openapi: 3.0.1 info: title: Signal Server API license: name: AGPL-3.0-only url: https://www.gnu.org/licenses/agpl-3.0.txt servers: - url: https://chat.signal.org description: Production service - url: https://chat.staging.signal.org description: Staging service paths: /v1/accounts/account/{identifier}: head: tags: - Account summary: Check whether an account exists description: | Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists. operationId: accountExists parameters: - name: identifier in: path description: An ACI or PNI account identifier to check required: true schema: $ref: '#/components/schemas/ServiceIdentifier' responses: "200": description: An account with the given identifier was found. "400": description: "A client made an authenticated to this endpoint, and must\ \ not provide credentials." "404": description: An account was not found for the given identifier. "422": description: Invalid request format. "429": description: Rate-limited. security: - authenticatedAccount: [] - {} /v1/accounts/username_hash/confirm: put: tags: - Account summary: Confirm username hash description: | Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken by this account. operationId: confirmUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmUsernameHashRequest' required: true responses: "200": description: Username hash confirmed successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameHashResponse' "401": description: Account authentication check failed. "409": description: Given username hash doesn't match the reserved one or no reservation found. "410": description: Username hash not available (username can't be used). "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/me: get: tags: - Account operationId: getMe responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteAccount responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/apn: put: tags: - Account operationId: setApnRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/ApnRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteApnRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/gcm: put: tags: - Account operationId: setGcmRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/GcmRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteGcmRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash: delete: tags: - Account summary: Delete username hash description: | Authenticated endpoint. Deletes previously stored username for the account. operationId: deleteUsernameHash responses: "204": description: Username successfully deleted. "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/accounts/username_link: put: tags: - Account summary: Set username link description: | Authenticated endpoint. For the given encrypted username generates a username link handle. Username link handle could be used to lookup the encrypted username. An account can only have one username link at a time. Calling this endpoint will reset previously stored encrypted username and deactivate previous link handle. operationId: updateUsernameLink requestBody: content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' required: true responses: "200": description: Username Link updated successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameLinkHandle' "401": description: Account authentication check failed. "409": description: Username is not set for the account. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] delete: tags: - Account summary: Delete username link description: | Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted and username link handle is deactivated. operationId: deleteUsernameLink responses: "204": description: Username Link successfully deleted. "401": description: Account authentication check failed. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/turn: get: tags: - Account operationId: getTurnToken responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/TurnToken' security: - authenticatedAccount: [] /v1/accounts/username_hash/{usernameHash}: get: tags: - Account summary: Lookup username hash description: | Forced unauthenticated endpoint. For the given username hash, look up a user ID. operationId: lookupUsernameHash parameters: - name: usernameHash in: path required: true schema: type: string responses: "200": description: Account found for the given username. content: application/json: schema: $ref: '#/components/schemas/AccountIdentifierResponse' "400": description: Request must not be authenticated. "404": description: Account not fount for the given username. security: - authenticatedAccount: [] - {} /v1/accounts/username_link/{uuid}: get: tags: - Account summary: Lookup username link description: | Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username. If found, encrypted username is returned, otherwise responds with 404 Not Found. operationId: lookupUsernameLink parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: "200": description: Username link with the given handle was found. content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' "404": description: Username link was not found for the given handle. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] - {} /v1/accounts/registration_lock: put: tags: - Account operationId: setRegistrationLock requestBody: content: '*/*': schema: $ref: '#/components/schemas/RegistrationLock' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: removeRegistrationLock responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash/reserve: put: tags: - Account summary: Reserve username hash description: | Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken, and reserves it for the current account. operationId: reserveUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashRequest' required: true responses: "200": description: Username hash reserved successfully. content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashResponse' "401": description: Account authentication check failed. "409": description: All username hashes from the list are taken. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/attributes: put: tags: - Account operationId: setAccountAttributes parameters: - name: X-Signal-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/accounts/name: put: tags: - Account operationId: setName requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceName' required: true responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/whoami: get: tags: - Account operationId: whoAmI responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' security: - authenticatedAccount: [] /v2/accounts/number: put: tags: - Account summary: Change number description: Changes a phone number for an existing account. operationId: changeNumber parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangeNumberRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: Verification failed for the provided Registration Recovery Password "409": description: Mismatched number of devices or device ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: Mismatched registration ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/StaleDevices' "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v2/accounts/phone_number_identity_key_distribution: put: tags: - Account summary: Set phone-number identity keys description: Updates key material for the phone-number identity for all devices and sends a synchronization message to companion devices operationId: distributePhoneNumberIdentityKeys requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest' required: true responses: "200": description: Indicates the transaction was successful and returns basic information about this account. content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: This endpoint can only be invoked from the account's primary device. "422": description: The request body failed validation. "409": description: The set of devices specified in the request does not match the set of devices active on the account. content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: The registration IDs provided for some devices do not match those stored on the server. content: application/json: schema: $ref: '#/components/schemas/StaleDevices' security: - authenticatedAccount: [] /v2/accounts/data_report: get: tags: - Account summary: Produces a report of non-ephemeral account data stored by the service operationId: getAccountDataReport responses: "200": description: Response with data report. A plain text representation is a field in the response. content: application/json: schema: $ref: '#/components/schemas/AccountDataReportResponse' security: - authenticatedAccount: [] /v2/accounts/phone_number_discoverability: put: tags: - Account operationId: setPhoneNumberDiscoverability requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/art/auth: get: tags: - Art operationId: getAuth responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/attachments/form/upload: get: tags: - Attachments operationId: getAttachmentUploadForm parameters: - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV2' security: - authenticatedAccount: [] /v3/attachments/form/upload: get: tags: - Attachments operationId: getAttachmentUploadForm_1 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' security: - authenticatedAccount: [] /v4/attachments/form/upload: get: tags: - Attachments summary: Get an upload form description: | Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number indicating what protocol should be used to perform the upload. operationId: getAttachmentUploadForm_2 responses: "200": description: "Success, response body includes upload form" content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/call-link/create-auth: post: tags: - CallLink summary: Generate a credential for creating call links description: | Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge group infrastructure, the server does not know the room ID. operationId: getCreateAuth requestBody: content: '*/*': schema: $ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest' required: true responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/CreateCallLinkCredential' "400": description: Invalid create call link credential request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/certificate/delivery: get: tags: - Certificate operationId: getDeliveryCertificate parameters: - name: includeE164 in: query schema: type: boolean default: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeliveryCertificate' security: - authenticatedAccount: [] /v1/certificate/auth/group: get: tags: - Certificate operationId: getGroupAuthenticationCredentials parameters: - name: redemptionStartSeconds in: query schema: type: integer format: int32 - name: redemptionEndSeconds in: query schema: type: integer format: int32 - name: pniAsServiceId in: query schema: type: boolean responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/GroupCredentials' security: - authenticatedAccount: [] /v1/challenge: put: tags: - Challenge summary: Submit proof of a challenge completion description: | Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing. Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then continue their original operation. operationId: handleChallengeResponse parameters: - name: X-Forwarded-For in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/AnswerPushChallengeRequest' - $ref: '#/components/schemas/AnswerRecaptchaChallengeRequest' responses: "200": description: Indicates the challenge proof was accepted "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/challenge/push: post: tags: - Challenge summary: Request a push challenge description: | Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be sent to the requesting account’s main device. When the push is received it may be provided as proof of completed challenge to /v1/challenge. APNs challenge payloads will be formatted as follows: ``` { "aps": { "sound": "default", "alert": { "loc-key": "APN_Message" } }, "rateLimitChallenge": "{CHALLENGE_TOKEN}" } ``` FCM challenge payloads will be formatted as follows: ``` {"rateLimitChallenge": "{CHALLENGE_TOKEN}"} ``` Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must implement an exponential back-off system and limit the total number of retries. operationId: requestPushChallenge responses: "200": description: | Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push notification, they may issue a PUT request to /v1/challenge. "404": description: | The server does not have a push notification token for the authenticated account’s main device; clients may add a push token and try again "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devices/provisioning/code: get: tags: - Devices operationId: createDeviceToken responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationCode' security: - authenticatedAccount: [] /v1/devices: get: tags: - Devices operationId: getDevices responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeviceInfoList' security: - authenticatedAccount: [] /v1/devices/link: put: tags: - Devices summary: Link a device to an account description: | Links a device to an account identified by a given phone number. operationId: linkDevice parameters: - name: Authorization in: header schema: $ref: '#/components/schemas/BasicAuthorizationHeader' requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkDeviceRequest' required: true responses: "200": description: The new device was linked to the calling account content: application/json: schema: $ref: '#/components/schemas/DeviceResponse' "403": description: The given account was not found or the given verification code was incorrect "411": description: The given account already has its maximum number of linked devices "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/devices/{device_id}: delete: tags: - Devices operationId: removeDevice parameters: - name: device_id in: path required: true schema: type: integer format: int64 responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/capabilities: put: tags: - Devices operationId: setCapabilities requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceCapabilities' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/unauthenticated_delivery: put: tags: - Devices operationId: setUnauthenticatedDelivery responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/{verification_code}: put: tags: - Devices operationId: verifyDeviceToken parameters: - name: verification_code in: path required: true schema: type: string - name: Authorization in: header schema: $ref: '#/components/schemas/BasicAuthorizationHeader' requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeviceResponse' deprecated: true /v2/directory/auth: get: tags: - Directory operationId: getAuthToken responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/donation/redeem-receipt: post: tags: - Donations operationId: redeemReceipt requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemReceiptRequest' required: true responses: default: description: default response content: application/json: schema: type: object text/plain: schema: type: object security: - authenticatedAccount: [] /v1/keepalive: get: tags: - Keep Alive operationId: getKeepAlive requestBody: content: '*/*': schema: $ref: '#/components/schemas/WebSocketSessionContext' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] - {} /v1/keepalive/provisioning: get: tags: - Keep Alive operationId: getProvisioningKeepAlive responses: default: description: default response content: '*/*': {} /v2/keys/{identifier}/{device_id}: get: tags: - Keys summary: Fetch public keys for another user description: Retrieves the public identity key and available device prekeys for a specified account or phone-number identity operationId: getDeviceKeys parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path description: the account or phone-number identifier to retrieve keys for required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: device_id in: path description: "the device id of a single device to retrieve prekeys for, or\ \ `*` for all enabled devices" required: true schema: type: string - name: pq in: query description: whether to retrieve post-quantum prekeys allowEmptyValue: true schema: type: boolean default: false - name: User-Agent in: header schema: type: string responses: "200": description: Indicates at least one prekey was available for at least one requested device. content: application/json: schema: $ref: '#/components/schemas/PreKeyResponse' "401": description: Account authentication check failed and unidentified-access key was not supplied or invalid. "404": description: "Requested identity or device does not exist, is not active,\ \ or has no available prekeys." "429": description: Rate limit exceeded. headers: Retry-After: description: "If present, a positive integer indicating the number of\ \ seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] - {} /v2/keys: get: tags: - Keys summary: Get prekey count description: Gets the number of one-time prekeys uploaded for this device and still available operationId: getStatus parameters: - name: identity in: query schema: type: string responses: "200": description: Body contains the number of available one-time prekeys for the device. content: application/json: schema: $ref: '#/components/schemas/PreKeyCount' "401": description: Account authentication check failed. security: - authenticatedAccount: [] put: tags: - Keys summary: Upload new prekeys description: |2 Upload new prekeys for this device. Can also be used, from the primary device only, to set the account's identity key, but this is deprecated now that accounts can be created atomically. operationId: setKeys parameters: - name: identity in: query allowEmptyValue: true schema: type: string description: whether this operation applies to the account (aci) or phone-number (pni) identity default: aci enum: - aci - pni - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that new keys were successfully stored. "401": description: Account authentication check failed. "403": description: Attempt to change identity key from a non-primary device. "422": description: Invalid request format. security: - authenticatedAccount: [] /v2/keys/signed: put: tags: - Keys summary: Upload a new signed prekey description: |2 Upload a new signed elliptic-curve prekey for this device. Deprecated; use PUT /v2/keys with instead. operationId: setSignedKey parameters: - name: identity in: query schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ECSignedPreKey' responses: "200": description: Indicates that new prekey was successfully stored. "401": description: Account authentication check failed. "422": description: Invalid request format. security: - authenticatedAccount: [] /v1/messages: get: tags: - Messages operationId: getPendingMessages parameters: - name: X-Signal-Receive-Stories in: header schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] /v1/messages/uuid/{uuid}: delete: tags: - Messages operationId: removePendingMessage parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: default: description: default response content: '*/*': schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] /v1/messages/report/{source}/{messageGuid}: post: tags: - Messages operationId: reportSpamMessage parameters: - name: source in: path required: true schema: type: string - name: messageGuid in: path required: true schema: type: string format: uuid - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SpamReport' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/{destination}: put: tags: - Messages operationId: sendMessage parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: User-Agent in: header schema: type: string - name: X-Forwarded-For in: header schema: type: string - name: destination in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: story in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/IncomingMessageList' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} /v1/messages/multi_recipient: put: tags: - Messages operationId: sendMultiRecipientMessage parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys' - name: User-Agent in: header schema: type: string - name: X-Forwarded-For in: header schema: type: string - name: online in: query schema: type: boolean - name: ts in: query schema: type: integer format: int64 - name: urgent in: query schema: type: boolean default: true - name: story in: query schema: type: boolean requestBody: content: application/vnd.signal-messenger.mrm: schema: $ref: '#/components/schemas/MultiRecipientMessage' required: true responses: default: description: default response content: application/json: {} /v1/payments/auth: get: tags: - Payments operationId: getAuth_1 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v1/payments/conversions: get: tags: - Payments operationId: getConversions responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CurrencyConversionEntityList' security: - authenticatedAccount: [] /v1/profile/{identifier}/{version}: get: tags: - Profile operationId: getProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VersionedProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}/{version}/{credentialRequest}: get: tags: - Profile operationId: getProfile_1 parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string - name: credentialRequest in: path required: true schema: type: string - name: credentialType in: query schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CredentialProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}: get: tags: - Profile operationId: getUnversionedProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: User-Agent in: header schema: type: string - name: identifier in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: ca in: query schema: type: boolean responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BaseProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/identity_check/batch: post: tags: - Profile operationId: runBatchIdentityCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/profile: put: tags: - Profile operationId: setProfile requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateProfileRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/provisioning/{destination}: put: tags: - Provisioning operationId: sendProvisioningMessage parameters: - name: destination in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ProvisioningMessage' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/registration: post: tags: - Registration summary: Registers an account description: "Registers a new account or attempts to “re-register” an existing\ \ account. It is expected that a well-behaved client\ncould make up to three\ \ consecutive calls to this API:\n1. gets 423 from existing registration lock\ \ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n" operationId: register parameters: - name: Authorization in: header required: true schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: X-Signal-Agent in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistrationRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "403": description: Verification failed for the provided Registration Recovery Password "409": description: "The caller has not explicitly elected to skip transferring\ \ data from another device, but a device transfer is technically possible" "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/config/{name}: delete: tags: - Remote Config operationId: delete parameters: - name: Config-Token in: header schema: type: string - name: name in: path required: true schema: type: string responses: default: description: default response content: '*/*': {} /v1/config: get: tags: - Remote Config operationId: getAll responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/UserRemoteConfigList' security: - authenticatedAccount: [] put: tags: - Remote Config operationId: set parameters: - name: Config-Token in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RemoteConfig' required: true responses: default: description: default response content: application/json: {} /v1/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR credentials description: | Over time, clients may wind up with multiple sets of KBS authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR. operationId: authCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponse' "422": description: Provided list of KBS credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v1/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR description: | Generate SVR service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_2 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/storage/auth: get: tags: - Secure Storage operationId: getAuth_3 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR2 credentials description: | Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2. operationId: authCheck_1 requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponse' "422": description: Provided list of SVR2 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v2/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR2 description: | Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_4 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/sticker/pack/form/{count}: get: tags: - Stickers operationId: getStickersForm parameters: - name: count in: path required: true schema: maximum: 201 minimum: 1 type: integer format: int32 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/StickerPackFormUploadAttributes' security: - authenticatedAccount: [] /v1/subscription/boost/paypal/confirm: post: tags: - Subscriptions operationId: confirmPayPalBoost requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmPayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/subscription/boost/create: post: tags: - Subscriptions operationId: createBoostPaymentIntent requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/subscription/boost/receipt_credentials: post: tags: - Subscriptions operationId: createBoostReceiptCredentials parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/subscription/boost/paypal/create: post: tags: - Subscriptions operationId: createPayPalBoost requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/subscription/{subscriberId}/create_payment_method/paypal: post: tags: - Subscriptions operationId: createPayPalPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBillingAgreementRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/create_payment_method: post: tags: - Subscriptions operationId: createPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: type in: query schema: type: string default: CARD enum: - CARD - PAYPAL responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/receipt_credentials: post: tags: - Subscriptions operationId: createSubscriptionReceiptCredentials parameters: - name: User-Agent in: header schema: type: string - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/GetReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}: get: tags: - Subscriptions operationId: getSubscriptionInformation parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} put: tags: - Subscriptions operationId: updateSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} delete: tags: - Subscriptions operationId: deleteSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/subscription/boost/amounts: get: tags: - Subscriptions operationId: getBoostAmounts responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 deprecated: true /v1/subscription/boost/badges: get: tags: - Subscriptions operationId: getBoostBadges responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 deprecated: true /v1/subscription/configuration: get: tags: - Subscriptions operationId: getConfiguration responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 /v1/subscription/boost/amounts/gift: get: tags: - Subscriptions operationId: getGiftAmounts responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 deprecated: true /v1/subscription/levels: get: tags: - Subscriptions operationId: getLevels responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 deprecated: true /v1/subscription/{subscriberId}/default_payment_method/{paymentMethodId}: post: tags: - Subscriptions operationId: setDefaultPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: paymentMethodId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 deprecated: true security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodWithProcessor parameters: - name: subscriberId in: path required: true schema: type: string - name: processor in: path required: true schema: type: string enum: - STRIPE - BRAINTREE - name: paymentMethodToken in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}: put: tags: - Subscriptions operationId: setSubscriptionLevel parameters: - name: subscriberId in: path required: true schema: type: string - name: level in: path required: true schema: type: integer format: int64 - name: currency in: path required: true schema: type: string - name: idempotencyKey in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: cancelled: type: boolean done: type: boolean completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 security: - authenticatedAccount: [] - {} /v1/verification/session: post: tags: - Verification operationId: createSession requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}: get: tags: - Verification operationId: getSession parameters: - name: sessionId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' patch: tags: - Verification operationId: updateSession parameters: - name: sessionId in: path required: true schema: type: string - name: X-Forwarded-For in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}/code: put: tags: - Verification operationId: verifyCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubmitVerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' post: tags: - Verification operationId: requestVerificationCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string - name: Accept-Language in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/VerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' components: schemas: AciServiceIdentifier: type: string description: An identifier for an account based on the account's ACI allOf: - $ref: '#/components/schemas/ServiceIdentifier' PniServiceIdentifier: type: string description: An identifier for an account based on the account's phone number identifier (PNI) allOf: - $ref: '#/components/schemas/ServiceIdentifier' ServiceIdentifier: type: object description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UsernameHashResponse: type: object properties: usernameHash: type: string description: "The hash of the confirmed username, as supplied in the request" usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username ConfirmUsernameHashRequest: type: object properties: usernameHash: type: array items: type: string format: byte zkProof: type: array items: type: string format: byte encryptedUsername: maxLength: 128 minLength: 1 type: string description: The url-safe base64-encoded encrypted username to be stored for username links AccountIdentityResponse: type: object properties: uuid: type: string description: the account identifier for this account format: uuid number: type: string description: the phone number associated with this account pni: type: string description: the account identifier for this account's phone-number identity format: uuid usernameHash: type: array description: "a hash of this account's username, if set" items: type: string description: "a hash of this account's username, if set" format: byte storageCapable: type: boolean description: whether any of this account's devices support storage TurnToken: type: object properties: username: type: string password: type: string urls: type: array items: type: string AccountIdentifierResponse: required: - uuid type: object properties: uuid: type: string description: An identifier for an account based on the account's ACI EncryptedUsername: required: - usernameLinkEncryptedValue type: object properties: usernameLinkEncryptedValue: maxLength: 128 minLength: 1 type: string description: the URL-safe base64 encoding of the encrypted username ReserveUsernameHashResponse: type: object properties: usernameHash: type: array items: type: string format: byte ReserveUsernameHashRequest: required: - usernameHashes type: object properties: usernameHashes: maxItems: 20 minItems: 1 type: array items: type: array items: type: string format: byte AccountAttributes: type: object properties: fetchesMessages: type: boolean registrationId: type: integer format: int32 name: maxLength: 204 minLength: 0 type: string registrationLock: type: string unidentifiedAccessKey: type: array items: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/DeviceCapabilities' discoverableByPhoneNumber: type: boolean recoveryPassword: type: array items: type: string format: byte pniRegistrationId: type: object properties: empty: type: boolean present: type: boolean asInt: type: integer format: int32 DeviceCapabilities: type: object properties: storage: type: boolean transfer: type: boolean senderKey: type: boolean announcementGroup: type: boolean changeNumber: type: boolean pni: type: boolean stories: type: boolean giftBadges: type: boolean paymentActivation: type: boolean ApnRegistrationId: required: - apnRegistrationId type: object properties: apnRegistrationId: type: string voipRegistrationId: type: string description: | An APNs token set for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. If creating an account "atomically," callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. GcmRegistrationId: required: - gcmRegistrationId type: object properties: gcmRegistrationId: type: string description: | An FCM/GCM token for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. If creating an account "atomically," callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. DeviceName: required: - deviceName type: object properties: deviceName: maxLength: 300 minLength: 0 type: string RegistrationLock: required: - registrationLock type: object properties: registrationLock: maxLength: 64 minLength: 64 type: string UsernameLinkHandle: required: - usernameLinkHandle type: object properties: usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username format: uuid MismatchedDevices: type: object properties: missingDevices: type: array description: Devices present on the account but absent in the request items: type: integer description: Devices present on the account but absent in the request format: int64 extraDevices: type: array description: Devices absent on the request but present in the account items: type: integer description: Devices absent on the request but present in the account format: int64 StaleDevices: type: object properties: staleDevices: type: array description: Devices that are no longer active items: type: integer description: Devices that are no longer active format: int64 ExternalServiceCredentials: type: object properties: username: type: string password: type: string RegistrationLockFailure: type: object properties: timeRemaining: type: integer description: Time remaining in milliseconds before the existing registration lock expires format: int64 backupCredentials: $ref: '#/components/schemas/ExternalServiceCredentials' svr2Credentials: $ref: '#/components/schemas/ExternalServiceCredentials' description: A token provided to the client via a push payload ChangeNumberRequest: required: - deviceMessages - devicePniSignedPrekeys - number - pniIdentityKey - pniRegistrationIds type: object properties: reglock: type: string description: "the registration lock password for the new phone number, if\ \ necessary" sessionId: type: string description: |- A session ID from registration service, if using session id to authenticate this request. Must not be combined with `recoveryPassword`. recoveryPassword: type: string description: |- The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request. Must not be combined with `sessionId`. number: type: string description: the new phone number for this account pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: |- A list of synchronization messages to send to companion devices to supply the private keysManager associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" format: int32 description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" signatureValidOnEachSignedPreKey: type: boolean valid: type: boolean ECPublicKey: type: object properties: type: type: integer format: int32 publicKeyBytes: type: array items: type: string format: byte ECSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed EC pre-key to be associated with this account's PNI. If provided, an account will be created "atomically," and all other properties needed for atomic account creation must also be present. IdentityKey: type: object properties: publicKey: $ref: '#/components/schemas/ECPublicKey' fingerprint: type: string description: | The PNI-associated identity key for the account, encoded as a base64 string. If provided, an account will be created "atomically," and all other properties needed for atomic account creation must also be present. IncomingMessage: type: object properties: type: type: integer format: int32 destinationDeviceId: type: integer format: int64 destinationRegistrationId: type: integer format: int32 content: type: string KEMSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents a single-use or last-resort key, but another party should *not* be able to tell. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI. If provided, an account will be created "atomically," and all other properties needed for atomic account creation must also be present. PhoneNumberIdentityKeyDistributionRequest: required: - deviceMessages - devicePniSignedPrekeys - pniIdentityKey - pniRegistrationIds type: object properties: pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: | A list of synchronization messages to send to companion devices to supply the private keys associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." format: int32 description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." signatureValidOnEachSignedPreKey: type: boolean AccountAndDevicesDataReport: type: object properties: account: $ref: '#/components/schemas/AccountDataReport' devices: type: array items: $ref: '#/components/schemas/DeviceDataReport' AccountDataReport: type: object properties: phoneNumber: type: string badges: type: array items: $ref: '#/components/schemas/BadgeDataReport' allowSealedSenderFromAnyone: type: boolean findAccountByPhoneNumber: type: boolean AccountDataReportResponse: type: object properties: reportId: type: string format: uuid reportTimestamp: type: string format: date-time data: $ref: '#/components/schemas/AccountAndDevicesDataReport' text: type: string description: A plaintext representation of the data report BadgeDataReport: type: object properties: id: type: string expiration: type: string format: date-time visible: type: boolean DeviceDataReport: type: object properties: id: type: integer format: int64 lastSeen: type: string format: date-time created: type: string format: date-time userAgent: type: string PhoneNumberDiscoverabilityRequest: required: - discoverableByPhoneNumber type: object properties: discoverableByPhoneNumber: type: boolean AttachmentDescriptorV2: type: object properties: attachmentId: type: integer format: int64 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string attachmentIdString: type: string AttachmentDescriptorV3: type: object properties: cdn: type: integer description: | Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API. 2 indicates resumable uploads using GCS, 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol CreateCallLinkCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GetCreateCallLinkCredentialsRequest: required: - createCallLinkCredentialRequest type: object properties: createCallLinkCredentialRequest: type: array items: type: string format: byte DeliveryCertificate: type: object properties: certificate: type: array items: type: string format: byte CallLinkAuthCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GroupCredential: type: object properties: credential: type: array items: type: string format: byte redemptionTime: type: integer format: int64 GroupCredentials: type: object properties: credentials: type: array items: $ref: '#/components/schemas/GroupCredential' callLinkAuthCredentials: type: array items: $ref: '#/components/schemas/CallLinkAuthCredential' pni: type: string format: uuid AnswerPushChallengeRequest: required: - challenge type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: challenge: type: string description: A token provided to the client via a push payload AnswerRecaptchaChallengeRequest: required: - captcha - token type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: token: type: string description: The value of the token field from the server's 428 response captcha: type: string description: A string representing a solved captcha example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345 AnswerChallengeRequest: required: - type type: object properties: type: type: string discriminator: propertyName: type VerificationCode: type: object properties: verificationCode: type: string DeviceInfo: type: object properties: id: type: integer format: int64 name: type: string lastSeen: type: integer format: int64 created: type: integer format: int64 DeviceInfoList: type: object properties: devices: type: array items: $ref: '#/components/schemas/DeviceInfo' DeviceResponse: type: object properties: uuid: type: string format: uuid pni: type: string format: uuid deviceId: type: integer format: int64 BasicAuthorizationHeader: type: object properties: username: type: string deviceId: type: integer format: int64 password: type: string DeviceActivationRequest: type: object properties: aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' LinkDeviceRequest: required: - verificationCode type: object properties: verificationCode: type: string description: | The verification code associated with this device. Must match the verification code provided by the server when provisioning this device. accountAttributes: $ref: '#/components/schemas/AccountAttributes' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' RedeemReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: array items: type: string format: byte visible: type: boolean primary: type: boolean WebSocketClient: type: object properties: open: type: boolean userAgent: type: string createdTimestamp: type: integer format: int64 WebSocketSessionContext: type: object properties: authenticated: type: object client: $ref: '#/components/schemas/WebSocketClient' ECPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. description: "A list of unsigned elliptic-curve prekeys to use for this device.\ \ If present and not empty, replaces all stored unsigned EC prekeys for the\ \ device; if absent or empty, any stored unsigned EC prekeys for the device\ \ are not deleted." PreKeyResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' devices: type: array description: information about each requested device items: $ref: '#/components/schemas/PreKeyResponseItem' PreKeyResponseItem: type: object properties: deviceId: type: integer description: the device ID of the device to which this item pertains format: int64 registrationId: type: integer description: the registration ID for the device format: int32 signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' preKey: $ref: '#/components/schemas/ECPreKey' pqPreKey: $ref: '#/components/schemas/KEMSignedPreKey' description: information about each requested device Anonymous: type: object properties: accessKey: type: array items: type: string format: byte PreKeyCount: type: object properties: count: type: integer description: the number of stored unsigned elliptic-curve prekeys for this device format: int32 pqCount: type: integer description: the number of stored one-time post-quantum prekeys for this device format: int32 PreKeyState: required: - identityKey type: object properties: preKeys: type: array description: "A list of unsigned elliptic-curve prekeys to use for this\ \ device. If present and not empty, replaces all stored unsigned EC prekeys\ \ for the device; if absent or empty, any stored unsigned EC prekeys for\ \ the device are not deleted." items: $ref: '#/components/schemas/ECPreKey' signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pqPreKeys: type: array description: "A list of signed post-quantum one-time prekeys to use for\ \ this device. Each key must have a valid signature from the identity\ \ key in this request. If present and not empty, replaces all stored unsigned\ \ PQ prekeys for the device; if absent or empty, any stored unsigned PQ\ \ prekeys for the device are not deleted." items: $ref: '#/components/schemas/KEMSignedPreKey' pqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' identityKey: $ref: '#/components/schemas/IdentityKey' signatureValidOnEachSignedKey: type: boolean SpamReport: type: object properties: token: type: array items: type: string format: byte IncomingMessageList: required: - messages type: object properties: messages: type: array items: $ref: '#/components/schemas/IncomingMessage' online: type: boolean urgent: type: boolean timestamp: type: integer format: int64 CombinedUnidentifiedSenderAccessKeys: type: object properties: accessKeys: type: array items: type: string format: byte MultiRecipientMessage: required: - commonPayload - recipients type: object properties: recipients: maxItems: 5000 minItems: 1 type: array items: $ref: '#/components/schemas/Recipient' commonPayload: maxItems: 2147483647 minItems: 32 type: array items: type: string format: byte Recipient: required: - perRecipientKeyMaterial - uuid type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. deviceId: minimum: 1 type: integer format: int64 registrationId: maximum: 65535 minimum: 0 type: integer format: int32 perRecipientKeyMaterial: maxItems: 48 minItems: 48 type: array items: type: string format: byte CurrencyConversionEntity: type: object properties: base: type: string conversions: type: object additionalProperties: type: number CurrencyConversionEntityList: type: object properties: currencies: type: array items: $ref: '#/components/schemas/CurrencyConversionEntity' timestamp: type: integer format: int64 Badge: type: object properties: id: type: string category: type: string name: type: string description: type: string sprites6: type: array items: type: string svg: type: string svgs: type: array items: $ref: '#/components/schemas/BadgeSvg' imageUrl: type: string BadgeSvg: required: - dark - light type: object properties: light: type: string dark: type: string BaseProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UserCapabilities: type: object properties: gv1-migration: type: boolean senderKey: type: boolean announcementGroup: type: boolean changeNumber: type: boolean stories: type: boolean giftBadges: type: boolean paymentActivation: type: boolean pni: type: boolean VersionedProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string about: type: string aboutEmoji: type: string avatar: type: string paymentAddress: type: string CredentialProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string unrestrictedUnidentifiedAccess: type: boolean capabilities: $ref: '#/components/schemas/UserCapabilities' badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string about: type: string aboutEmoji: type: string avatar: type: string paymentAddress: type: string BatchIdentityCheckRequest: required: - elements type: object properties: elements: maxItems: 1000 minItems: 0 type: array items: $ref: '#/components/schemas/Element' Element: required: - fingerprint type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. aci: type: string description: An identifier for an account based on the account's ACI fingerprint: type: array items: type: string format: byte CreateProfileRequest: required: - commitment - version type: object properties: version: type: string name: type: string avatar: type: boolean sameAvatar: type: boolean aboutEmoji: type: string about: type: string paymentAddress: type: string badgeIds: type: array items: type: string commitment: $ref: '#/components/schemas/ProfileKeyCommitment' badges: type: array items: type: string avatarChange: type: string enum: - UNCHANGED - CLEAR - UPDATE ProfileKeyCommitment: type: object properties: internalContentsForJNI: type: array items: type: string format: byte ProvisioningMessage: required: - body type: object properties: body: type: string RegistrationRequest: required: - accountAttributes - skipDeviceTransfer type: object properties: sessionId: type: string description: | The ID of an existing verification session as it appears in a verification session metadata object. Must be provided if `recoveryPassword` is not provided; must not be provided if `recoveryPassword` is provided. recoveryPassword: type: array description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided items: type: string description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided format: byte accountAttributes: $ref: '#/components/schemas/AccountAttributes' skipDeviceTransfer: type: boolean description: | If true, indicates that the end user has elected not to transfer data from another device even though a device transfer is technically possible given the capabilities of the calling device and the device associated with the existing account (if any). If false and if a device transfer is technically possible, the registration request will fail with an HTTP/409 response indicating that the client should prompt the user to transfer data from an existing device. requireAtomic: type: boolean description: | If true, indicates that this is a request for "atomic" registration. If any properties needed for atomic account creation are not present, the request will fail. If false, atomic account creation can still occur, but only if all required fields are present. aciIdentityKey: $ref: '#/components/schemas/IdentityKey' pniIdentityKey: $ref: '#/components/schemas/IdentityKey' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' everySignedKeyValid: type: boolean completeRequest: type: boolean valid: type: boolean UserRemoteConfig: type: object properties: name: type: string enabled: type: boolean value: type: string UserRemoteConfigList: type: object properties: config: type: array items: $ref: '#/components/schemas/UserRemoteConfig' serverEpochTime: type: string format: date-time RemoteConfig: required: - percentage - uuids type: object properties: name: pattern: "[A-Za-z0-9\\.]+" type: string percentage: maximum: 100 minimum: 0 type: integer format: int32 uuids: uniqueItems: true type: array items: type: string format: uuid defaultValue: type: string value: type: string hashKey: type: string AuthCheckResponse: required: - matches type: object properties: matches: type: object additionalProperties: type: string description: "A dictionary with the auth check results: `KBS Credentials\ \ -> 'match'/'no-match'/'invalid'`" enum: - match - no-match - invalid description: "A dictionary with the auth check results: `KBS Credentials\ \ -> 'match'/'no-match'/'invalid'`" AuthCheckRequest: required: - number - passwords type: object properties: number: type: string description: The e164-formatted phone number. passwords: maxItems: 10 minItems: 0 type: array description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\ \ may contain at most 10." items: type: string description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\ \ may contain at most 10." StickerPackFormUploadAttributes: type: object properties: manifest: $ref: '#/components/schemas/StickerPackFormUploadItem' stickers: type: array items: $ref: '#/components/schemas/StickerPackFormUploadItem' packId: type: string StickerPackFormUploadItem: type: object properties: id: type: integer format: int32 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string ConfirmPayPalBoostRequest: required: - currency - payerId - paymentId - paymentToken type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 payerId: type: string paymentId: type: string paymentToken: type: string CreateBoostRequest: required: - currency type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 CreateBoostReceiptCredentialsRequest: required: - paymentIntentId - processor - receiptCredentialRequest type: object properties: paymentIntentId: type: string receiptCredentialRequest: type: array items: type: string format: byte processor: type: string enum: - STRIPE - BRAINTREE CreatePayPalBoostRequest: required: - cancelUrl - currency - returnUrl type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 returnUrl: type: string cancelUrl: type: string CreatePayPalBillingAgreementRequest: required: - cancelUrl - returnUrl type: object properties: returnUrl: type: string cancelUrl: type: string GetReceiptCredentialsRequest: required: - receiptCredentialRequest type: object properties: receiptCredentialRequest: type: array items: type: string format: byte VerificationSessionResponse: type: object properties: id: type: string nextSms: type: integer format: int64 nextCall: type: integer format: int64 nextVerificationAttempt: type: integer format: int64 allowedToRequestCode: type: boolean requestedInformation: type: array items: type: string enum: - pushChallenge - captcha verified: type: boolean CreateVerificationSessionRequest: required: - number type: object properties: number: type: string pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string UpdateVerificationSessionRequest: type: object properties: pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string VerificationCodeRequest: required: - client - transport type: object properties: transport: type: string enum: - sms - voice client: type: string ScoreThreshold: type: object properties: scoreThreshold: type: number format: float SubmitVerificationCodeRequest: required: - code type: object properties: code: type: string securitySchemes: authenticatedAccount: type: http description: "Account authentication is based on Basic authentication schema,\ \ \nwhere `username` has a format of `[.]`. If `device_id`\ \ is not specified,\nuser's `main` device is assumed.\n" scheme: basic