subscriptions operationId: getBoostBadges responses: default: description: default response content: application/json: {} deprecated: true /v1/subscription/configuration: get: tags: - Subscriptions operationId: getConfiguration responses: default: description: default response content: application/json: {} /v1/subscription/{subscriberId}/default_payment_method/{paymentMethodId}: post: tags: - Subscriptions operationId: setDefaultPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: paymentMethodId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean deprecated: true security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodForIdeal parameters: - name: subscriberId in: path required: true schema: type: string - name: setupIntentId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodWithProcessor parameters: - name: subscriberId in: path required: true schema: type: string - name: processor in: path required: true schema: type: string enum: - STRIPE - BRAINTREE - name: paymentMethodToken in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}: put: tags: - Subscriptions operationId: setSubscriptionLevel parameters: - name: subscriberId in: path required: true schema: type: string - name: level in: path required: true schema: type: integer format: int64 - name: currency in: path required: true schema: type: string - name: idempotencyKey in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/verification/session: post: tags: - Verification operationId: createSession requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}: get: tags: - Verification operationId: getSession parameters: - name: sessionId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' patch: tags: - Verification operationId: updateSession parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}/code: put: tags: - Verification operationId: verifyCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubmitVerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' post: tags: - Verification operationId: requestVerificationCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string - name: Accept-Language in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/VerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' components: schemas: AciServiceIdentifier: type: string description: An identifier for an account based on the account's ACI allOf: - $ref: '#/components/schemas/ServiceIdentifier' PniServiceIdentifier: type: string description: An identifier for an account based on the account's phone number identifier (PNI) allOf: - $ref: '#/components/schemas/ServiceIdentifier' ServiceIdentifier: type: object description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UsernameHashResponse: type: object properties: usernameHash: type: string description: "The hash of the confirmed username, as supplied in the request" usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username ConfirmUsernameHashRequest: required: - zkProof type: object properties: usernameHash: type: array items: type: string format: byte zkProof: type: array items: type: string format: byte encryptedUsername: maxLength: 128 minLength: 1 type: string description: The url-safe base64-encoded encrypted username to be stored for username links AccountIdentityResponse: type: object properties: uuid: type: string description: the account identifier for this account format: uuid number: type: string description: the phone number associated with this account pni: type: string description: the account identifier for this account's phone-number identity format: uuid usernameHash: type: array description: "a hash of this account's username, if set" items: type: string description: "a hash of this account's username, if set" format: byte storageCapable: type: boolean description: whether any of this account's devices support storage TurnToken: type: object properties: username: type: string password: type: string urls: type: array items: type: string urlsWithIps: type: array items: type: string hostname: type: string AccountIdentifierResponse: required: - uuid type: object properties: uuid: type: string description: An identifier for an account based on the account's ACI EncryptedUsername: required: - usernameLinkEncryptedValue type: object properties: usernameLinkEncryptedValue: maxLength: 128 minLength: 1 type: string description: the URL-safe base64 encoding of the encrypted username keepLinkHandle: type: boolean description: "if set and the account already has an encrypted-username link\ \ handle, reuse the same link handle rather than generating a new one.\ \ The response will still have the link handle." ReserveUsernameHashResponse: type: object properties: usernameHash: type: array items: type: string format: byte ReserveUsernameHashRequest: required: - usernameHashes type: object properties: usernameHashes: maxItems: 20 minItems: 1 type: array items: type: array items: type: string format: byte AccountAttributes: type: object properties: fetchesMessages: type: boolean registrationId: type: integer format: int32 name: maxItems: 225 minItems: 0 type: array items: type: string format: byte registrationLock: type: string unidentifiedAccessKey: type: array items: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/DeviceCapabilities' discoverableByPhoneNumber: type: boolean recoveryPassword: type: array items: type: string format: byte eachRegistrationIdValid: type: boolean pniRegistrationId: type: integer format: int32 DeviceCapabilities: type: object properties: storage: type: boolean transfer: type: boolean paymentActivation: type: boolean ApnRegistrationId: required: - apnRegistrationId type: object properties: apnRegistrationId: type: string voipRegistrationId: type: string description: | An APNs token set for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. GcmRegistrationId: required: - gcmRegistrationId type: object properties: gcmRegistrationId: type: string description: | An FCM/GCM token for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. DeviceName: required: - deviceName type: object properties: deviceName: maxItems: 225 minItems: 0 type: array items: type: string format: byte RegistrationLock: required: - registrationLock type: object properties: registrationLock: maxLength: 64 minLength: 64 type: string UsernameLinkHandle: required: - usernameLinkHandle type: object properties: usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username format: uuid MismatchedDevices: type: object properties: missingDevices: type: array description: Devices present on the account but absent in the request items: type: string description: Devices present on the account but absent in the request format: byte extraDevices: type: array description: Devices absent on the request but present in the account items: type: string description: Devices absent on the request but present in the account format: byte StaleDevices: type: object properties: staleDevices: type: array description: Devices that are no longer active items: type: string description: Devices that are no longer active format: byte ExternalServiceCredentials: type: object properties: username: type: string password: type: string RegistrationLockFailure: type: object properties: timeRemaining: type: integer description: Time remaining in milliseconds before the existing registration lock expires format: int64 svr2Credentials: $ref: '#/components/schemas/ExternalServiceCredentials' description: A token provided to the client via a push payload ChangeNumberRequest: required: - deviceMessages - devicePniSignedPrekeys - number - pniIdentityKey - pniRegistrationIds type: object properties: reglock: type: string description: "the registration lock password for the new phone number, if\ \ necessary" sessionId: type: string description: |- A session ID from registration service, if using session id to authenticate this request. Must not be combined with `recoveryPassword`. recoveryPassword: type: string description: |- The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request. Must not be combined with `sessionId`. number: type: string description: the new phone number for this account pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: |- A list of synchronization messages to send to companion devices to supply the private keysManager associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" format: int32 description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" eachPniRegistrationIdValid: type: boolean valid: type: boolean ECPublicKey: type: object properties: type: type: integer format: int32 publicKeyBytes: type: array items: type: string format: byte ECSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed EC pre-key to be associated with this account's PNI. IdentityKey: type: object properties: publicKey: $ref: '#/components/schemas/ECPublicKey' fingerprint: type: string description: | The PNI-associated identity key for the account, encoded as a base64 string. IncomingMessage: type: object properties: type: type: integer format: int32 destinationDeviceId: type: string format: byte destinationRegistrationId: type: integer format: int32 content: type: string KEMSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents a single-use or last-resort key, but another party should *not* be able to tell. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI. PhoneNumberIdentityKeyDistributionRequest: required: - deviceMessages - devicePniSignedPrekeys - pniIdentityKey - pniRegistrationIds type: object properties: pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: | A list of synchronization messages to send to companion devices to supply the private keys associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." format: int32 description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." AccountAndDevicesDataReport: type: object properties: account: $ref: '#/components/schemas/AccountDataReport' devices: type: array items: $ref: '#/components/schemas/DeviceDataReport' AccountDataReport: type: object properties: phoneNumber: type: string badges: type: array items: $ref: '#/components/schemas/BadgeDataReport' allowSealedSenderFromAnyone: type: boolean findAccountByPhoneNumber: type: boolean AccountDataReportResponse: type: object properties: reportId: type: string format: uuid reportTimestamp: type: string format: date-time data: $ref: '#/components/schemas/AccountAndDevicesDataReport' text: type: string description: A plaintext representation of the data report BadgeDataReport: type: object properties: id: type: string expiration: type: string format: date-time visible: type: boolean DeviceDataReport: type: object properties: id: type: string format: byte lastSeen: type: string format: date-time created: type: string format: date-time userAgent: type: string PhoneNumberDiscoverabilityRequest: required: - discoverableByPhoneNumber type: object properties: discoverableByPhoneNumber: type: boolean MessageBackupResponse: type: object properties: cdn: type: integer description: Indicates the CDN type. 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found. headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol BackupInfoResponse: type: object properties: cdn: type: integer description: The CDN type where the message backup is stored. Media may be stored elsewhere. format: int32 backupDir: type: string description: | The base directory of your backup data on the cdn. The message backup can be found in the returned cdn at /backupDir/backupName and stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for media objects on a cdn. Stored media for mediaId can be found at /backupDir/mediaDir/mediaId. backupName: type: string description: The name of the most recent message backup on the cdn. The backup is at /backupDir/backupName usedSpace: type: integer description: The amount of space used to store media format: int64 CopyMediaBatchResponse: type: object properties: responses: type: array description: Detailed outcome information for each copy request in the batch items: $ref: '#/components/schemas/Entry' Entry: required: - mediaId type: object properties: status: type: integer description: | The outcome of the copy attempt. A 200 indicates the object was successfully copied. A 400 indicates an invalid argument in the request A 410 indicates that the source object was not found format: int32 failureReason: type: string description: "On a copy failure, a detailed failure reason" cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: "The mediaId of the object, encoded in URL-safe padded base64" description: Detailed outcome information for each copy request in the batch CopyMediaBatchRequest: required: - items type: object properties: items: maxItems: 1000 minItems: 1 type: array description: A list of media objects to copy from the attachments CDN to the backup CDN items: $ref: '#/components/schemas/CopyMediaRequest' CopyMediaRequest: required: - encryptionKey - hmacKey - iv - mediaId - objectLength - sourceAttachment type: object properties: sourceAttachment: $ref: '#/components/schemas/RemoteAttachment' objectLength: type: integer description: The length of the source attachment before the encryption applied by the copy operation format: int32 mediaId: type: string description: "mediaId to copy on to the backup CDN, encoded in URL-safe\ \ padded base64" hmacKey: type: string description: "A 32-byte key for the MAC, encoded in standard padded base64" encryptionKey: type: string description: "A 32-byte encryption key for AES, encoded in standard padded\ \ base64" iv: type: string description: "A 16-byte IV for AES, encoded in standard padded base64" RemoteAttachment: required: - cdn - key type: object properties: cdn: type: integer description: The attachment cdn format: int32 key: type: string description: The attachment key description: The object on the attachment CDN to copy CopyMediaResponse: required: - cdn type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 DeleteMedia: type: object properties: mediaToDelete: maxItems: 1000 minItems: 1 type: array items: $ref: '#/components/schemas/MediaToDelete' MediaToDelete: required: - cdn - mediaId type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 BackupAuthCredential: type: object properties: credential: type: array description: "A BackupAuthCredential, encoded in standard padded base64" items: type: string description: "A BackupAuthCredential, encoded in standard padded base64" format: byte redemptionTime: type: integer description: The day on which this credential is valid. Seconds since epoch truncated to day boundary format: int64 description: A list of BackupAuthCredentials and their validity periods BackupAuthCredentialsResponse: type: object properties: credentials: type: array description: A list of BackupAuthCredentials and their validity periods items: $ref: '#/components/schemas/BackupAuthCredential' ListResponse: type: object properties: storedMediaObjects: type: array description: A page of media objects stored for this backup ID items: $ref: '#/components/schemas/StoredMediaObject' backupDir: type: string description: | The base directory of your backup data on the cdn. The stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for the media objects. The stored media for mediaId can be found at /backupDir/mediaDir/mediaId. cursor: type: string description: "If set, the cursor value to pass to the next list request\ \ to continue listing. If absent, all objects have been listed" StoredMediaObject: required: - cdn - mediaId - objectLength type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 objectLength: type: integer description: The length of the object in bytes format: int64 description: A page of media objects stored for this backup ID ReadAuthResponse: type: object properties: headers: type: object additionalProperties: type: string description: Auth headers to include with cdn read requests description: Auth headers to include with cdn read requests SetBackupIdRequest: required: - backupAuthCredentialRequest type: object properties: backupAuthCredentialRequest: type: string description: | A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64 SetPublicKeyRequest: required: - backupIdPublicKey type: object properties: backupIdPublicKey: type: string description: "The public key, serialized in libsignal's elliptic-curve public\ \ key format, and encoded in standard padded base64." AttachmentDescriptorV2: type: object properties: attachmentId: type: integer format: int64 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string attachmentIdString: type: string AttachmentDescriptorV3: type: object properties: cdn: type: integer description: | Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API. 2 indicates resumable uploads using GCS, 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol CreateCallLinkCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GetCreateCallLinkCredentialsRequest: required: - createCallLinkCredentialRequest type: object properties: createCallLinkCredentialRequest: type: array items: type: string format: byte DeliveryCertificate: type: object properties: certificate: type: array items: type: string format: byte CallLinkAuthCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GroupCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GroupCredentials: type: object properties: credentials: type: array items: $ref: '#/components/schemas/GroupCredential' callLinkAuthCredentials: type: array items: $ref: '#/components/schemas/CallLinkAuthCredential' pni: type: string format: uuid AnswerPushChallengeRequest: required: - challenge type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: challenge: type: string description: A token provided to the client via a push payload AnswerCaptchaChallengeRequest: required: - captcha - token type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: token: type: string description: The value of the token field from the server's 428 response captcha: type: string description: A string representing a solved captcha example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345 AnswerChallengeRequest: required: - type type: object properties: type: type: string discriminator: propertyName: type VerificationCode: type: object properties: verificationCode: type: string DeviceInfo: type: object properties: id: type: integer format: int64 name: type: array items: type: string format: byte lastSeen: type: integer format: int64 created: type: integer format: int64 DeviceInfoList: type: object properties: devices: type: array items: $ref: '#/components/schemas/DeviceInfo' DeviceResponse: type: object properties: uuid: type: string format: uuid pni: type: string format: uuid deviceId: type: string format: byte BasicAuthorizationHeader: type: object properties: username: type: string deviceId: type: integer format: int64 password: type: string DeviceActivationRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey type: object properties: aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' LinkDeviceRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey - verificationCode type: object properties: verificationCode: type: string description: | The verification code associated with this device. Must match the verification code provided by the server when provisioning this device. accountAttributes: $ref: '#/components/schemas/AccountAttributes' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' RedeemReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: array items: type: string format: byte visible: type: boolean primary: type: boolean WebSocketClient: type: object properties: userAgent: type: string open: type: boolean createdTimestamp: type: integer format: int64 WebSocketSessionContext: type: object properties: authenticated: type: object client: $ref: '#/components/schemas/WebSocketClient' CheckKeysRequest: required: - digest - identityType type: object properties: identityType: type: string description: | The identity type for which to check for a shared view of repeated-use keys enum: - ACI - PNI digest: type: array description: | A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) items: type: string description: | A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) format: byte ECPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. PreKeyResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' devices: type: array description: information about each requested device items: $ref: '#/components/schemas/PreKeyResponseItem' PreKeyResponseItem: type: object properties: deviceId: type: string description: the device ID of the device to which this item pertains format: byte registrationId: type: integer description: the registration ID for the device format: int32 signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' preKey: $ref: '#/components/schemas/ECPreKey' pqPreKey: $ref: '#/components/schemas/KEMSignedPreKey' description: information about each requested device Anonymous: type: object properties: accessKey: type: array items: type: string format: byte PreKeyCount: type: object properties: count: type: integer description: the number of stored unsigned elliptic-curve prekeys for this device format: int32 pqCount: type: integer description: the number of stored one-time post-quantum prekeys for this device format: int32 SetKeysRequest: type: object properties: preKeys: type: array description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. items: $ref: '#/components/schemas/ECPreKey' signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pqPreKeys: type: array description: | A list of signed post-quantum one-time prekeys to use for this device. Each key must have a valid signature from the identity key in this request. If present and not empty, replaces all stored unsigned PQ prekeys for the device; if absent or empty, any stored unsigned PQ prekeys for the device are not deleted. items: $ref: '#/components/schemas/KEMSignedPreKey' pqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' SpamReport: type: object properties: token: type: array items: type: string format: byte IncomingMessageList: required: - messages type: object properties: messages: type: array items: $ref: '#/components/schemas/IncomingMessage' online: type: boolean urgent: type: boolean timestamp: type: integer format: int64 AccountMismatchedDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/MismatchedDevices' AccountStaleDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/StaleDevices' CombinedUnidentifiedSenderAccessKeys: type: object properties: accessKeys: type: array items: type: string format: byte GroupSendCredentialHeader: type: object properties: presentation: $ref: '#/components/schemas/GroupSendCredentialPresentation' GroupSendCredentialPresentation: type: object properties: internalContentsForJNI: type: array items: type: string format: byte Recipient: type: object properties: devices: type: array items: type: string format: byte devicesAndRegistrationIds: type: object properties: parallel: type: boolean SealedSenderMultiRecipientMessage: type: object properties: recipients: type: object additionalProperties: $ref: '#/components/schemas/Recipient' excludedRecipients: type: array items: $ref: '#/components/schemas/ServiceId' ServiceId: type: object properties: rawUUID: type: string format: uuid CurrencyConversionEntity: type: object properties: base: type: string conversions: type: object additionalProperties: type: number CurrencyConversionEntityList: type: object properties: currencies: type: array items: $ref: '#/components/schemas/CurrencyConversionEntity' timestamp: type: integer format: int64 Badge: type: object properties: id: type: string category: type: string name: type: string description: type: string sprites6: type: array items: type: string svg: type: string svgs: type: array items: $ref: '#/components/schemas/BadgeSvg' imageUrl: type: string BadgeSvg: required: - dark - light type: object properties: light: type: string dark: type: string BaseProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: array items: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UserCapabilities: type: object properties: paymentActivation: type: boolean pni: type: boolean pnp: type: boolean giftBadges: type: boolean VersionedProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: array items: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: array items: type: string format: byte about: type: array items: type: string format: byte aboutEmoji: type: array items: type: string format: byte avatar: type: string paymentAddress: type: array items: type: string format: byte phoneNumberSharing: type: array items: type: string format: byte CredentialProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: array items: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: array items: type: string format: byte about: type: array items: type: string format: byte aboutEmoji: type: array items: type: string format: byte avatar: type: string paymentAddress: type: array items: type: string format: byte phoneNumberSharing: type: array items: type: string format: byte BatchIdentityCheckResponse: type: object properties: elements: type: array items: $ref: '#/components/schemas/Element' Element: required: - fingerprint type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. aci: type: string description: An identifier for an account based on the account's ACI fingerprint: type: array items: type: string format: byte BatchIdentityCheckRequest: required: - elements type: object properties: elements: maxItems: 1000 minItems: 0 type: array items: $ref: '#/components/schemas/Element' CreateProfileRequest: required: - commitment - version type: object properties: avatar: type: boolean badgeIds: type: array items: type: string commitment: $ref: '#/components/schemas/ProfileKeyCommitment' version: type: string name: type: array items: type: string format: byte aboutEmoji: type: array items: type: string format: byte about: type: array items: type: string format: byte paymentAddress: type: array items: type: string format: byte sameAvatar: type: boolean phoneNumberSharing: type: array items: type: string format: byte avatarChange: type: string enum: - UNCHANGED - CLEAR - UPDATE ProfileKeyCommitment: type: object properties: internalContentsForJNI: type: array items: type: string format: byte ProvisioningMessage: required: - body type: object properties: body: type: string RegistrationRequest: required: - accountAttributes - aciIdentityKey - aciPqLastResortPreKey - aciSignedPreKey - pniIdentityKey - pniPqLastResortPreKey - pniSignedPreKey - skipDeviceTransfer type: object properties: sessionId: type: string description: | The ID of an existing verification session as it appears in a verification session metadata object. Must be provided if `recoveryPassword` is not provided; must not be provided if `recoveryPassword` is provided. recoveryPassword: type: array description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided items: type: string description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided format: byte accountAttributes: $ref: '#/components/schemas/AccountAttributes' skipDeviceTransfer: type: boolean description: | If true, indicates that the end user has elected not to transfer data from another device even though a device transfer is technically possible given the capabilities of the calling device and the device associated with the existing account (if any). If false and if a device transfer is technically possible, the registration request will fail with an HTTP/409 response indicating that the client should prompt the user to transfer data from an existing device. aciIdentityKey: $ref: '#/components/schemas/IdentityKey' pniIdentityKey: $ref: '#/components/schemas/IdentityKey' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' valid: type: boolean UserRemoteConfig: type: object properties: name: type: string enabled: type: boolean value: type: string UserRemoteConfigList: type: object properties: config: type: array items: $ref: '#/components/schemas/UserRemoteConfig' serverEpochTime: type: string format: date-time AuthCheckResponse: required: - matches type: object properties: matches: type: object additionalProperties: type: string description: "A dictionary with the auth check results: `KBS Credentials\ \ -> 'match'/'no-match'/'invalid'`" enum: - match - no-match - invalid description: "A dictionary with the auth check results: `KBS Credentials\ \ -> 'match'/'no-match'/'invalid'`" AuthCheckRequest: required: - number - passwords type: object properties: number: type: string description: The e164-formatted phone number. passwords: maxItems: 10 minItems: 0 type: array description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\ \ may contain at most 10." items: maxLength: 10 minLength: 0 type: string description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\ \ may contain at most 10." StickerPackFormUploadAttributes: type: object properties: manifest: $ref: '#/components/schemas/StickerPackFormUploadItem' stickers: type: array items: $ref: '#/components/schemas/StickerPackFormUploadItem' packId: type: string StickerPackFormUploadItem: type: object properties: id: type: integer format: int32 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string ConfirmPayPalBoostRequest: required: - currency - payerId - paymentId - paymentToken type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL payerId: type: string paymentId: type: string paymentToken: type: string CreateBoostRequest: required: - currency type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL CreateBoostReceiptCredentialsRequest: required: - paymentIntentId - processor - receiptCredentialRequest type: object properties: paymentIntentId: type: string receiptCredentialRequest: type: array items: type: string format: byte processor: type: string enum: - STRIPE - BRAINTREE CreatePayPalBoostRequest: required: - cancelUrl - currency - returnUrl type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL returnUrl: type: string cancelUrl: type: string CreatePayPalBillingAgreementRequest: required: - cancelUrl - returnUrl type: object properties: returnUrl: type: string cancelUrl: type: string GetReceiptCredentialsRequest: required: - receiptCredentialRequest type: object properties: receiptCredentialRequest: type: array items: type: string format: byte VerificationSessionResponse: type: object properties: id: type: string nextSms: type: integer format: int64 nextCall: type: integer format: int64 nextVerificationAttempt: type: integer format: int64 allowedToRequestCode: type: boolean requestedInformation: type: array items: type: string enum: - pushChallenge - captcha verified: type: boolean CreateVerificationSessionRequest: required: - number type: object properties: number: type: string pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string UpdateVerificationSessionRequest: type: object properties: pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string VerificationCodeRequest: required: - client - transport type: object properties: transport: type: string enum: - sms - voice client: type: string SubmitVerificationCodeRequest: required: - code type: object properties: code: type: string securitySchemes: authenticatedAccount: type: http description: "Account authentication is based on Basic authentication schema,\ \ \nwhere `username` has a format of `[.]`. If `device_id`\ \ is not specified,\nuser's `main` device is assumed.\n" scheme: basic