openapi: 3.0.1 info: title: Signal Server API license: name: AGPL-3.0-only url: https://www.gnu.org/licenses/agpl-3.0.txt servers: - url: https://chat.signal.org description: Production service - url: https://chat.staging.signal.org description: Staging service paths: /v1/accounts/account/{identifier}: head: tags: - Account summary: Check whether an account exists description: | Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists. operationId: accountExists parameters: - name: identifier in: path description: An ACI or PNI account identifier to check required: true schema: $ref: '#/components/schemas/ServiceIdentifier' responses: "200": description: An account with the given identifier was found. "400": description: Request must not be authenticated. "404": description: An account was not found for the given identifier. "422": description: Invalid request format. "429": description: Rate-limited. security: - authenticatedAccount: [] - {} /v1/accounts/username_hash/confirm: put: tags: - Account summary: Confirm username hash description: | Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken by this account. operationId: confirmUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmUsernameHashRequest' required: true responses: "200": description: Username hash confirmed successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameHashResponse' "401": description: Account authentication check failed. "409": description: Given username hash doesn't match the reserved one or no reservation found. "410": description: Username hash not available (username can't be used). "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/me: get: tags: - Account operationId: getMe responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' deprecated: true security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteAccount responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/apn: put: tags: - Account operationId: setApnRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/ApnRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteApnRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/gcm: put: tags: - Account operationId: setGcmRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/GcmRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteGcmRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash: delete: tags: - Account summary: Delete username hash description: | Authenticated endpoint. Deletes previously stored username for the account. operationId: deleteUsernameHash responses: "204": description: Username successfully deleted. "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/accounts/username_link: put: tags: - Account summary: Set username link description: | Authenticated endpoint. For the given encrypted username generates a username link handle. The username link handle can be used to lookup the encrypted username. An account can only have one username link at a time; this endpoint overwrites the previous encrypted username if there was one. operationId: updateUsernameLink requestBody: content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' required: true responses: "200": description: Username Link updated successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameLinkHandle' "401": description: Account authentication check failed. "409": description: Username is not set for the account. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] delete: tags: - Account summary: Delete username link description: | Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted and username link handle is deactivated. operationId: deleteUsernameLink responses: "204": description: Username Link successfully deleted. "401": description: Account authentication check failed. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/turn: get: tags: - Account operationId: getTurnToken responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/TurnToken' deprecated: true security: - authenticatedAccount: [] /v1/accounts/username_hash/{usernameHash}: get: tags: - Account summary: Lookup username hash description: | Forced unauthenticated endpoint. For the given username hash, look up a user ID. operationId: lookupUsernameHash parameters: - name: usernameHash in: path required: true schema: type: string responses: "200": description: Account found for the given username. content: application/json: schema: $ref: '#/components/schemas/AccountIdentifierResponse' "400": description: Request must not be authenticated. "404": description: Account not found for the given username. security: - authenticatedAccount: [] - {} /v1/accounts/username_link/{uuid}: get: tags: - Account summary: Lookup username link description: | Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username. If found, encrypted username is returned, otherwise responds with 404 Not Found. operationId: lookupUsernameLink parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: "200": description: Username link with the given handle was found. content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' "400": description: Request must not be authenticated. "404": description: Username link was not found for the given handle. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] - {} /v1/accounts/registration_lock: put: tags: - Account operationId: setRegistrationLock requestBody: content: '*/*': schema: $ref: '#/components/schemas/RegistrationLock' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: removeRegistrationLock responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash/reserve: put: tags: - Account summary: Reserve username hash description: | Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken, and reserves it for the current account. operationId: reserveUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashRequest' required: true responses: "200": description: Username hash reserved successfully. content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashResponse' "401": description: Account authentication check failed. "409": description: All username hashes from the list are taken. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/attributes: put: tags: - Account operationId: setAccountAttributes parameters: - name: X-Signal-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/accounts/name: put: tags: - Account summary: Set a device's encrypted name description: | Sets the encrypted name for the specified device. Primary devices may change the name of any device associated with their account, but linked devices may only change their own name. If no device ID is specified, then the authenticated device's ID will be used. operationId: setName parameters: - name: deviceId in: query schema: type: string description: "The ID of the device for which to set a name; if omitted,\ \ the authenticated device will be targeted for a name change" format: byte requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceName' required: true responses: "204": description: Device name changed successfully "404": description: No device found with the given ID "403": description: Not authorized to change the name of the device with the given ID security: - authenticatedAccount: [] /v1/accounts/whoami: get: tags: - Account operationId: whoAmI responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' security: - authenticatedAccount: [] /v2/accounts/number: put: tags: - Account summary: Change number description: Changes a phone number for an existing account. operationId: changeNumber parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangeNumberRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: Verification failed for the provided Registration Recovery Password "409": description: Mismatched number of devices or device ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: Mismatched registration ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/StaleDevices' "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v2/accounts/phone_number_identity_key_distribution: put: tags: - Account summary: Set phone-number identity keys description: Updates key material for the phone-number identity for all devices and sends a synchronization message to companion devices operationId: distributePhoneNumberIdentityKeys parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest' required: true responses: "200": description: Indicates the transaction was successful and returns basic information about this account. content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: This endpoint can only be invoked from the account's primary device. "422": description: The request body failed validation. "409": description: The set of devices specified in the request does not match the set of devices active on the account. content: application/json: schema: $ref: '#/components/schemas/MismatchedDevices' "410": description: The registration IDs provided for some devices do not match those stored on the server. content: application/json: schema: $ref: '#/components/schemas/StaleDevices' security: - authenticatedAccount: [] /v2/accounts/data_report: get: tags: - Account summary: Produces a report of non-ephemeral account data stored by the service operationId: getAccountDataReport responses: "200": description: Response with data report. A plain text representation is a field in the response. content: application/json: schema: $ref: '#/components/schemas/AccountDataReportResponse' security: - authenticatedAccount: [] /v2/accounts/phone_number_discoverability: put: tags: - Account operationId: setPhoneNumberDiscoverability requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/archives/upload/form: get: tags: - Archive summary: Fetch message backup upload form description: Retrieve an upload form that can be used to perform a resumable upload of a message backup. operationId: backup parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/UploadDescriptorResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives: get: tags: - Archive summary: Fetch backup info description: Retrieve information about the currently stored backup operationId: backupInfo parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupInfoResponse' "404": description: No existing backups found "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} post: tags: - Archive summary: Refresh backup description: | Indicate that this backup is still active. Clients must periodically upload new backups or perform a refresh via a POST request. If a backup is not refreshed, after 30 days it may be deleted. operationId: refresh parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "204": description: The backup was successfully refreshed "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} delete: tags: - Archive summary: Delete entire backup description: | Delete all backup metadata, objects, and stored public key. To use backups again, a public key must be resupplied. operationId: deleteBackup parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "204": description: The backup has been successfully removed "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media/batch: put: tags: - Archive summary: Batched backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original already encrypted attachment will be encrypted with the provided key material before being copied If the batch request is processed at all, a 207 will be returned and the outcome of each constituent copy will be provided as a separate entry in the response. operationId: copyMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchRequest' required: true responses: "207": description: | The request was processed and each operation's outcome must be inspected individually. This does NOT necessarily indicate the operation was a success. content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchResponse' "413": description: All media capacity has been consumed. Free some space to continue. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media: get: tags: - Archive summary: List media objects description: | Retrieve a list of media objects stored for this backup-id. A client may have previously stored media objects that are no longer referenced in their current backup. To reclaim storage space used by these orphaned objects, perform a list operation and remove any unreferenced media objects via DELETE /v1/backups/. operationId: listMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string - name: cursor in: query description: A cursor returned by a previous call schema: type: string - name: limit in: query description: The number of entries to return per call schema: type: integer format: int32 responses: "200": content: application/json: schema: $ref: '#/components/schemas/ListResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) security: - authenticatedAccount: [] - {} put: tags: - Archive summary: Backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original, already encrypted, attachment will be encrypted with the provided key material before being copied. A particular destination media id should not be reused with a different source media id or different encryption parameters. operationId: copyMedia_1 parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaRequest' required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/CopyMediaResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "413": description: All media capacity has been consumed. Free some space to continue. "410": description: The source object was not found. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) security: - authenticatedAccount: [] - {} /v1/archives/media/delete: post: tags: - Archive summary: Delete media objects description: Delete media objects stored with this backup-id operationId: deleteMedia parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeleteMedia' required: true responses: "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/auth: get: tags: - Archive summary: 'Fetch ZK credentials ' description: | After setting a blinded backup-id with PUT /v1/archives/, this fetches credentials that can be used to perform operations against that backup-id. Clients may (and should) request up to 7 days of credentials at a time. The redemptionStart and redemptionEnd seconds must be UTC day aligned, and must not span more than 7 days. Each credential contains a receipt level which indicates the backup level the credential is good for. If the account has paid backup access that expires at some point in the provided redemption window, credentials with redemption times after the expiration may be on a lower backup level. Clients must validate the receipt level on the credential matches a known receipt level before using it. operationId: getBackupZKCredentials parameters: - name: redemptionStartSeconds in: query required: true schema: type: integer format: int64 - name: redemptionEndSeconds in: query required: true schema: type: integer format: int64 responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupAuthCredentialsResponse' "400": description: The start/end did not meet alignment/duration requirements "404": description: Could not find an existing blinded backup id "429": description: Rate limited. security: - authenticatedAccount: [] /v1/archives/auth/read: get: tags: - Archive summary: Get CDN read credentials description: Retrieve credentials used to read objects stored on the backup cdn operationId: readAuth parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string - name: cdn in: query description: The number of the CDN to get credentials for required: true schema: type: integer format: int32 responses: "200": content: application/json: schema: $ref: '#/components/schemas/ReadAuthResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/redeem-receipt: post: tags: - Archive summary: Redeem receipt description: | Redeem a receipt acquired from /v1/subscription/{subscriberId}/receipt_credentials to mark the account as eligible for the paid backup tier. After successful redemption, subsequent requests to /v1/archive/auth will return credentials with the level on the provided receipt until the expiration time on the receipt. operationId: redeemReceipt requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemBackupReceiptRequest' required: true responses: "204": description: The receipt was redeemed "400": description: The provided presentation or receipt was invalid "429": description: Rate limited. security: - authenticatedAccount: [] /v1/archives/backupid: put: tags: - Archive summary: Set backup id description: | Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated using /v1/archives/auth. The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret. operationId: setBackupId requestBody: content: application/json: schema: $ref: '#/components/schemas/SetBackupIdRequest' required: true responses: "204": description: The backup-id was set "400": description: The provided backup auth credential request was invalid "429": description: Rate limited. Too many attempts to change the backup-id have been made security: - authenticatedAccount: [] /v1/archives/keys: put: tags: - Archive summary: Set public key description: | Permanently set the public key of an ED25519 key-pair for the backup-id. All requests that provide a anonymous BackupAuthCredentialPresentation (including this one!) must also sign the presentation with the private key corresponding to the provided public key. operationId: setPublicKey parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SetPublicKeyRequest' required: true responses: "204": description: The public key was set "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media/upload/form: get: tags: - Archive summary: Fetch media attachment upload form description: | Retrieve an upload form that can be used to perform a resumable upload of an attachment. After uploading, the attachment can be copied into the backup at PUT /archives/media/. Like the account authenticated version at /attachments, the uploaded object is only temporary. operationId: uploadTemporaryAttachment parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/UploadDescriptorResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/art/auth: get: tags: - Art operationId: getAuth responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v4/attachments/form/upload: get: tags: - Attachments summary: Get an upload form description: | Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number indicating what protocol should be used to perform the upload. operationId: getAttachmentUploadForm responses: "200": description: "Success, response body includes upload form" content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/call-link/create-auth: post: tags: - CallLink summary: Generate a credential for creating call links description: | Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge group infrastructure, the server does not know the room ID. operationId: getCreateAuth requestBody: content: '*/*': schema: $ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest' required: true responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/CreateCallLinkCredential' "400": description: Invalid create call link credential request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/calling/relays: get: tags: - Calling summary: Get 1:1 calling relay options for the client description: | Get 1:1 relay addresses in IpV4, Ipv6, and URL formats. operationId: getCallingRelays responses: "200": description: '`JSON` with call endpoints.' content: application/json: schema: $ref: '#/components/schemas/TurnToken' "400": description: Invalid get call endpoint request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Rate limited. security: - authenticatedAccount: [] /v2/calling/relays: get: tags: - Calling summary: Get 1:1 calling relay options for the client description: | Get 1:1 relay addresses in IpV4, Ipv6, and URL formats. operationId: getCallingRelays_1 responses: "200": description: '`JSON` with call endpoints.' content: application/json: schema: $ref: '#/components/schemas/GetCallingRelaysResponse' "400": description: Invalid get call endpoint request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Rate limited. security: - authenticatedAccount: [] /v1/certificate/delivery: get: tags: - Certificate operationId: getDeliveryCertificate parameters: - name: includeE164 in: query schema: type: boolean default: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeliveryCertificate' security: - authenticatedAccount: [] /v1/certificate/auth/group: get: tags: - Certificate operationId: getGroupAuthenticationCredentials parameters: - name: User-Agent in: header schema: type: string - name: redemptionStartSeconds in: query schema: type: integer format: int64 - name: redemptionEndSeconds in: query schema: type: integer format: int64 - name: zkcCredential in: query schema: type: boolean responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/GroupCredentials' security: - authenticatedAccount: [] /v1/challenge: put: tags: - Challenge summary: Submit proof of a challenge completion description: | Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing. Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then continue their original operation. operationId: handleChallengeResponse parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/AnswerPushChallengeRequest' - $ref: '#/components/schemas/AnswerCaptchaChallengeRequest' responses: "200": description: Indicates the challenge proof was accepted "428": description: Submitted captcha token is invalid "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/challenge/push: post: tags: - Challenge summary: Request a push challenge description: | Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be sent to the requesting account’s main device. When the push is received it may be provided as proof of completed challenge to /v1/challenge. APNs challenge payloads will be formatted as follows: ``` { "aps": { "sound": "default", "alert": { "loc-key": "APN_Message" } }, "rateLimitChallenge": "{CHALLENGE_TOKEN}" } ``` FCM challenge payloads will be formatted as follows: ``` {"rateLimitChallenge": "{CHALLENGE_TOKEN}"} ``` Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must implement an exponential back-off system and limit the total number of retries. operationId: requestPushChallenge responses: "200": description: | Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push notification, they may issue a PUT request to /v1/challenge. "404": description: | The server does not have a push notification token for the authenticated account’s main device; clients may add a push token and try again "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devices/provisioning/code: get: tags: - Devices summary: Generate a signed device-linking token description: | Generate a signed device-linking token for transmission to a pending linked device via a provisioning message. operationId: createDeviceToken responses: "200": description: Token was generated successfully content: application/json: schema: $ref: '#/components/schemas/LinkDeviceToken' "411": description: The authenticated account already has the maximum allowed number of linked devices "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devices: get: tags: - Devices operationId: getDevices responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeviceInfoList' security: - authenticatedAccount: [] /v1/devices/link: put: tags: - Devices summary: Link a device to an account description: | Links a device to an account identified by a given phone number. operationId: linkDevice parameters: - name: Authorization in: header schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkDeviceRequest' required: true responses: "200": description: The new device was linked to the calling account content: application/json: schema: $ref: '#/components/schemas/LinkDeviceResponse' "403": description: The given account was not found or the given verification code was incorrect "409": description: The new device is missing a capability supported by all other devices on the account "411": description: The given account already has its maximum number of linked devices "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/devices/restore_account/{token}: get: tags: - Devices summary: Wait for 'restore account' request operationId: waitForDeviceTransferRequest parameters: - name: token in: path required: true schema: maximum: 64 maxLength: 64 minLength: 0 type: string description: A randomly-generated token identifying the request for device-to-device transfer. - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated device is not available within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 responses: "200": description: A 'restore account' request was received for the given token content: application/json: schema: $ref: '#/components/schemas/RestoreAccountRequest' "204": description: No 'restore account' request for the given token was received before the call completed; clients may repeat the call to continue waiting "400": description: The given token or timeout was invalid "429": description: Rate-limited; try again after the prescribed delay put: tags: - Devices summary: Signals that a new device is requesting restoration of account data by some method description: | Signals that a new device is requesting restoration of account data by some method. Devices waiting via the "wait for 'restore account' request" endpoint will be notified that the request has been issued. operationId: recordRestoreAccountRequest parameters: - name: token in: path required: true schema: maximum: 64 maxLength: 64 minLength: 0 type: string description: A randomly-generated token identifying the request for device-to-device transfer. requestBody: content: application/json: schema: $ref: '#/components/schemas/RestoreAccountRequest' responses: "204": description: Success "422": description: The request object could not be parsed or was otherwise invalid "429": description: Rate-limited; try again after the prescribed delay /v1/devices/transfer_archive: get: tags: - Devices summary: Wait for a new transfer archive to be uploaded description: | Waits for a new transfer archive to be uploaded for the authenticated device and returns the location of the archive when available. operationId: waitForTransferArchive parameters: - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated device is not available within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 responses: "200": description: A new transfer archive was uploaded for the authenticated device content: application/json: schema: $ref: '#/components/schemas/RemoteAttachment' "204": description: No transfer archive was uploaded before the call completed; clients may repeat the call to continue waiting "400": description: The given timeout was invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] put: tags: - Devices summary: Signals that a transfer archive has been uploaded for a specific linked device description: | Signals that a transfer archive has been uploaded for a specific linked device. Devices waiting via the "wait for transfer archive" endpoint will be notified that the new archive is available. operationId: recordTransferArchiveUploaded requestBody: content: application/json: schema: $ref: '#/components/schemas/TransferArchiveUploadedRequest' required: true responses: "204": description: Success "422": description: The request object could not be parsed or was otherwise invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] /v1/devices/{device_id}: delete: tags: - Devices operationId: removeDevice parameters: - name: device_id in: path required: true schema: type: string format: byte responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/capabilities: put: tags: - Devices operationId: setCapabilities requestBody: content: '*/*': schema: type: object additionalProperties: type: boolean required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/public_key: put: tags: - Devices summary: Sets a public key for authentication description: | Sets the authentication public key for the authenticated device. The public key will be used for authentication in the nascent gRPC-over-Noise API. Existing devices must upload a public key before they can use the gRPC-over-Noise API, and this endpoint exists to facilitate migration to the new API. operationId: setPublicKey_1 requestBody: content: '*/*': schema: $ref: '#/components/schemas/SetPublicKeyRequest' responses: "200": description: Public key stored successfully "401": description: Account authentication check failed "422": description: Invalid request format security: - authenticatedAccount: [] /v1/devices/unauthenticated_delivery: put: tags: - Devices operationId: setUnauthenticatedDelivery responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/wait_for_linked_device/{tokenIdentifier}: get: tags: - Devices summary: Wait for a new device to be linked to an account description: | Waits for a new device to be linked to an account and returns basic information about the new device when available. operationId: waitForLinkedDevice parameters: - name: tokenIdentifier in: path required: true schema: maxLength: 64 minLength: 32 type: string description: A 'link device' token identifier provided by the 'create link device token' endpoint - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If the expected device is not linked within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 - name: User-Agent in: header schema: type: string responses: "200": description: A device was linked to an account using the token associated with the given token identifier content: application/json: schema: $ref: '#/components/schemas/DeviceInfo' "204": description: No device was linked to the account before the call completed; clients may repeat the call to continue waiting "400": description: The given token identifier or timeout was invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] /v2/directory/auth: get: tags: - Directory operationId: getAuthToken responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/donation/redeem-receipt: post: tags: - Donations operationId: redeemReceipt_1 requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemReceiptRequest' required: true responses: default: description: default response content: application/json: {} text/plain: {} security: - authenticatedAccount: [] /v1/keepalive: get: tags: - Keep Alive operationId: getKeepAlive requestBody: content: '*/*': schema: $ref: '#/components/schemas/WebSocketSessionContext' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] - {} /v1/keepalive/provisioning: get: tags: - Keep Alive operationId: getProvisioningKeepAlive responses: default: description: default response content: '*/*': {} /v1/key-transparency/distinguished: get: tags: - KeyTransparency summary: Get the current value of the distinguished key description: | The response contains the distinguished tree head to prove consistency against for future calls to `/search`, `/monitor`, and `/distinguished`. Enforced unauthenticated endpoint. operationId: getDistinguishedKey parameters: - name: lastTreeHeadSize in: query description: The distinguished tree head size returned by a previously verified call schema: type: integer format: int64 responses: "200": description: The `distinguished` search key exists in the log content: application/json: schema: $ref: '#/components/schemas/KeyTransparencyDistinguishedKeyResponse' "400": description: Invalid request. See response for any available details. "422": description: Invalid request format "429": description: Rate-limited security: - authenticatedAccount: [] - {} /v1/key-transparency/monitor: post: tags: - KeyTransparency summary: Monitor the given identifiers in the key transparency log description: | Return proofs proving that the log tree has been constructed correctly in later entries for each of the given identifiers. Enforced unauthenticated endpoint. operationId: monitor requestBody: content: '*/*': schema: $ref: '#/components/schemas/KeyTransparencyMonitorRequest' required: true responses: "200": description: All search keys exist in the log content: application/json: schema: $ref: '#/components/schemas/KeyTransparencyMonitorResponse' "400": description: Invalid request. See response for any available details. "404": description: At least one search key lookup did not find the key "429": description: Rate-limited "422": description: Invalid request format security: - authenticatedAccount: [] - {} /v1/key-transparency/search: post: tags: - KeyTransparency summary: Search for the given identifiers in the key transparency log description: | Returns a response if the ACI exists in the transparency log and its mapped value matches the provided ACI identity key. The username hash search response field is populated if it is found in the log and its mapped value matches the provided ACI. The E164 search response is populated similarly, with some additional requirements: - The account associated with the provided ACI must be discoverable by phone number. - The provided unidentified access key must match the one on the account. Enforced unauthenticated endpoint. operationId: search requestBody: content: '*/*': schema: $ref: '#/components/schemas/KeyTransparencySearchRequest' required: true responses: "200": description: The ACI was found and its mapped value matched the provided ACI identity key content: application/json: schema: $ref: '#/components/schemas/KeyTransparencySearchResponse' "400": description: Invalid request. See response for any available details. "403": description: The ACI was found but its mapped value did not match the provided ACI identity key "404": description: The ACI was not found in the log "422": description: Invalid request format "429": description: Rate-limited security: - authenticatedAccount: [] - {} /v2/keys/check: post: tags: - Keys summary: Check keys description: | Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients submit a digest of their repeated-use key material. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) operationId: checkKeys parameters: - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that client and server have consistent views of repeated-use keys "401": description: Account authentication check failed "409": description: |2 Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could not be found "422": description: Invalid request format security: - authenticatedAccount: [] /v2/keys/{identifier}/{device_id}: get: tags: - Keys summary: Fetch public keys for another user description: Retrieves the public identity key and available device prekeys for a specified account or phone-number identity operationId: getDeviceKeys parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: identifier in: path description: the account or phone-number identifier to retrieve keys for required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: device_id in: path description: "the device id of a single device to retrieve prekeys for, or\ \ `*` for all enabled devices" required: true schema: type: string - name: User-Agent in: header schema: type: string responses: "200": description: Indicates at least one prekey was available for at least one requested device. content: application/json: schema: $ref: '#/components/schemas/PreKeyResponse' "400": description: A group send endorsement and other authorization (account authentication or unidentified-access key) were both provided. "401": description: Account authentication check failed and unidentified-access key or group send endorsement token was not supplied or invalid. "404": description: Requested identity or device does not exist or device has no available prekeys. "429": description: Rate limit exceeded. headers: Retry-After: description: "If present, a positive integer indicating the number of\ \ seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] - {} /v2/keys: get: tags: - Keys summary: Get prekey count description: Gets the number of one-time prekeys uploaded for this device and still available operationId: getStatus parameters: - name: identity in: query schema: type: string default: aci enum: - ACI - PNI responses: "200": description: Body contains the number of available one-time prekeys for the device. content: application/json: schema: $ref: '#/components/schemas/PreKeyCount' "401": description: Account authentication check failed. security: - authenticatedAccount: [] put: tags: - Keys summary: Upload new prekeys description: Upload new pre-keys for this device. operationId: setKeys parameters: - name: identity in: query allowEmptyValue: true schema: type: string description: whether this operation applies to the account (aci) or phone-number (pni) identity default: aci enum: - ACI - PNI - aci - pni - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that new keys were successfully stored. "401": description: Account authentication check failed. "403": description: Attempt to change identity key from a non-primary device. "422": description: Invalid request format. security: - authenticatedAccount: [] /v1/messages: get: tags: - Messages operationId: getPendingMessages parameters: - name: X-Signal-Receive-Stories in: header schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] /v1/messages/uuid/{uuid}: delete: tags: - Messages operationId: removePendingMessage parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/report/{source}/{messageGuid}: post: tags: - Messages operationId: reportSpamMessage parameters: - name: source in: path required: true schema: type: string - name: messageGuid in: path required: true schema: type: string format: uuid - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SpamReport' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/{destination}: put: tags: - Messages summary: Send a message description: | Deliver a message to a single recipient. May be authenticated or unauthenticated; if unauthenticated, an unidentifed-access key or group-send endorsement token must be provided, unless the message is a story. operationId: sendMessage parameters: - name: Unidentified-Access-Key in: header description: The recipient's unidentified access key schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header description: A group send endorsement token covering the recipient. Must not be combined with `Unidentified-Access-Key` or set on a story message. schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: User-Agent in: header schema: type: string - name: destination in: path description: "If true, deliver the message only to recipients that are online\ \ when it is sent" required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: story in: query description: "If true, the message is a story; access tokens are not checked\ \ and sending to nonexistent recipients is permitted" schema: type: boolean requestBody: description: The encrypted message payloads for each recipient device content: application/json: schema: $ref: '#/components/schemas/IncomingMessageList' required: true responses: "200": description: Message was successfully sent "401": description: "The message is not a story and the authorization, unauthorized\ \ access key, or group send endorsement token is missing or incorrect" "404": description: The message is not a story and some the recipient service ID does not correspond to a registered Signal user "409": description: Incorrect set of devices supplied for recipient content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountMismatchedDevices' "410": description: Mismatched registration ids supplied for some recipient devices content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountStaleDevices' "428": description: The sender should complete a challenge before proceeding security: - authenticatedAccount: [] - {} /v1/messages/multi_recipient: put: tags: - Messages summary: Send multi-recipient sealed-sender message description: | Deliver a common-payload message to multiple recipients. An unidentifed-access key for all recipients must be provided, unless the message is a story. operationId: sendMultiRecipientMessage parameters: - name: Unidentified-Access-Key in: header description: The bitwise xor of the unidentified access keys for every recipient of the message. Will be replaced with group send endorsements schema: $ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys' - name: Group-Send-Token in: header description: A group send endorsement token covering recipients of this message. Must not be combined with `Unidentified-Access-Key` or set on a story message. schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: User-Agent in: header schema: type: string - name: online in: query description: "If true, deliver the message only to recipients that are online\ \ when it is sent" schema: type: boolean - name: ts in: query description: The sender's timestamp for the envelope schema: type: integer format: int64 - name: urgent in: query description: "If true, this message should cause push notifications to be\ \ sent to recipients" schema: type: boolean default: true - name: story in: query description: "If true, the message is a story; access tokens are not checked\ \ and sending to nonexistent recipients is permitted" schema: type: boolean requestBody: description: The sealed-sender multi-recipient message payload as serialized by libsignal content: application/vnd.signal-messenger.mrm: schema: $ref: '#/components/schemas/SealedSenderMultiRecipientMessage' required: true responses: "200": description: Message was successfully sent to all recipients "400": description: The envelope specified delivery to the same recipient device multiple times "401": description: The message is not a story and the unauthorized access key or group send endorsement token is missing or incorrect "404": description: The message is not a story and some of the recipient service IDs do not correspond to registered Signal users "409": description: Incorrect set of devices supplied for some recipients content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountMismatchedDevices' "410": description: Mismatched registration ids supplied for some recipient devices content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountStaleDevices' /v1/subscription/boost/paypal/confirm: post: tags: - OneTimeDonations operationId: confirmPayPalBoost parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmPayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/boost/create: post: tags: - OneTimeDonations operationId: createBoostPaymentIntent parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/boost/receipt_credentials: post: tags: - OneTimeDonations operationId: createBoostReceiptCredentials parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/boost/paypal/create: post: tags: - OneTimeDonations operationId: createPayPalBoost parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/payments/auth: get: tags: - Payments operationId: getAuth_1 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v1/payments/conversions: get: tags: - Payments operationId: getConversions responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CurrencyConversionEntityList' security: - authenticatedAccount: [] /v1/profile/{identifier}/{version}: get: tags: - Profile operationId: getProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VersionedProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}/{version}/{credentialRequest}: get: tags: - Profile operationId: getProfile_1 parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string - name: credentialRequest in: path required: true schema: type: string - name: credentialType in: query schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CredentialProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}: get: tags: - Profile operationId: getUnversionedProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: User-Agent in: header schema: type: string - name: identifier in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: ca in: query schema: type: boolean responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BaseProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/identity_check/batch: post: tags: - Profile operationId: runBatchIdentityCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckResponse' /v1/profile: put: tags: - Profile operationId: setProfile requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateProfileRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/provisioning/{destination}: put: tags: - Provisioning summary: Send a provisioning message to a new device description: | Send a provisioning message from an authenticated device to a device that (presumably) is not yet associated with a Signal account. operationId: sendProvisioningMessage parameters: - name: destination in: path description: The temporary provisioning address to which to send a provisioning message required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: description: The provisioning message to send to the given provisioning address content: application/json: schema: $ref: '#/components/schemas/ProvisioningMessage' required: true responses: "204": description: The provisioning message was delivered to the given provisioning address "400": description: The provisioning message was too large "404": description: No device with the given provisioning address was connected at the time of the request security: - authenticatedAccount: [] /v1/registration: post: tags: - Registration summary: Registers an account description: "Registers a new account or attempts to “re-register” an existing\ \ account. It is expected that a well-behaved client\ncould make up to three\ \ consecutive calls to this API:\n1. gets 423 from existing registration lock\ \ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n" operationId: register parameters: - name: Authorization in: header required: true schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: X-Signal-Agent in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistrationRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "403": description: Verification failed for the provided Registration Recovery Password "409": description: "The caller has not explicitly elected to skip transferring\ \ data from another device, but a device transfer is technically possible" "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/config: get: tags: - Remote Config operationId: getAll responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/UserRemoteConfigList' security: - authenticatedAccount: [] /v1/storage/auth: get: tags: - Secure Storage operationId: getAuth_2 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR2 credentials description: | Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2. operationId: authCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponseV2' "422": description: Provided list of SVR2 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v2/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR2 description: | Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_3 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v3/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR3 credentials description: | Over time, clients may wind up with multiple sets of SVR3 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR3 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR3. operationId: authCheck_1 requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponseV3' "422": description: Provided list of SVR3 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v3/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR3 description: | Generate SVR3 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). If a share-set has been previously set via /v3/backups/share-set, it will be included in the response operationId: getAuth_4 responses: "200": description: '`JSON` with generated credentials and share-set' content: application/json: schema: $ref: '#/components/schemas/Svr3Credentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v3/backup/share-set: put: tags: - Secure Value Recovery summary: Set a share-set for the account description: | Add a share-set to the account that can later be retrieved at v3/backups/auth or during registration. After storing a value with SVR3, clients must store the returned share-set so the value can be restored later. operationId: setShareSet requestBody: content: application/json: schema: $ref: '#/components/schemas/SetShareSetRequest' required: true responses: "204": description: Successfully set share-set "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/sticker/pack/form/{count}: get: tags: - Stickers operationId: getStickersForm parameters: - name: count in: path required: true schema: maximum: 201 minimum: 1 type: integer format: int32 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/StickerPackFormUploadAttributes' security: - authenticatedAccount: [] /v1/subscription/{subscriberId}/create_payment_method/paypal: post: tags: - Subscriptions operationId: createPayPalPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBillingAgreementRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/create_payment_method: post: tags: - Subscriptions operationId: createPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: type in: query schema: type: string default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/receipt_credentials: post: tags: - Subscriptions operationId: createSubscriptionReceiptCredentials parameters: - name: User-Agent in: header schema: type: string - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/GetReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}: get: tags: - Subscriptions summary: Subscription information description: | Returns information about the current subscription associated with the provided subscriberId if one exists. Although it uses [Stripe’s values](https://stripe.com/docs/billing/subscriptions/overview#subscription-statuses), the status field in the response is generic, with [Braintree-specific values](https://developer.paypal.com/braintree/docs/guides/recurring-billing/overview#subscription-statuses) mapped to Stripe's. Since we don’t support trials or unpaid subscriptions, the associated statuses will never be returned by the API. operationId: getSubscriptionInformation parameters: - name: subscriberId in: path required: true schema: type: string responses: "200": description: The subscriberId exists content: application/json: schema: $ref: '#/components/schemas/GetSubscriptionInformationResponse' "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed security: - authenticatedAccount: [] - {} put: tags: - Subscriptions operationId: updateSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} delete: tags: - Subscriptions operationId: deleteSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} /v1/subscription/bank_mandate/{bankTransferType}: get: tags: - Subscriptions operationId: getBankMandate parameters: - name: bankTransferType in: path required: true schema: type: string enum: - SEPA_DEBIT responses: default: description: default response content: application/json: {} /v1/subscription/configuration: get: tags: - Subscriptions summary: 'Subscription configuration ' description: |- Returns all configuration for badges, donation subscriptions, backup subscriptions, and one-time donation ( "boost" and "gift") minimum and suggested amounts. operationId: getConfiguration responses: "200": content: application/json: schema: $ref: '#/components/schemas/GetSubscriptionConfigurationResponse' /v1/subscription/{subscriberId}/appstore/{originalTransactionId}: post: tags: - Subscriptions summary: Set app store subscription description: | Set an originalTransactionId that represents an IAP subscription made with the app store. To set up an app store subscription: 1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber) 2. [Create a subscription](https://developer.apple.com/documentation/storekit/in-app_purchase/) with the App Store directly via StoreKit and obtain a originalTransactionId. 3. `POST` the purchaseToken here 4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the entitlement operationId: setAppStoreSubscription parameters: - name: subscriberId in: path required: true schema: type: string - name: originalTransactionId in: path required: true schema: type: string responses: "200": description: The originalTransactionId was successfully validated "402": description: The subscription transaction is incomplete or invalid "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed or the specified transaction does not exist "409": description: subscriberId is already linked to a processor that does not support appstore payments. Delete this subscriberId and use a new one. "429": description: Rate limit exceeded. security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodForIdeal parameters: - name: subscriberId in: path required: true schema: type: string - name: setupIntentId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodWithProcessor parameters: - name: subscriberId in: path required: true schema: type: string - name: processor in: path required: true schema: type: string enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE - name: paymentMethodToken in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/playbilling/{purchaseToken}: post: tags: - Subscriptions summary: Set a google play billing purchase token description: | Set a purchaseToken that represents an IAP subscription made with Google Play Billing. To set up a subscription with Google Play Billing: 1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber) 2. [Create a subscription](https://developer.android.com/google/play/billing/integrate) with Google Play Billing directly and obtain a purchaseToken. Do not [acknowledge](https://developer.android.com/google/play/billing/integrate#subscriptions) the purchaseToken. 3. `POST` the purchaseToken here 4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the entitlement After calling this method, the payment is confirmed. Callers must durably store their subscriberId before calling this method to ensure their payment is tracked. Once a purchaseToken to is posted to a subscriberId, the same subscriberId must not be used with another payment method. A different playbilling purchaseToken can be posted to the same subscriberId, in this case the subscription associated with the old purchaseToken will be cancelled. operationId: setPlayStoreSubscription parameters: - name: subscriberId in: path required: true schema: type: string - name: purchaseToken in: path required: true schema: type: string responses: "200": description: The purchaseToken was validated and acknowledged "402": description: The purchaseToken payment is incomplete or invalid "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed or the purchaseToken does not exist "409": description: subscriberId is already linked to a processor that does not support Play Billing. Delete this subscriberId and use a new one. security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}: put: tags: - Subscriptions operationId: setSubscriptionLevel parameters: - name: subscriberId in: path required: true schema: type: string - name: level in: path required: true schema: type: integer format: int64 - name: currency in: path required: true schema: type: string - name: idempotencyKey in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/verification/session: post: tags: - Verification operationId: createSession requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}: get: tags: - Verification operationId: getSession parameters: - name: sessionId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' patch: tags: - Verification operationId: updateSession parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateVerificationSessionRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}/code: put: tags: - Verification operationId: verifyCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubmitVerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' post: tags: - Verification operationId: requestVerificationCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string - name: Accept-Language in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/VerificationCodeRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' components: schemas: AciServiceIdentifier: type: string description: An identifier for an account based on the account's ACI allOf: - $ref: '#/components/schemas/ServiceIdentifier' PniServiceIdentifier: type: string description: An identifier for an account based on the account's phone number identifier (PNI) allOf: - $ref: '#/components/schemas/ServiceIdentifier' ServiceIdentifier: type: object description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UsernameHashResponse: type: object properties: usernameHash: type: string description: "The hash of the confirmed username, as supplied in the request" usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username ConfirmUsernameHashRequest: required: - zkProof type: object properties: usernameHash: type: string format: byte zkProof: type: string format: byte encryptedUsername: maxLength: 128 minLength: 1 type: string description: The url-safe base64-encoded encrypted username to be stored for username links AccountIdentityResponse: type: object properties: uuid: type: string description: the account identifier for this account format: uuid number: type: string description: the phone number associated with this account pni: type: string description: the account identifier for this account's phone-number identity format: uuid usernameHash: type: string description: "a hash of this account's username, if set" format: byte usernameLinkHandle: type: string description: "this account's username link handle, if set" format: uuid storageCapable: type: boolean description: whether any of this account's devices support storage TurnToken: type: object properties: username: type: string password: type: string urls: type: array items: type: string urlsWithIps: type: array items: type: string hostname: type: string AccountIdentifierResponse: required: - uuid type: object properties: uuid: type: string description: An identifier for an account based on the account's ACI EncryptedUsername: required: - usernameLinkEncryptedValue type: object properties: usernameLinkEncryptedValue: maxLength: 128 minLength: 1 type: string description: the URL-safe base64 encoding of the encrypted username keepLinkHandle: type: boolean description: "if set and the account already has an encrypted-username link\ \ handle, reuse the same link handle rather than generating a new one.\ \ The response will still have the link handle." ReserveUsernameHashResponse: type: object properties: usernameHash: type: string format: byte ReserveUsernameHashRequest: required: - usernameHashes type: object properties: usernameHashes: maxItems: 20 minItems: 1 type: array items: type: string format: byte AccountAttributes: type: object properties: fetchesMessages: type: boolean registrationId: type: integer format: int32 name: maxLength: 225 minLength: 0 type: string format: byte registrationLock: type: string unidentifiedAccessKey: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: uniqueItems: true type: array items: type: string enum: - STORAGE - TRANSFER - DELETE_SYNC - VERSIONED_EXPIRATION_TIMER - STORAGE_SERVICE_RECORD_KEY_ROTATION discoverableByPhoneNumber: type: boolean recoveryPassword: type: string format: byte eachRegistrationIdValid: type: boolean pniRegistrationId: type: integer format: int32 ApnRegistrationId: required: - apnRegistrationId type: object properties: apnRegistrationId: type: string description: | An APNs token set for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. GcmRegistrationId: required: - gcmRegistrationId type: object properties: gcmRegistrationId: type: string description: | An FCM/GCM token for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. DeviceName: required: - deviceName type: object properties: deviceName: maxLength: 225 minLength: 0 type: string format: byte RegistrationLock: required: - registrationLock type: object properties: registrationLock: maxLength: 64 minLength: 64 type: string UsernameLinkHandle: required: - usernameLinkHandle type: object properties: usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username format: uuid MismatchedDevices: type: object properties: missingDevices: type: array description: Devices present on the account but absent in the request items: type: string description: Devices present on the account but absent in the request format: byte extraDevices: type: array description: Devices absent on the request but present in the account items: type: string description: Devices absent on the request but present in the account format: byte StaleDevices: type: object properties: staleDevices: type: array description: Devices that are no longer active items: type: string description: Devices that are no longer active format: byte ExternalServiceCredentials: type: object properties: username: type: string password: type: string RegistrationLockFailure: type: object properties: timeRemaining: type: integer description: Time remaining in milliseconds before the existing registration lock expires format: int64 svr2Credentials: $ref: '#/components/schemas/ExternalServiceCredentials' svr3Credentials: $ref: '#/components/schemas/Svr3Credentials' description: | Information about the current Registration lock and SVR credentials. With a correct PIN, the credentials can be used to recover the secret used to derive the registration lock password. Svr3Credentials: type: object properties: username: type: string description: The credential username password: type: string description: The credential password shareSet: type: string description: | If present, a shareSet previously stored for this account via /v3/backups/shareSet. Required to restore a value from SVR3. Encoded in standard un-padded base64. description: | A time limited external service credential that can be used to authenticate and restore from SVR3. ChangeNumberRequest: required: - deviceMessages - devicePniSignedPrekeys - number - pniIdentityKey - pniRegistrationIds type: object properties: sessionId: type: string description: |- A session ID from registration service, if using session id to authenticate this request. Must not be combined with `recoveryPassword`. recoveryPassword: type: string description: |- The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request. Must not be combined with `sessionId`. number: type: string description: the new phone number for this account pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: |- A list of synchronization messages to send to companion devices to supply the private keysManager associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" format: int32 description: "the new phone-number-identity registration ID for each enabled\ \ device on the account, including this one" eachPniRegistrationIdValid: type: boolean valid: type: boolean reglock: type: string description: "the registration lock password for the new phone number, if\ \ necessary" ECPublicKey: type: object properties: type: type: integer format: int32 publicKeyBytes: type: string format: byte ECSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed EC pre-key to be associated with this account's PNI. IdentityKey: type: object properties: publicKey: $ref: '#/components/schemas/ECPublicKey' fingerprint: type: string description: | The PNI-associated identity key for the account, encoded as a base64 string. IncomingMessage: type: object properties: type: type: integer format: int32 destinationDeviceId: type: string format: byte destinationRegistrationId: type: integer format: int32 content: type: string KEMSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents a single-use or last-resort key, but another party should *not* be able to tell. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI. PhoneNumberIdentityKeyDistributionRequest: required: - deviceMessages - devicePniSignedPrekeys - pniIdentityKey - pniRegistrationIds type: object properties: pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: | A list of synchronization messages to send to companion devices to supply the private keys associated with the new identity key and their new prekeys. Exactly one message must be supplied for each enabled device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each enabled device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each enabled device on the account, including this one. May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored. If present, must contain one prekey per enabled device including this one. Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." format: int32 description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." AccountAndDevicesDataReport: type: object properties: account: $ref: '#/components/schemas/AccountDataReport' devices: type: array items: $ref: '#/components/schemas/DeviceDataReport' AccountDataReport: type: object properties: phoneNumber: type: string badges: type: array items: $ref: '#/components/schemas/BadgeDataReport' allowSealedSenderFromAnyone: type: boolean findAccountByPhoneNumber: type: boolean AccountDataReportResponse: type: object properties: reportId: type: string format: uuid reportTimestamp: type: string format: date-time data: $ref: '#/components/schemas/AccountAndDevicesDataReport' text: type: string description: A plaintext representation of the data report BadgeDataReport: type: object properties: id: type: string expiration: type: string format: date-time visible: type: boolean DeviceDataReport: type: object properties: id: type: string format: byte lastSeen: type: string format: date-time created: type: string format: date-time userAgent: type: string PhoneNumberDiscoverabilityRequest: required: - discoverableByPhoneNumber type: object properties: discoverableByPhoneNumber: type: boolean UploadDescriptorResponse: type: object properties: cdn: type: integer description: Indicates the CDN type. 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found. headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol BackupInfoResponse: type: object properties: cdn: type: integer description: The CDN type where the message backup is stored. Media may be stored elsewhere. format: int32 backupDir: type: string description: | The base directory of your backup data on the cdn. The message backup can be found in the returned cdn at /backupDir/backupName and stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for media objects on a cdn. Stored media for mediaId can be found at /backupDir/mediaDir/mediaId. backupName: type: string description: The name of the most recent message backup on the cdn. The backup is at /backupDir/backupName usedSpace: type: integer description: The amount of space used to store media format: int64 CopyMediaBatchResponse: type: object properties: responses: type: array description: Detailed outcome information for each copy request in the batch items: $ref: '#/components/schemas/Entry' Entry: required: - mediaId type: object properties: status: type: integer description: | The outcome of the copy attempt. A 200 indicates the object was successfully copied. A 400 indicates an invalid argument in the request A 410 indicates that the source object was not found A 413 indicates that the media quota was exhausted format: int32 failureReason: type: string description: "On a copy failure, a detailed failure reason" cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: "The mediaId of the object, encoded in URL-safe padded base64" description: Detailed outcome information for each copy request in the batch CopyMediaBatchRequest: required: - items type: object properties: items: maxItems: 1000 minItems: 1 type: array description: A list of media objects to copy from the attachments CDN to the backup CDN items: $ref: '#/components/schemas/CopyMediaRequest' CopyMediaRequest: required: - encryptionKey - hmacKey - mediaId - objectLength - sourceAttachment type: object properties: sourceAttachment: $ref: '#/components/schemas/RemoteAttachment' objectLength: type: integer description: The length of the source attachment before the encryption applied by the copy operation format: int32 mediaId: type: string description: "mediaId to copy on to the backup CDN, encoded in URL-safe\ \ padded base64" hmacKey: type: string description: "A 32-byte key for the MAC, encoded in standard padded base64" encryptionKey: type: string description: "A 32-byte encryption key for AES, encoded in standard padded\ \ base64" RemoteAttachment: required: - cdn - key type: object properties: cdn: type: integer description: The attachment cdn format: int32 key: type: string description: The attachment key CopyMediaResponse: required: - cdn type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 DeleteMedia: type: object properties: mediaToDelete: maxItems: 1000 minItems: 1 type: array items: $ref: '#/components/schemas/MediaToDelete' MediaToDelete: required: - cdn - mediaId type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 BackupAuthCredential: type: object properties: credential: type: string description: "A BackupAuthCredential, encoded in standard padded base64" format: byte redemptionTime: type: integer description: The day on which this credential is valid. Seconds since epoch truncated to day boundary format: int64 description: A map of credential types to lists of BackupAuthCredentials and their validity periods BackupAuthCredentialsResponse: type: object properties: credentials: type: object additionalProperties: type: array description: A map of credential types to lists of BackupAuthCredentials and their validity periods items: $ref: '#/components/schemas/BackupAuthCredential' description: A map of credential types to lists of BackupAuthCredentials and their validity periods ListResponse: type: object properties: storedMediaObjects: type: array description: A page of media objects stored for this backup ID items: $ref: '#/components/schemas/StoredMediaObject' backupDir: type: string description: | The base directory of your backup data on the cdn. The stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for the media objects. The stored media for mediaId can be found at /backupDir/mediaDir/mediaId. cursor: type: string description: "If set, the cursor value to pass to the next list request\ \ to continue listing. If absent, all objects have been listed" StoredMediaObject: required: - cdn - mediaId - objectLength type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 objectLength: type: integer description: The length of the object in bytes format: int64 description: A page of media objects stored for this backup ID ReadAuthResponse: type: object properties: headers: type: object additionalProperties: type: string description: Auth headers to include with cdn read requests description: Auth headers to include with cdn read requests RedeemBackupReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: string description: Presentation of a ZK receipt encoded in standard padded base64 SetBackupIdRequest: required: - mediaBackupAuthCredentialRequest - messagesBackupAuthCredentialRequest type: object properties: messagesBackupAuthCredentialRequest: type: string description: | A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64. This backup-id should be used for message backups only, and must have the message backup type set on the credential. mediaBackupAuthCredentialRequest: type: string description: | A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64. This backup-id should be used for media only, and must have the media type set on the credential. SetPublicKeyRequest: type: object properties: publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then encoded as a standard (i.e. not URL-safe), padded, base64-encoded string. AttachmentDescriptorV3: type: object properties: cdn: type: integer description: | Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API. 2 indicates resumable uploads using GCS, 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol CreateCallLinkCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GetCreateCallLinkCredentialsRequest: required: - createCallLinkCredentialRequest type: object properties: createCallLinkCredentialRequest: type: string format: byte GetCallingRelaysResponse: type: object properties: relays: type: array items: $ref: '#/components/schemas/TurnToken' DeliveryCertificate: type: object properties: certificate: type: string format: byte CallLinkAuthCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GroupCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GroupCredentials: type: object properties: credentials: type: array items: $ref: '#/components/schemas/GroupCredential' callLinkAuthCredentials: type: array items: $ref: '#/components/schemas/CallLinkAuthCredential' pni: type: string format: uuid AnswerPushChallengeRequest: required: - challenge type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: challenge: type: string description: A token provided to the client via a push payload AnswerCaptchaChallengeRequest: required: - captcha - token type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: token: type: string description: The value of the token field from the server's 428 response captcha: type: string description: A string representing a solved captcha example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345 AnswerChallengeRequest: required: - type type: object properties: type: type: string discriminator: propertyName: type LinkDeviceToken: type: object properties: tokenIdentifier: type: string description: | An opaque identifier for the generated token that the caller may use to watch for a new device to complete the linking process. verificationCode: type: string description: | An opaque token to send to a new linked device that authorizes the new device to link itself to the account that requested this token. DeviceInfo: type: object properties: id: type: integer format: int64 name: type: string format: byte lastSeen: type: integer format: int64 created: type: integer format: int64 DeviceInfoList: type: object properties: devices: type: array items: $ref: '#/components/schemas/DeviceInfo' LinkDeviceResponse: type: object properties: uuid: type: string format: uuid pni: type: string format: uuid deviceId: type: string format: byte BasicAuthorizationHeader: type: object properties: username: type: string deviceId: type: integer format: int64 password: type: string DeviceActivationRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey type: object properties: aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' LinkDeviceRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey - verificationCode type: object properties: verificationCode: type: string description: | The verification code associated with this device. Must match the verification code provided by the server when provisioning this device. accountAttributes: $ref: '#/components/schemas/AccountAttributes' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' RestoreAccountRequest: required: - method type: object properties: method: type: string description: The method by which the new device has requested account data restoration enum: - REMOTE_BACKUP - LOCAL_BACKUP - DEVICE_TRANSFER - DECLINE description: | Represents a request from a new device to restore account data by some method. TransferArchiveUploadedRequest: type: object properties: destinationDeviceId: type: string description: The ID of the device for which the transfer archive has been prepared format: byte destinationDeviceCreated: type: integer description: "The timestamp, in milliseconds since the epoch, at which the\ \ destination device was created" format: int64 transferArchive: $ref: '#/components/schemas/RemoteAttachment' RedeemReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: string format: byte visible: type: boolean primary: type: boolean WebSocketClient: type: object properties: created: type: string format: date-time userAgent: type: string open: type: boolean WebSocketSessionContext: type: object properties: authenticated: type: object client: $ref: '#/components/schemas/WebSocketClient' KeyTransparencyDistinguishedKeyResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `DistinguishedResponse` encoded in standard un-padded base64 format: byte KeyTransparencyMonitorResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `MonitorResponse` encoded in standard un-padded base64 format: byte AciMonitor: required: - commitmentIndex - positions - value type: object properties: value: type: string description: An identifier for an account based on the account's ACI positions: type: array description: A list of log tree positions maintained by the client for the aci search key. items: type: integer description: A list of log tree positions maintained by the client for the aci search key. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte E164Monitor: required: - commitmentIndex - positions - value type: object properties: value: type: string description: The e164-formatted phone number to monitor positions: type: array description: A list of log tree positions maintained by the client for the e164 search key. items: type: integer description: A list of log tree positions maintained by the client for the e164 search key. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte KeyTransparencyMonitorRequest: required: - aci - e164 - usernameHash type: object properties: aci: $ref: '#/components/schemas/AciMonitor' e164: $ref: '#/components/schemas/E164Monitor' usernameHash: $ref: '#/components/schemas/UsernameHashMonitor' lastNonDistinguishedTreeHeadSize: type: integer description: The tree head size to prove consistency against. format: int64 lastDistinguishedTreeHeadSize: type: integer description: The distinguished tree head size to prove consistency against. format: int64 UsernameHashMonitor: required: - commitmentIndex - positions - value type: object properties: value: type: string description: "The username hash to monitor, encoded in url-safe unpadded\ \ base64." format: byte positions: type: array description: A list of log tree positions maintained by the client for the username hash search key. items: type: integer description: A list of log tree positions maintained by the client for the username hash search key. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte KeyTransparencySearchResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `SearchResponse` encoded in standard un-padded base64. format: byte KeyTransparencySearchRequest: required: - aci - aciIdentityKey type: object properties: aci: type: string description: An identifier for an account based on the account's ACI e164: type: string description: The E164-formatted phone number to look up usernameHash: type: string description: "The username hash to look up, encoded in web-safe unpadded\ \ base64." format: byte aciIdentityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccessKey: type: string description: The unidentified access key associated with the account format: byte lastTreeHeadSize: type: integer description: The non-distinguished tree head size to prove consistency against. format: int64 distinguishedTreeHeadSize: type: integer description: The distinguished tree head size to prove consistency against. format: int64 unidentifiedAccessKeyProvidedWithE164: type: boolean CheckKeysRequest: required: - digest - identityType type: object properties: identityType: type: string description: | The identity type for which to check for a shared view of repeated-use keys enum: - ACI - PNI digest: type: string description: | A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) format: byte ECPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. PreKeyResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' devices: type: array description: information about each requested device items: $ref: '#/components/schemas/PreKeyResponseItem' PreKeyResponseItem: type: object properties: deviceId: type: string description: the device ID of the device to which this item pertains format: byte registrationId: type: integer description: the registration ID for the device format: int32 signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' preKey: $ref: '#/components/schemas/ECPreKey' pqPreKey: $ref: '#/components/schemas/KEMSignedPreKey' description: information about each requested device Anonymous: type: object properties: accessKey: type: string format: byte GroupSendFullToken: type: object properties: expiration: type: string format: date-time internalContentsForJNI: type: string format: byte GroupSendTokenHeader: type: object properties: token: $ref: '#/components/schemas/GroupSendFullToken' PreKeyCount: type: object properties: count: type: integer description: the number of stored unsigned elliptic-curve prekeys for this device format: int32 pqCount: type: integer description: the number of stored one-time post-quantum prekeys for this device format: int32 SetKeysRequest: type: object properties: preKeys: type: array description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. items: $ref: '#/components/schemas/ECPreKey' signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pqPreKeys: type: array description: | A list of signed post-quantum one-time prekeys to use for this device. Each key must have a valid signature from the identity key in this request. If present and not empty, replaces all stored unsigned PQ prekeys for the device; if absent or empty, any stored unsigned PQ prekeys for the device are not deleted. items: $ref: '#/components/schemas/KEMSignedPreKey' pqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' SpamReport: type: object properties: token: type: string format: byte AccountMismatchedDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/MismatchedDevices' AccountStaleDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/StaleDevices' IncomingMessageList: required: - messages type: object properties: messages: type: array items: $ref: '#/components/schemas/IncomingMessage' online: type: boolean urgent: type: boolean timestamp: type: integer format: int64 CombinedUnidentifiedSenderAccessKeys: type: object properties: accessKeys: type: string format: byte Recipient: type: object properties: devices: type: string format: byte devicesAndRegistrationIds: type: object properties: parallel: type: boolean SealedSenderMultiRecipientMessage: type: object properties: recipients: type: object additionalProperties: $ref: '#/components/schemas/Recipient' excludedRecipients: type: array items: $ref: '#/components/schemas/ServiceId' ServiceId: type: object properties: rawUUID: type: string format: uuid ConfirmPayPalBoostRequest: required: - currency - payerId - paymentId - paymentToken type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE payerId: type: string paymentId: type: string paymentToken: type: string CreateBoostRequest: required: - currency type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE CreateBoostReceiptCredentialsRequest: required: - paymentIntentId - processor - receiptCredentialRequest type: object properties: paymentIntentId: type: string receiptCredentialRequest: type: string format: byte processor: type: string enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE CreatePayPalBoostRequest: required: - cancelUrl - currency - returnUrl type: object properties: currency: type: string amount: minimum: 1 type: integer format: int64 level: type: integer format: int64 paymentMethod: type: string enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE returnUrl: type: string cancelUrl: type: string CurrencyConversionEntity: type: object properties: base: type: string conversions: type: object additionalProperties: type: number CurrencyConversionEntityList: type: object properties: currencies: type: array items: $ref: '#/components/schemas/CurrencyConversionEntity' timestamp: type: integer format: int64 Badge: type: object properties: id: type: string category: type: string name: type: string description: type: string sprites6: type: array items: type: string svg: type: string svgs: type: array items: $ref: '#/components/schemas/BadgeSvg' imageUrl: type: string description: The displayable badge associated with the level BadgeSvg: required: - dark - light type: object properties: light: type: string dark: type: string BaseProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. VersionedProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string format: byte about: type: string format: byte aboutEmoji: type: string format: byte avatar: type: string paymentAddress: type: string format: byte phoneNumberSharing: type: string format: byte CredentialProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string format: byte about: type: string format: byte aboutEmoji: type: string format: byte avatar: type: string paymentAddress: type: string format: byte phoneNumberSharing: type: string format: byte BatchIdentityCheckResponse: type: object properties: elements: type: array items: $ref: '#/components/schemas/Element' Element: required: - fingerprint - uuid type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. fingerprint: type: string format: byte BatchIdentityCheckRequest: required: - elements type: object properties: elements: maxItems: 1000 minItems: 0 type: array items: $ref: '#/components/schemas/Element' CreateProfileRequest: required: - commitment - version type: object properties: commitment: $ref: '#/components/schemas/ProfileKeyCommitment' version: type: string name: type: string format: byte aboutEmoji: type: string format: byte about: type: string format: byte paymentAddress: type: string format: byte sameAvatar: type: boolean phoneNumberSharing: type: string format: byte avatarChange: type: string enum: - UNCHANGED - CLEAR - UPDATE avatar: type: boolean badgeIds: type: array items: type: string ProfileKeyCommitment: type: object properties: internalContentsForJNI: type: string format: byte ProvisioningMessage: required: - body type: object properties: body: type: string description: The MIME base64-encoded body of the provisioning message to send to the destination device RegistrationRequest: required: - accountAttributes - aciIdentityKey - aciPqLastResortPreKey - aciSignedPreKey - pniIdentityKey - pniPqLastResortPreKey - pniSignedPreKey - skipDeviceTransfer type: object properties: sessionId: type: string description: | The ID of an existing verification session as it appears in a verification session metadata object. Must be provided if `recoveryPassword` is not provided; must not be provided if `recoveryPassword` is provided. recoveryPassword: type: string description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided format: byte accountAttributes: $ref: '#/components/schemas/AccountAttributes' skipDeviceTransfer: type: boolean description: | If true, indicates that the end user has elected not to transfer data from another device even though a device transfer is technically possible given the capabilities of the calling device and the device associated with the existing account (if any). If false and if a device transfer is technically possible, the registration request will fail with an HTTP/409 response indicating that the client should prompt the user to transfer data from an existing device. aciIdentityKey: $ref: '#/components/schemas/IdentityKey' pniIdentityKey: $ref: '#/components/schemas/IdentityKey' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' valid: type: boolean UserRemoteConfig: type: object properties: name: type: string enabled: type: boolean value: type: string UserRemoteConfigList: type: object properties: config: type: array items: $ref: '#/components/schemas/UserRemoteConfig' serverEpochTime: type: string format: date-time AuthCheckResponseV2: required: - matches type: object properties: matches: type: object additionalProperties: type: string description: "A dictionary with the auth check results: `SVR Credentials\ \ -> 'match'/'no-match'/'invalid'`" enum: - match - no-match - invalid description: "A dictionary with the auth check results: `SVR Credentials\ \ -> 'match'/'no-match'/'invalid'`" AuthCheckRequest: required: - number - tokens type: object properties: number: type: string description: The e164-formatted phone number. tokens: maxItems: 10 minItems: 0 type: array description: |- A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the of the form "username:password". May contain at most 10 tokens. items: type: string description: |- A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the of the form "username:password". May contain at most 10 tokens. AuthCheckResponseV3: required: - matches type: object properties: matches: type: object additionalProperties: $ref: '#/components/schemas/Result' description: | A dictionary with the auth check results, keyed by the token corresponding token provided in the request. Result: type: object properties: status: type: string description: "The status of the credential. Either match, no-match, or invalid" enum: - match - no-match - invalid shareSet: type: string description: | If the credential was a match, the stored shareSet that can be used to restore a value from SVR. Encoded in standard un-padded base64. description: | A dictionary with the auth check results, keyed by the token corresponding token provided in the request. SetShareSetRequest: required: - shareSet type: object properties: shareSet: type: string description: | A share-set generated by a client after storing a value in SVR3, serialized in un-padded standard base64 StickerPackFormUploadAttributes: type: object properties: manifest: $ref: '#/components/schemas/StickerPackFormUploadItem' stickers: type: array items: $ref: '#/components/schemas/StickerPackFormUploadItem' packId: type: string StickerPackFormUploadItem: type: object properties: id: type: integer format: int32 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string CreatePayPalBillingAgreementRequest: required: - cancelUrl - returnUrl type: object properties: returnUrl: type: string cancelUrl: type: string GetReceiptCredentialsRequest: required: - receiptCredentialRequest type: object properties: receiptCredentialRequest: type: string format: byte BackupConfiguration: type: object properties: levels: type: object additionalProperties: $ref: '#/components/schemas/BackupLevelConfiguration' description: A map of numeric backup level IDs to level-specific backup configuration freeTierMediaDays: type: integer description: The number of days of media a free tier backup user gets format: int64 description: Backup specific configuration BackupLevelConfiguration: type: object properties: storageAllowanceBytes: type: integer description: The amount of media storage in bytes that a paying subscriber may store format: int64 playProductId: type: string description: The play billing productID associated with this backup level description: Configuration for a backup level - use to present appropriate client interfaces CurrencyConfiguration: type: object properties: minimum: type: number description: The minimum amount that may be submitted for a one-time donation in the currency oneTime: type: object additionalProperties: type: array description: A map of numeric one-time donation level IDs to the list of default amounts to be presented items: type: number description: A map of numeric one-time donation level IDs to the list of default amounts to be presented description: A map of numeric one-time donation level IDs to the list of default amounts to be presented subscription: type: object additionalProperties: type: number description: A map of numeric subscription level IDs to the amount charged for that level description: A map of numeric subscription level IDs to the amount charged for that level backupSubscription: type: object additionalProperties: type: number description: A map of numeric backup level IDs to the amount charged for that level description: A map of numeric backup level IDs to the amount charged for that level supportedPaymentMethods: type: array description: The payment methods that support the given currency items: type: string description: The payment methods that support the given currency description: Configuration for a currency - use to present appropriate client interfaces GetSubscriptionConfigurationResponse: type: object properties: currencies: type: object additionalProperties: $ref: '#/components/schemas/CurrencyConfiguration' description: A map of lower-cased ISO 3 currency codes to minimums and level-specific scalar amounts levels: type: object additionalProperties: $ref: '#/components/schemas/LevelConfiguration' description: A map of numeric donation level IDs to level-specific badge configuration backup: $ref: '#/components/schemas/BackupConfiguration' sepaMaximumEuros: type: number description: The maximum value of a one-time donation SEPA transaction description: |- Comprehensive configuration for donation subscriptions, backup subscriptions, gift subscriptions, and one-time donations pricing information for all levels are included in currencies. All levels that have an associated badge are included in levels. All levels that correspond to a backup payment tier are included in backupLevels. LevelConfiguration: type: object properties: name: type: string description: The localized name for the level badge: $ref: '#/components/schemas/Badge' description: Configuration for a donation level - use to present appropriate client interfaces ChargeFailure: type: object properties: code: type: string description: | See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or [Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes) depending on which processor was used message: type: string description: | See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or [Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes) depending on which processor was used outcomeNetworkStatus: type: string externalDocs: description: Outcome Network Status url: https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status outcomeReason: type: string externalDocs: description: Outcome Reason url: https://stripe.com/docs/api/charges/object#charge_object-outcome-reason outcomeType: type: string externalDocs: description: Outcome Type url: https://stripe.com/docs/api/charges/object#charge_object-outcome-type description: |2 Meaningfully interpreting chargeFailure response fields requires inspecting the processor field first. For Stripe, code will be one of the [codes defined here](https://stripe.com/docs/api/charges/object#charge_object-failure_code), while message [may contain a further textual description](https://stripe.com/docs/api/charges/object#charge_object-failure_message). The outcome fields are nullable, but present values will directly map to Stripe [response properties](https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status) For Braintree, the outcome fields will be null. The code and message will contain one of - a processor decline code (as a string) in code, and associated text in message, as defined this [table](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses) - `gateway` in code, with a [reason](https://developer.paypal.com/braintree/articles/control-panel/transactions/gateway-rejections) in message - `code` = "unknown", message = "unknown" IAP payment processors will never include charge failure information, and detailed order information should be retrieved from the payment processor directly GetSubscriptionInformationResponse: type: object properties: subscription: $ref: '#/components/schemas/Subscription' chargeFailure: $ref: '#/components/schemas/ChargeFailure' Subscription: type: object properties: level: type: integer description: The subscription level format: int64 billingCycleAnchor: type: string description: "If present, UNIX Epoch Timestamp in seconds, can be used to\ \ calculate next billing date." format: date-time externalDocs: description: Calculate next billing date url: https://stripe.com/docs/billing/subscriptions/billing-cycle endOfCurrentPeriod: type: string description: "UNIX Epoch Timestamp in seconds, when the current subscription\ \ period ends" format: date-time active: type: boolean description: Whether there is a currently active subscription cancelAtPeriodEnd: type: boolean description: "If true, an active subscription will not auto-renew at the\ \ end of the current period" currency: type: string description: A three-letter ISO 4217 currency code for currency used in the subscription amount: type: number description: The amount paid for the subscription in the currency's smallest unit externalDocs: description: Stripe Currencies url: https://docs.stripe.com/currencies status: type: string description: "The subscription's status, mapped to Stripe's statuses. trialing\ \ will never be returned" externalDocs: description: Stripe subscription statuses url: https://docs.stripe.com/billing/subscriptions/overview#subscription-statuses processor: type: string description: The payment provider associated with the subscription enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE paymentMethod: type: string description: The payment method associated with the subscription enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE paymentProcessing: type: boolean description: Whether the latest invoice for the subscription is in a non-terminal state description: "Information about the subscription, or null if no subscription\ \ is present" VerificationSessionResponse: type: object properties: id: type: string nextSms: type: integer format: int64 nextCall: type: integer format: int64 nextVerificationAttempt: type: integer format: int64 allowedToRequestCode: type: boolean requestedInformation: type: array items: type: string enum: - pushChallenge - captcha verified: type: boolean CreateVerificationSessionRequest: required: - number type: object properties: number: type: string pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string UpdateVerificationSessionRequest: type: object properties: pushToken: type: string pushTokenType: type: string enum: - apn - fcm pushChallenge: type: string captcha: type: string mcc: type: string mnc: type: string VerificationCodeRequest: required: - client - transport type: object properties: transport: type: string enum: - sms - voice client: type: string SubmitVerificationCodeRequest: required: - code type: object properties: code: type: string securitySchemes: authenticatedAccount: type: http description: "Account authentication is based on Basic authentication schema,\ \ \nwhere `username` has a format of `[.]`. If `device_id`\ \ is not specified,\nuser's `main` device is assumed.\n" scheme: basic