MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Signal-Server/signal-server-openapi.yaml

6315 lines
207 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

openapi: 3.0.1
info:
title: Signal Server API
license:
name: AGPL-3.0-only
url: https://www.gnu.org/licenses/agpl-3.0.txt
servers:
- url: https://chat.signal.org
description: Production service
- url: https://chat.staging.signal.org
description: Staging service
paths:
/v1/accounts/account/{identifier}:
head:
tags:
- Account
summary: Check whether an account exists
description: |
Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists.
operationId: accountExists
parameters:
- name: identifier
in: path
description: An ACI or PNI account identifier to check
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
responses:
"200":
description: An account with the given identifier was found.
"400":
description: Request must not be authenticated.
"404":
description: An account was not found for the given identifier.
"422":
description: Invalid request format.
"429":
description: Rate-limited.
security:
- authenticatedAccount: []
- {}
/v1/accounts/username_hash/confirm:
put:
tags:
- Account
summary: Confirm username hash
description: |
Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken
by this account.
operationId: confirmUsernameHash
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmUsernameHashRequest'
required: true
responses:
"200":
description: Username hash confirmed successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/UsernameHashResponse'
"401":
description: Account authentication check failed.
"409":
description: Given username hash doesn't match the reserved one or no reservation
found.
"410":
description: Username hash not available (username can't be used).
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/me:
delete:
tags:
- Account
operationId: deleteAccount
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/apn:
put:
tags:
- Account
operationId: setApnRegistrationId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApnRegistrationId'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: deleteApnRegistrationId
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/gcm:
put:
tags:
- Account
operationId: setGcmRegistrationId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GcmRegistrationId'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: deleteGcmRegistrationId
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/username_hash:
delete:
tags:
- Account
summary: Delete username hash
description: |
Authenticated endpoint. Deletes previously stored username for the account.
operationId: deleteUsernameHash
responses:
"204":
description: Username successfully deleted.
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
/v1/accounts/username_link:
put:
tags:
- Account
summary: Set username link
description: |
Authenticated endpoint. For the given encrypted username generates a username link handle.
The username link handle can be used to lookup the encrypted username.
An account can only have one username link at a time; this endpoint overwrites the previous encrypted username if there was one.
operationId: updateUsernameLink
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EncryptedUsername'
required: true
responses:
"200":
description: Username Link updated successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/UsernameLinkHandle'
"401":
description: Account authentication check failed.
"409":
description: Username is not set for the account.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
delete:
tags:
- Account
summary: Delete username link
description: |
Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted
and username link handle is deactivated.
operationId: deleteUsernameLink
responses:
"204":
description: Username Link successfully deleted.
"401":
description: Account authentication check failed.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/username_hash/{usernameHash}:
get:
tags:
- Account
summary: Lookup username hash
description: |
Forced unauthenticated endpoint. For the given username hash, look up a user ID.
operationId: lookupUsernameHash
parameters:
- name: usernameHash
in: path
required: true
schema:
type: string
responses:
"200":
description: Account found for the given username.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentifierResponse'
"400":
description: Request must not be authenticated.
"404":
description: Account not found for the given username.
security:
- authenticatedAccount: []
- {}
/v1/accounts/username_link/{uuid}:
get:
tags:
- Account
summary: Lookup username link
description: |
Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username.
If found, encrypted username is returned, otherwise responds with 404 Not Found.
operationId: lookupUsernameLink
parameters:
- name: uuid
in: path
required: true
schema:
type: string
format: uuid
responses:
"200":
description: Username link with the given handle was found.
content:
application/json:
schema:
$ref: '#/components/schemas/EncryptedUsername'
"400":
description: Request must not be authenticated.
"404":
description: Username link was not found for the given handle.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
- {}
/v1/accounts/registration_lock:
put:
tags:
- Account
operationId: setRegistrationLock
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/RegistrationLock'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: removeRegistrationLock
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/username_hash/reserve:
put:
tags:
- Account
summary: Reserve username hash
description: |
Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken,
and reserves it for the current account.
operationId: reserveUsernameHash
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReserveUsernameHashRequest'
required: true
responses:
"200":
description: Username hash reserved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/ReserveUsernameHashResponse'
"401":
description: Account authentication check failed.
"409":
description: All username hashes from the list are taken.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/attributes:
put:
tags:
- Account
operationId: setAccountAttributes
parameters:
- name: X-Signal-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AccountAttributes'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/accounts/name:
put:
tags:
- Account
summary: Set a device's encrypted name
description: |
Sets the encrypted name for the specified device. Primary devices may change the name of any device associated
with their account, but linked devices may only change their own name. If no device ID is specified, then the
authenticated device's ID will be used.
operationId: setName
parameters:
- name: deviceId
in: query
schema:
type: string
description: "The ID of the device for which to set a name; if omitted,\
\ the authenticated device will be targeted for a name change"
format: byte
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/DeviceName'
required: true
responses:
"204":
description: Device name changed successfully
"404":
description: No device found with the given ID
"403":
description: Not authorized to change the name of the device with the given
ID
security:
- authenticatedAccount: []
/v1/accounts/whoami:
get:
tags:
- Account
operationId: whoAmI
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
security:
- authenticatedAccount: []
/v2/accounts/number:
put:
tags:
- Account
summary: Change number
description: Changes a phone number for an existing account.
operationId: changeNumber
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ChangeNumberRequest'
required: true
responses:
"200":
description: The phone number associated with the authenticated account
was changed successfully
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
"401":
description: Account authentication check failed.
"403":
description: Verification failed for the provided Registration Recovery
Password
"409":
description: Mismatched number of devices or device ids in 'devices to notify'
list
content:
application/json:
schema:
$ref: '#/components/schemas/MismatchedDevicesResponse'
"410":
description: Mismatched registration ids in 'devices to notify' list
content:
application/json:
schema:
$ref: '#/components/schemas/StaleDevicesResponse'
"413":
description: One or more device messages was too large
"422":
description: The request did not pass validation
"423":
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationLockFailure'
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v2/accounts/phone_number_identity_key_distribution:
put:
tags:
- Account
summary: Set phone-number identity keys
description: Updates key material for the phone-number identity for all devices
and sends a synchronization message to companion devices
operationId: distributePhoneNumberIdentityKeys
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest'
required: true
responses:
"200":
description: Indicates the transaction was successful and returns basic
information about this account.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
"401":
description: Account authentication check failed.
"403":
description: This endpoint can only be invoked from the account's primary
device.
"422":
description: The request body failed validation.
"409":
description: The set of devices specified in the request does not match
the set of devices active on the account.
content:
application/json:
schema:
$ref: '#/components/schemas/MismatchedDevicesResponse'
"410":
description: The registration IDs provided for some devices do not match
those stored on the server.
content:
application/json:
schema:
$ref: '#/components/schemas/StaleDevicesResponse'
"413":
description: One or more device messages was too large
security:
- authenticatedAccount: []
/v2/accounts/data_report:
get:
tags:
- Account
summary: Produces a report of non-ephemeral account data stored by the service
operationId: getAccountDataReport
responses:
"200":
description: Response with data report. A plain text representation is a
field in the response.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountDataReportResponse'
security:
- authenticatedAccount: []
/v2/accounts/phone_number_discoverability:
put:
tags:
- Account
summary: Sets whether the account should be discoverable by phone number in
the directory.
operationId: setPhoneNumberDiscoverability
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest'
required: true
responses:
"204":
description: The setting was successfully updated.
security:
- authenticatedAccount: []
/v1/archives/upload/form:
get:
tags:
- Archive
summary: Fetch message backup upload form
description: Retrieve an upload form that can be used to perform a resumable
upload of a message backup.
operationId: backup
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/UploadDescriptorResponse'
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives:
get:
tags:
- Archive
summary: Fetch backup info
description: Retrieve information about the currently stored backup
operationId: backupInfo
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/BackupInfoResponse'
"404":
description: No existing backups found
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
post:
tags:
- Archive
summary: Refresh backup
description: |
Indicate that this backup is still active. Clients must periodically upload new backups or perform a refresh
via a POST request. If a backup is not refreshed, after 30 days it may be deleted.
operationId: refresh
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"204":
description: The backup was successfully refreshed
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
delete:
tags:
- Archive
summary: Delete entire backup
description: |
Delete all backup metadata, objects, and stored public key. To use backups again, a public key must be resupplied.
operationId: deleteBackup
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"204":
description: The backup has been successfully removed
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/media/batch:
put:
tags:
- Archive
summary: Batched backup media
description: |
Copy and re-encrypt media from the attachments cdn into the backup cdn.
The original already encrypted attachment will be encrypted with the provided key material before being copied
If the batch request is processed at all, a 207 will be returned and the outcome of each constituent copy will
be provided as a separate entry in the response.
operationId: copyMedia
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaBatchRequest'
required: true
responses:
"207":
description: |
The request was processed and each operation's outcome must be inspected individually. This does NOT necessarily
indicate the operation was a success.
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaBatchResponse'
"413":
description: All media capacity has been consumed. Free some space to continue.
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/media:
get:
tags:
- Archive
summary: List media objects
description: |
Retrieve a list of media objects stored for this backup-id. A client may have previously stored media objects
that are no longer referenced in their current backup. To reclaim storage space used by these orphaned
objects, perform a list operation and remove any unreferenced media objects via DELETE /v1/backups/<mediaId>.
operationId: listMedia
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
- name: cursor
in: query
description: A cursor returned by a previous call
schema:
type: string
- name: limit
in: query
description: The number of entries to return per call
schema:
type: integer
format: int32
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ListResponse'
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
security:
- authenticatedAccount: []
- {}
put:
tags:
- Archive
summary: Backup media
description: |
Copy and re-encrypt media from the attachments cdn into the backup cdn.
The original, already encrypted, attachment will be encrypted with the provided key material before being copied.
A particular destination media id should not be reused with a different source media id or different encryption
parameters.
operationId: copyMedia_1
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaRequest'
required: true
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaResponse'
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
"413":
description: All media capacity has been consumed. Free some space to continue.
"410":
description: The source object was not found.
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
security:
- authenticatedAccount: []
- {}
/v1/archives/media/delete:
post:
tags:
- Archive
summary: Delete media objects
description: Delete media objects stored with this backup-id
operationId: deleteMedia
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/DeleteMedia'
required: true
responses:
"204":
description: The provided objects were successfully deleted or they do not
exist
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/auth:
get:
tags:
- Archive
summary: 'Fetch ZK credentials '
description: |
After setting a blinded backup-id with PUT /v1/archives/, this fetches credentials that can be used to perform
operations against that backup-id. Clients may (and should) request up to 7 days of credentials at a time.
The redemptionStart and redemptionEnd seconds must be UTC day aligned, and must not span more than 7 days.
Each credential contains a receipt level which indicates the backup level the credential is good for. If the
account has paid backup access that expires at some point in the provided redemption window, credentials with
redemption times after the expiration may be on a lower backup level.
Clients must validate the receipt level on the credential matches a known receipt level before using it.
operationId: getBackupZKCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: redemptionStartSeconds
in: query
required: true
schema:
type: integer
format: int64
- name: redemptionEndSeconds
in: query
required: true
schema:
type: integer
format: int64
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/BackupAuthCredentialsResponse'
"400":
description: The start/end did not meet alignment/duration requirements
"404":
description: Could not find an existing blinded backup id
"429":
description: Rate limited.
security:
- authenticatedAccount: []
/v1/archives/auth/read:
get:
tags:
- Archive
summary: Get CDN read credentials
description: Retrieve credentials used to read objects stored on the backup
cdn
operationId: readAuth
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
- name: cdn
in: query
description: The number of the CDN to get credentials for
required: true
schema:
type: integer
format: int32
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ReadAuthResponse'
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/redeem-receipt:
post:
tags:
- Archive
summary: Redeem receipt
description: |
Redeem a receipt acquired from /v1/subscription/{subscriberId}/receipt_credentials to mark the account as
eligible for the paid backup tier.
After successful redemption, subsequent requests to /v1/archive/auth will return credentials with the level on
the provided receipt until the expiration time on the receipt.
Accounts must have an existing backup credential request in order to redeem a receipt. This request will fail
if the account has not already set a backup credential request via PUT `/v1/archives/backupid`.
operationId: redeemReceipt
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RedeemBackupReceiptRequest'
required: true
responses:
"204":
description: The receipt was redeemed
"400":
description: The provided presentation or receipt was invalid
"409":
description: The target account does not have a backup-id commitment
"429":
description: Rate limited.
security:
- authenticatedAccount: []
/v1/archives/backupid:
put:
tags:
- Archive
summary: Set backup id
description: |
Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used
to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated
using /v1/archives/auth.
The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret.
operationId: setBackupId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SetBackupIdRequest'
required: true
responses:
"204":
description: The backup-id was set
"400":
description: The provided backup auth credential request was invalid
"429":
description: Rate limited. Too many attempts to change the backup-id have
been made
security:
- authenticatedAccount: []
/v1/archives/keys:
put:
tags:
- Archive
summary: Set public key
description: |
Permanently set the public key of an ED25519 key-pair for the backup-id. All requests that provide a anonymous
BackupAuthCredentialPresentation (including this one!) must also sign the presentation with the private key
corresponding to the provided public key.
operationId: setPublicKey
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SetPublicKeyRequest'
required: true
responses:
"204":
description: The public key was set
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/media/upload/form:
get:
tags:
- Archive
summary: Fetch media attachment upload form
description: |
Retrieve an upload form that can be used to perform a resumable upload of an attachment. After uploading, the
attachment can be copied into the backup at PUT /archives/media/.
Like the account authenticated version at /attachments, the uploaded object is only temporary.
operationId: uploadTemporaryAttachment
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/UploadDescriptorResponse'
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation or
The credential was of the wrong type (messages/media)
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v4/attachments/form/upload:
get:
tags:
- Attachments
summary: Get an upload form
description: |
Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number
indicating what protocol should be used to perform the upload.
operationId: getAttachmentUploadForm
responses:
"200":
description: "Success, response body includes upload form"
content:
application/json:
schema:
$ref: '#/components/schemas/AttachmentDescriptorV3'
"413":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/call-link/create-auth:
post:
tags:
- CallLink
summary: Generate a credential for creating call links
description: |
Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge
group infrastructure, the server does not know the room ID.
operationId: getCreateAuth
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest'
required: true
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/CreateCallLinkCredential'
"400":
description: Invalid create call link credential request.
"401":
description: Account authentication check failed.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v2/calling/relays:
get:
tags:
- Calling
summary: Get 1:1 calling relay options for the client
description: |
Get 1:1 relay addresses in IpV4, Ipv6, and URL formats.
operationId: getCallingRelays
responses:
"200":
description: '`JSON` with call endpoints.'
content:
application/json:
schema:
$ref: '#/components/schemas/GetCallingRelaysResponse'
"400":
description: Invalid get call endpoint request.
"401":
description: Account authentication check failed.
"422":
description: Invalid request format.
"429":
description: Rate limited.
security:
- authenticatedAccount: []
/v1/certificate/delivery:
get:
tags:
- Certificate
operationId: getDeliveryCertificate
parameters:
- name: includeE164
in: query
schema:
type: boolean
default: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/DeliveryCertificate'
security:
- authenticatedAccount: []
/v1/certificate/auth/group:
get:
tags:
- Certificate
operationId: getGroupAuthenticationCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: redemptionStartSeconds
in: query
schema:
type: integer
format: int64
- name: redemptionEndSeconds
in: query
schema:
type: integer
format: int64
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/GroupCredentials'
security:
- authenticatedAccount: []
/v1/challenge:
put:
tags:
- Challenge
summary: Submit proof of a challenge completion
description: |
Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing.
Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then
continue their original operation.
operationId: handleChallengeResponse
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/AnswerPushChallengeRequest'
- $ref: '#/components/schemas/AnswerCaptchaChallengeRequest'
responses:
"200":
description: Indicates the challenge proof was accepted
"428":
description: Submitted captcha token is invalid
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/challenge/push:
post:
tags:
- Challenge
summary: Request a push challenge
description: |
Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be
sent to the requesting accounts main device. When the push is received it may be provided as proof of completed
challenge to /v1/challenge.
APNs challenge payloads will be formatted as follows:
```
{
"aps": {
"sound": "default",
"alert": {
"loc-key": "APN_Message"
}
},
"rateLimitChallenge": "{CHALLENGE_TOKEN}"
}
```
FCM challenge payloads will be formatted as follows:
```
{"rateLimitChallenge": "{CHALLENGE_TOKEN}"}
```
Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must
implement an exponential back-off system and limit the total number of retries.
operationId: requestPushChallenge
responses:
"200":
description: |
Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push
notification, they may issue a PUT request to /v1/challenge.
"404":
description: |
The server does not have a push notification token for the authenticated accounts main device; clients may add a push
token and try again
"413":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/devicecheck/assert:
get:
tags:
- DeviceCheck
summary: Fetch an assert challenge
description: |
Retrieve a challenge to use in an attestation, which must be provided at `POST /v1/devicecheck/assert`. To produce
the `clientDataHash` for [generateAssertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:)),
construct the request you intend to `POST` and include the returned challenge as the "challenge"
field. Serialize the request as JSON and take the SHA256 of the request, as described [here](https://developer.apple.com/documentation/devicecheck/establishing-your-app-s-integrity#Assert-your-apps-validity-as-necessary).
Note that the JSON body provided to the PUT must exactly match the input to the `clientDataHash` (field order,
whitespace, etc matters)
Repeat calls to retrieve a challenge may return the same challenge until it is used in a `POST`. Callers should
attempt to only have a single outstanding challenge at any given time.
operationId: assertChallenge
parameters:
- name: action
in: query
schema:
type: string
description: The type of action you will make an assertion for
enum:
- backup
responses:
"200":
description: The response body includes a challenge
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
post:
tags:
- DeviceCheck
summary: Perform an attested action
description: |
Specify some action to take on the account via the request field. The request must exactly match the request you
provide when [generating the assertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:)).
The request must include a challenge previously retrieved from `GET /v1/devicecheck/assert`.
Each assertion increments the counter associated with the client's device key. This method enforces that no
assertion with a counter lower than a counter we've already seen is allowed to execute. If a client issues
multiple requests concurrently, or if they retry a request that had an indeterminate outcome, it's possible that
the request will not be accepted because the server has already stored the updated counter. In this case the
request may return 401, and the client should generate a fresh assert for the request.
operationId: assertion
parameters:
- name: keyId
in: query
description: "The keyId, encoded with padded url-safe base64"
required: true
schema:
type: string
- name: request
in: query
description: |
The asserted JSON request data, encoded as a string in padded url-safe base64. This must exactly match the
request you use when generating the assertion (including field ordering, whitespace, etc).
required: true
schema:
$ref: '#/components/schemas/AssertionRequest'
requestBody:
description: "The assertion created by [generateAssertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:))"
content:
application/octet-stream:
schema:
type: string
format: byte
responses:
"204":
description: The assertion was valid and the corresponding action was executed
"404":
description: The provided keyId was not found
"410":
description: There was no challenge associated with the account. It may
have expired.
"401":
description: The assertion could not be verified
security:
- authenticatedAccount: []
/v1/devicecheck/attest:
get:
tags:
- DeviceCheck
summary: Fetch an attest challenge
description: |
Retrieve a challenge to use in an attestation, which should be provided at `PUT /v1/devicecheck/attest`. To
produce the clientDataHash for [attestKey](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:))
take the SHA256 of the UTF-8 bytes of the returned challenge.
Repeat calls to retrieve a challenge may return the same challenge until it is used in a `PUT`. Callers should
have a single outstanding challenge at any given time.
operationId: attestChallenge
responses:
"200":
description: The response body includes a challenge
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
put:
tags:
- DeviceCheck
summary: Register a keyId
description: |
Register a keyId with an attestation, which can be used to generate assertions from this account.
The attestation should use the SHA-256 of a challenge retrieved at `GET /v1/devicecheck/attest` as the
`clientDataHash`
Registration is idempotent, and you should retry network errors with the same challenge as suggested by [device
check](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:)#discussion),
as long as your challenge has not expired (410). Even if your challenge is expired, you may continue to retry with
your original keyId (and a fresh challenge).
operationId: attest
parameters:
- name: keyId
in: query
description: "The keyId, encoded with padded url-safe base64"
required: true
schema:
type: string
requestBody:
description: "The attestation data, created by [attestKey](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:))"
content:
application/octet-stream:
schema:
type: string
format: byte
responses:
"204":
description: The keyId was successfully added to the account
"410":
description: There was no challenge associated with the account. It may
have expired.
"401":
description: The attestation could not be verified
"413":
description: There are too many unique keyIds associated with this account.
This is an unrecoverable error.
"409":
description: The provided keyId has already been registered to a different
account
security:
- authenticatedAccount: []
/v1/devices/provisioning/code:
get:
tags:
- Devices
summary: Generate a signed device-linking token
description: |
Generate a signed device-linking token for transmission to a pending linked device via a provisioning message.
operationId: createDeviceToken
responses:
"200":
description: Token was generated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/LinkDeviceToken'
"411":
description: The authenticated account already has the maximum allowed number
of linked devices
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/devices:
get:
tags:
- Devices
operationId: getDevices
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/DeviceInfoList'
security:
- authenticatedAccount: []
/v1/devices/link:
put:
tags:
- Devices
summary: Link a device to an account
description: |
Links a device to an account identified by a given phone number.
operationId: linkDevice
parameters:
- name: Authorization
in: header
schema:
$ref: '#/components/schemas/BasicAuthorizationHeader'
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LinkDeviceRequest'
required: true
responses:
"200":
description: The new device was linked to the calling account
content:
application/json:
schema:
$ref: '#/components/schemas/LinkDeviceResponse'
"403":
description: The given account was not found or the given verification code
was incorrect
"409":
description: The new device is missing a capability supported by all other
devices on the account
"411":
description: The given account already has its maximum number of linked
devices
"422":
description: The request did not pass validation
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
/v1/devices/restore_account/{token}:
get:
tags:
- Devices
summary: Wait for 'restore account' request
operationId: waitForDeviceTransferRequest
parameters:
- name: token
in: path
required: true
schema:
maximum: 64
maxLength: 64
minLength: 0
type: string
description: A randomly-generated token identifying the request for device-to-device
transfer.
- name: timeout
in: query
schema:
maximum: 3600
minimum: 1
type: integer
description: |2
The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated
device is not available within the given amount of time, this endpoint will return a status of HTTP/204.
format: int32
default: 30
responses:
"200":
description: A 'restore account' request was received for the given token
content:
application/json:
schema:
$ref: '#/components/schemas/RestoreAccountRequest'
"204":
description: No 'restore account' request for the given token was received
before the call completed; clients may repeat the call to continue waiting
"400":
description: The given token or timeout was invalid
"429":
description: Rate-limited; try again after the prescribed delay
put:
tags:
- Devices
summary: Signals that a new device is requesting restoration of account data
by some method
description: |
Signals that a new device is requesting restoration of account data by some method. Devices waiting via the
"wait for 'restore account' request" endpoint will be notified that the request has been issued.
operationId: recordRestoreAccountRequest
parameters:
- name: token
in: path
required: true
schema:
maximum: 64
maxLength: 64
minLength: 0
type: string
description: A randomly-generated token identifying the request for device-to-device
transfer.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RestoreAccountRequest'
responses:
"204":
description: Success
"422":
description: The request object could not be parsed or was otherwise invalid
"429":
description: Rate-limited; try again after the prescribed delay
/v1/devices/transfer_archive:
get:
tags:
- Devices
summary: Wait for a new transfer archive to be uploaded
description: |
Waits for a new transfer archive to be uploaded for the authenticated device and returns the location of the
archive when available.
operationId: waitForTransferArchive
parameters:
- name: timeout
in: query
schema:
maximum: 3600
minimum: 1
type: integer
description: |2
The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated
device is not available within the given amount of time, this endpoint will return a status of HTTP/204.
format: int32
default: 30
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: "Either a new transfer archive was uploaded for the authenticated\
\ device, or the upload has failed"
content:
application/json:
schema:
description: |
The location of the transfer archive if the archive was successfully uploaded, otherwise a error indicating that
the upload has failed and the destination device should stop waiting
oneOf:
- $ref: '#/components/schemas/RemoteAttachment'
- $ref: '#/components/schemas/RemoteAttachmentError'
"204":
description: No transfer archive was uploaded before the call completed;
clients may repeat the call to continue waiting
"400":
description: The given timeout was invalid
"429":
description: Rate-limited; try again after the prescribed delay
security:
- authenticatedAccount: []
put:
tags:
- Devices
summary: Signals that a transfer archive has been uploaded for a specific linked
device
description: |
Signals that a transfer archive has been uploaded or failed for a specific linked device. Devices waiting via
the "wait for transfer archive" endpoint will be notified that the new archive is available.
If the uploader cannot upload the transfer archive, they must signal an error.
operationId: recordTransferArchiveUploaded
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TransferArchiveUploadedRequest'
required: true
responses:
"204":
description: Success
"422":
description: The request object could not be parsed or was otherwise invalid
"429":
description: Rate-limited; try again after the prescribed delay
security:
- authenticatedAccount: []
/v1/devices/{device_id}:
delete:
tags:
- Devices
operationId: removeDevice
parameters:
- name: device_id
in: path
required: true
schema:
type: string
format: byte
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/devices/capabilities:
put:
tags:
- Devices
operationId: setCapabilities
requestBody:
content:
'*/*':
schema:
type: object
additionalProperties:
type: boolean
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/devices/public_key:
put:
tags:
- Devices
summary: Sets a public key for authentication
description: |
Sets the authentication public key for the authenticated device. The public key will be used for
authentication in the nascent gRPC-over-Noise API. Existing devices must upload a public key before they can
use the gRPC-over-Noise API, and this endpoint exists to facilitate migration to the new API.
operationId: setPublicKey_1
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/SetPublicKeyRequest'
responses:
"200":
description: Public key stored successfully
"401":
description: Account authentication check failed
"422":
description: Invalid request format
security:
- authenticatedAccount: []
/v1/devices/wait_for_linked_device/{tokenIdentifier}:
get:
tags:
- Devices
summary: Wait for a new device to be linked to an account
description: |
Waits for a new device to be linked to an account and returns basic information about the new device when
available.
operationId: waitForLinkedDevice
parameters:
- name: tokenIdentifier
in: path
required: true
schema:
maxLength: 64
minLength: 32
type: string
description: A 'link device' token identifier provided by the 'create link
device token' endpoint
- name: timeout
in: query
schema:
maximum: 3600
minimum: 1
type: integer
description: |2
The amount of time (in seconds) to wait for a response. If the expected device is not linked within the
given amount of time, this endpoint will return a status of HTTP/204.
format: int32
default: 30
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: A device was linked to an account using the token associated
with the given token identifier
content:
application/json:
schema:
$ref: '#/components/schemas/DeviceInfo'
"204":
description: No device was linked to the account before the call completed;
clients may repeat the call to continue waiting
"400":
description: The given token identifier or timeout was invalid
"429":
description: Rate-limited; try again after the prescribed delay
security:
- authenticatedAccount: []
/v2/directory/auth:
get:
tags:
- Directory
summary: Generate credentials for Contact Discovery Service
description: "Generate Contact Discovery Service credentials. Generated credentials\
\ have an expiration time of 24 hours \n(however, the TTL is fully controlled\
\ by the server and may change even for already generated credentials).\n"
operationId: getAuthToken
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v1/donation/redeem-receipt:
post:
tags:
- Donations
operationId: redeemReceipt_1
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RedeemReceiptRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
text/plain: {}
security:
- authenticatedAccount: []
/v1/keepalive:
get:
tags:
- Keep Alive
operationId: getKeepAlive
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/WebSocketSessionContext'
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
- {}
/v1/keepalive/provisioning:
get:
tags:
- Keep Alive
operationId: getProvisioningKeepAlive
responses:
default:
description: default response
content:
'*/*': {}
/v1/key-transparency/distinguished:
get:
tags:
- KeyTransparency
summary: Get the current value of the distinguished key
description: |
The response contains the distinguished tree head to prove consistency
against for future calls to `/search`, `/monitor`, and `/distinguished`.
Enforced unauthenticated endpoint.
operationId: getDistinguishedKey
parameters:
- name: lastTreeHeadSize
in: query
description: The distinguished tree head size returned by a previously verified
call
schema:
type: integer
format: int64
responses:
"200":
description: The `distinguished` search key exists in the log
content:
application/json:
schema:
$ref: '#/components/schemas/KeyTransparencyDistinguishedKeyResponse'
"400":
description: Invalid request. See response for any available details.
"422":
description: Invalid request format
"429":
description: Rate-limited
security:
- authenticatedAccount: []
- {}
/v1/key-transparency/monitor:
post:
tags:
- KeyTransparency
summary: Monitor the given identifiers in the key transparency log
description: |
Return proofs proving that the log tree has been constructed correctly in later entries for each of the given
identifiers. Enforced unauthenticated endpoint.
operationId: monitor
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/KeyTransparencyMonitorRequest'
required: true
responses:
"200":
description: All identifiers exist in the log
content:
application/json:
schema:
$ref: '#/components/schemas/KeyTransparencyMonitorResponse'
"400":
description: Invalid request. See response for any available details.
"403":
description: One or more of the provided commitment indexes did not match
"404":
description: At least one identifier was not found
"429":
description: Rate-limited
"422":
description: Invalid request format
security:
- authenticatedAccount: []
- {}
/v1/key-transparency/search:
post:
tags:
- KeyTransparency
summary: Search for the given identifiers in the key transparency log
description: |
Returns a response if the ACI exists in the transparency log and its mapped value matches the provided
ACI identity key.
The username hash search response field is populated if it is found in the log and its mapped value matches
the provided ACI. The E164 search response is populated similarly, with some additional requirements:
- The account associated with the provided ACI must be discoverable by phone number.
- The provided unidentified access key must match the one on the account.
Enforced unauthenticated endpoint.
operationId: search
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/KeyTransparencySearchRequest'
required: true
responses:
"200":
description: The ACI was found and its mapped value matched the provided
ACI identity key
content:
application/json:
schema:
$ref: '#/components/schemas/KeyTransparencySearchResponse'
"400":
description: Invalid request. See response for any available details.
"403":
description: The ACI was found but its mapped value did not match the provided
ACI identity key
"404":
description: The ACI was not found in the log
"422":
description: Invalid request format
"429":
description: Rate-limited
security:
- authenticatedAccount: []
- {}
/v2/keys/check:
post:
tags:
- Keys
summary: Check keys
description: |
Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients
submit a digest of their repeated-use key material. The digest is calculated as:
SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
…where the elements of the hash are:
- identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
- signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
- lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one
version byte followed by 1568 bytes of key material for a total of 1569 bytes)
operationId: checkKeys
responses:
"200":
description: Indicates that client and server have consistent views of repeated-use
keys
"401":
description: Account authentication check failed
"409":
description: |2
Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could
not be found
"422":
description: Invalid request format
security:
- authenticatedAccount: []
/v2/keys/{identifier}/{device_id}:
get:
tags:
- Keys
summary: Fetch public keys for another user
description: Retrieves the public identity key and available device prekeys
for a specified account or phone-number identity
operationId: getDeviceKeys
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: Group-Send-Token
in: header
schema:
$ref: '#/components/schemas/GroupSendTokenHeader'
- name: identifier
in: path
description: the account or phone-number identifier to retrieve keys for
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
- name: device_id
in: path
description: "the device id of a single device to retrieve prekeys for, or\
\ `*` for all enabled devices"
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: Indicates at least one prekey was available for at least one
requested device.
content:
application/json:
schema:
$ref: '#/components/schemas/PreKeyResponse'
"400":
description: A group send endorsement and other authorization (account authentication
or unidentified-access key) were both provided.
"401":
description: Account authentication check failed and unidentified-access
key or group send endorsement token was not supplied or invalid.
"404":
description: Requested identity or device does not exist or device has no
available prekeys.
"429":
description: Rate limit exceeded.
headers:
Retry-After:
description: "If present, a positive integer indicating the number of\
\ seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
- {}
/v2/keys:
get:
tags:
- Keys
summary: Get prekey count
description: Gets the number of one-time prekeys uploaded for this device and
still available
operationId: getStatus
parameters:
- name: identity
in: query
schema:
type: string
default: aci
enum:
- ACI
- PNI
responses:
"200":
description: Body contains the number of available one-time prekeys for
the device.
content:
application/json:
schema:
$ref: '#/components/schemas/PreKeyCount'
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
put:
tags:
- Keys
summary: Upload new prekeys
description: Upload new pre-keys for this device.
operationId: setKeys
parameters:
- name: identity
in: query
allowEmptyValue: true
schema:
type: string
description: whether this operation applies to the account (aci) or phone-number
(pni) identity
default: aci
enum:
- ACI
- PNI
- aci
- pni
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: Indicates that new keys were successfully stored.
"401":
description: Account authentication check failed.
"403":
description: Attempt to change identity key from a non-primary device.
"422":
description: Invalid request format.
security:
- authenticatedAccount: []
/v1/messages:
get:
tags:
- Messages
operationId: getPendingMessages
parameters:
- name: X-Signal-Receive-Stories
in: header
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
/v1/messages/uuid/{uuid}:
delete:
tags:
- Messages
operationId: removePendingMessage
parameters:
- name: uuid
in: path
required: true
schema:
type: string
format: uuid
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/messages/report/{source}/{messageGuid}:
post:
tags:
- Messages
operationId: reportSpamMessage
parameters:
- name: source
in: path
required: true
schema:
type: string
- name: messageGuid
in: path
required: true
schema:
type: string
format: uuid
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SpamReport'
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/messages/{destination}:
put:
tags:
- Messages
summary: Send a message
description: |
Deliver a message to a single recipient. May be authenticated or unauthenticated; if unauthenticated,
an unidentifed-access key or group-send endorsement token must be provided, unless the message is a story.
operationId: sendMessage
parameters:
- name: Unidentified-Access-Key
in: header
description: The recipient's unidentified access key
schema:
$ref: '#/components/schemas/Anonymous'
- name: Group-Send-Token
in: header
description: A group send endorsement token covering the recipient. Must not
be combined with `Unidentified-Access-Key` or set on a story message.
schema:
$ref: '#/components/schemas/GroupSendTokenHeader'
- name: User-Agent
in: header
schema:
type: string
- name: destination
in: path
description: "If true, deliver the message only to recipients that are online\
\ when it is sent"
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
- name: story
in: query
description: "If true, the message is a story; access tokens are not checked\
\ and sending to nonexistent recipients is permitted"
schema:
type: boolean
requestBody:
description: The encrypted message payloads for each recipient device
content:
application/json:
schema:
$ref: '#/components/schemas/IncomingMessageList'
required: true
responses:
"200":
description: Message was successfully sent
"401":
description: "The message is not a story and the authorization, unauthorized\
\ access key, or group send endorsement token is missing or incorrect"
"404":
description: The message is not a story and some the recipient service ID
does not correspond to a registered Signal user
"409":
description: Incorrect set of devices supplied for recipient
content:
application/json:
schema:
$ref: '#/components/schemas/MismatchedDevicesResponse'
"410":
description: Mismatched registration ids supplied for some recipient devices
content:
application/json:
schema:
$ref: '#/components/schemas/StaleDevicesResponse'
"428":
description: The sender should complete a challenge before proceeding
security:
- authenticatedAccount: []
- {}
/v1/messages/multi_recipient:
put:
tags:
- Messages
summary: Send multi-recipient sealed-sender message
description: |
Deliver a common-payload message to multiple recipients.
An unidentifed-access key for all recipients must be provided, unless the message is a story.
operationId: sendMultiRecipientMessage
parameters:
- name: Unidentified-Access-Key
in: header
description: The bitwise xor of the unidentified access keys for every recipient
of the message. Will be replaced with group send endorsements
schema:
$ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys'
- name: Group-Send-Token
in: header
description: A group send endorsement token covering recipients of this message.
Must not be combined with `Unidentified-Access-Key` or set on a story message.
schema:
$ref: '#/components/schemas/GroupSendTokenHeader'
- name: online
in: query
description: "If true, deliver the message only to recipients that are online\
\ when it is sent"
schema:
type: boolean
- name: ts
in: query
description: The sender's timestamp for the envelope
schema:
type: integer
format: int64
- name: urgent
in: query
description: "If true, this message should cause push notifications to be\
\ sent to recipients"
schema:
type: boolean
default: true
- name: story
in: query
description: "If true, the message is a story; access tokens are not checked\
\ and sending to nonexistent recipients is permitted"
schema:
type: boolean
requestBody:
description: The sealed-sender multi-recipient message payload as serialized
by libsignal
content:
application/vnd.signal-messenger.mrm:
schema:
$ref: '#/components/schemas/SealedSenderMultiRecipientMessage'
required: true
responses:
"200":
description: Message was successfully sent
content:
application/json:
schema:
$ref: '#/components/schemas/SendMultiRecipientMessageResponse'
"400":
description: The envelope specified delivery to the same recipient device
multiple times
"401":
description: The message is not a story and the unauthorized access key
or group send endorsement token is missing or incorrect
"404":
description: The message is not a story and some of the recipient service
IDs do not correspond to registered Signal users
"409":
description: Incorrect set of devices supplied for some recipients
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AccountMismatchedDevices'
"410":
description: Mismatched registration ids supplied for some recipient devices
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AccountStaleDevices'
/v1/subscription/boost/paypal/confirm:
post:
tags:
- OneTimeDonations
operationId: confirmPayPalBoost
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmPayPalBoostRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/boost/create:
post:
tags:
- OneTimeDonations
summary: Create a Stripe payment intent
description: |
Create a Stripe PaymentIntent and return a client secret that can be used to complete the payment.
Once the payment is complete, the paymentIntentId can be used at /v1/subscriptions/receipt_credentials
operationId: createBoostPaymentIntent
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBoostRequest'
required: true
responses:
"200":
description: Payment Intent created
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBoostResponse'
"403":
description: The request was made on an authenticated channel
"400":
description: |
Invalid argument. The response body may include an error code with more specific information. If the error code
is `amount_below_currency_minimum` the body will also include the `minimum` field indicating the minimum amount
for the currency. If the error code is `amount_above_sepa_limit` the body will also include the `maximum`
field indicating the maximum amount for a SEPA transaction.
content:
application/json:
schema:
type: object
properties:
error:
type: string
"409":
description: Provided level does not match the currency/amount combination
content:
application/json:
schema:
type: object
properties:
error:
type: string
security:
- authenticatedAccount: []
- {}
/v1/subscription/boost/receipt_credentials:
post:
tags:
- OneTimeDonations
operationId: createBoostReceiptCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/boost/paypal/create:
post:
tags:
- OneTimeDonations
operationId: createPayPalBoost
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePayPalBoostRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/payments/auth:
get:
tags:
- Payments
operationId: getAuth
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v1/payments/conversions:
get:
tags:
- Payments
operationId: getConversions
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/CurrencyConversionEntityList'
security:
- authenticatedAccount: []
/v1/profile/{identifier}/{version}:
get:
tags:
- Profile
operationId: getProfile
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/AciServiceIdentifier'
- name: version
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VersionedProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/{identifier}/{version}/{credentialRequest}:
get:
tags:
- Profile
operationId: getProfile_1
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/AciServiceIdentifier'
- name: version
in: path
required: true
schema:
type: string
- name: credentialRequest
in: path
required: true
schema:
type: string
- name: credentialType
in: query
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/{identifier}:
get:
tags:
- Profile
operationId: getUnversionedProfile
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: Group-Send-Token
in: header
schema:
$ref: '#/components/schemas/GroupSendTokenHeader'
- name: User-Agent
in: header
schema:
type: string
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/BaseProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/identity_check/batch:
post:
tags:
- Profile
operationId: runBatchIdentityCheck
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/BatchIdentityCheckRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/BatchIdentityCheckResponse'
/v1/profile:
put:
tags:
- Profile
operationId: setProfile
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateProfileRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/provisioning/{destination}:
put:
tags:
- Provisioning
summary: Send a provisioning message to a new device
description: |
Send a provisioning message from an authenticated device to a device that (presumably) is not yet associated
with a Signal account.
operationId: sendProvisioningMessage
parameters:
- name: destination
in: path
description: The temporary provisioning address to which to send a provisioning
message
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
description: The provisioning message to send to the given provisioning address
content:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningMessage'
required: true
responses:
"204":
description: The provisioning message was delivered to the given provisioning
address
"400":
description: The provisioning message was too large
"404":
description: No device with the given provisioning address was connected
at the time of the request
security:
- authenticatedAccount: []
/v1/registration:
post:
tags:
- Registration
summary: Registers an account
description: "Registers a new account or attempts to “re-register” an existing\
\ account. It is expected that a well-behaved client\ncould make up to three\
\ consecutive calls to this API:\n1. gets 423 from existing registration lock\
\ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n"
operationId: register
parameters:
- name: Authorization
in: header
required: true
schema:
$ref: '#/components/schemas/BasicAuthorizationHeader'
- name: X-Signal-Agent
in: header
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationRequest'
required: true
responses:
"200":
description: The phone number associated with the authenticated account
was changed successfully
content:
application/json:
schema:
$ref: '#/components/schemas/AccountCreationResponse'
"403":
description: Verification failed for the provided Registration Recovery
Password
"409":
description: "The caller has not explicitly elected to skip transferring\
\ data from another device, but a device transfer is technically possible"
"422":
description: The request did not pass validation
"423":
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationLockFailure'
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
/v1/config:
get:
tags:
- Remote Config
summary: Fetch remote configuration
description: |
Remote configuration is a list of namespaced keys that clients may use for consistent configuration or behavior.
Configuration values change over time, and the list should be refreshed periodically, typically at client
launch and every few hours thereafter.
operationId: getAll
responses:
"200":
description: Remote configuration values for the authenticated user
content:
application/json:
schema:
$ref: '#/components/schemas/UserRemoteConfigList'
security:
- authenticatedAccount: []
/v1/storage/auth:
get:
tags:
- Secure Storage
summary: Generate credentials for Storage Service
description: "Generate Storage Service credentials. Generated credentials have\
\ an expiration time of 24 hours \n(however, the TTL is fully controlled by\
\ the server and may change even for already generated credentials).\n"
operationId: getAuth_1
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v2/backup/auth/check:
post:
tags:
- Secure Value Recovery
summary: Check SVR2 credentials
description: |
Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage.
To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key
(from which a registration recovery password can be derived), clients should call this endpoint
with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2.
operationId: authCheck
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckRequest'
required: true
responses:
"200":
description: '`JSON` with the check results.'
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckResponseV2'
"422":
description: Provided list of SVR2 credentials could not be parsed
"400":
description: '`POST` request body is not a valid `JSON`'
/v2/backup/auth:
get:
tags:
- Secure Value Recovery
summary: Generate credentials for SVR2
description: |
Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days
(however, the TTL is fully controlled by the server side and may change even for already generated credentials).
operationId: getAuth_2
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
/v1/sticker/pack/form/{count}:
get:
tags:
- Stickers
operationId: getStickersForm
parameters:
- name: count
in: path
required: true
schema:
maximum: 201
minimum: 1
type: integer
format: int32
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/StickerPackFormUploadAttributes'
security:
- authenticatedAccount: []
/v1/subscription/{subscriberId}/create_payment_method/paypal:
post:
tags:
- Subscriptions
operationId: createPayPalPaymentMethod
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePayPalBillingAgreementRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/create_payment_method:
post:
tags:
- Subscriptions
operationId: createPaymentMethod
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: type
in: query
schema:
type: string
default: CARD
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/receipt_credentials:
post:
tags:
- Subscriptions
operationId: createSubscriptionReceiptCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: subscriberId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetReceiptCredentialsRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}:
get:
tags:
- Subscriptions
summary: Subscription information
description: |
Returns information about the current subscription associated with the provided subscriberId if one exists.
Although it uses [Stripes values](https://stripe.com/docs/billing/subscriptions/overview#subscription-statuses),
the status field in the response is generic, with [Braintree-specific values](https://developer.paypal.com/braintree/docs/guides/recurring-billing/overview#subscription-statuses) mapped
to Stripe's. Since we dont support trials or unpaid subscriptions, the associated statuses will never be returned
by the API.
operationId: getSubscriptionInformation
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
"200":
description: The subscriberId exists
content:
application/json:
schema:
$ref: '#/components/schemas/GetSubscriptionInformationResponse'
"403":
description: subscriberId authentication failure OR account authentication
is present
"404":
description: No such subscriberId exists or subscriberId is malformed
security:
- authenticatedAccount: []
- {}
put:
tags:
- Subscriptions
operationId: updateSubscriber
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
delete:
tags:
- Subscriptions
operationId: deleteSubscriber
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
/v1/subscription/bank_mandate/{bankTransferType}:
get:
tags:
- Subscriptions
operationId: getBankMandate
parameters:
- name: bankTransferType
in: path
required: true
schema:
type: string
enum:
- SEPA_DEBIT
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/configuration:
get:
tags:
- Subscriptions
summary: 'Subscription configuration '
description: |-
Returns all configuration for badges, donation subscriptions, backup subscriptions, and one-time donation (
"boost" and "gift") minimum and suggested amounts.
operationId: getConfiguration
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/GetSubscriptionConfigurationResponse'
/v1/subscription/{subscriberId}/appstore/{originalTransactionId}:
post:
tags:
- Subscriptions
summary: Set app store subscription
description: |
Set an originalTransactionId that represents an IAP subscription made with the app store.
To set up an app store subscription:
1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber)
2. [Create a subscription](https://developer.apple.com/documentation/storekit/in-app_purchase/) with the App Store
directly via StoreKit and obtain a originalTransactionId.
3. `POST` the purchaseToken here
4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the
entitlement
operationId: setAppStoreSubscription
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: originalTransactionId
in: path
required: true
schema:
type: string
responses:
"200":
description: The originalTransactionId was successfully validated
"402":
description: The subscription transaction is incomplete or invalid
"403":
description: subscriberId authentication failure OR account authentication
is present
"404":
description: No such subscriberId exists or subscriberId is malformed or
the specified transaction does not exist
"409":
description: subscriberId is already linked to a processor that does not
support appstore payments. Delete this subscriberId and use a new one.
"429":
description: Rate limit exceeded.
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}:
post:
tags:
- Subscriptions
operationId: setDefaultPaymentMethodForIdeal
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: setupIntentId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}:
post:
tags:
- Subscriptions
operationId: setDefaultPaymentMethodWithProcessor
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: processor
in: path
required: true
schema:
type: string
enum:
- STRIPE
- BRAINTREE
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
- name: paymentMethodToken
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/playbilling/{purchaseToken}:
post:
tags:
- Subscriptions
summary: Set a google play billing purchase token
description: |
Set a purchaseToken that represents an IAP subscription made with Google Play Billing.
To set up a subscription with Google Play Billing:
1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber)
2. [Create a subscription](https://developer.android.com/google/play/billing/integrate) with Google Play Billing
directly and obtain a purchaseToken. Do not [acknowledge](https://developer.android.com/google/play/billing/integrate#subscriptions)
the purchaseToken.
3. `POST` the purchaseToken here
4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the
entitlement
After calling this method, the payment is confirmed. Callers must durably store their subscriberId before calling
this method to ensure their payment is tracked.
Once a purchaseToken to is posted to a subscriberId, the same subscriberId must not be used with another payment
method. A different playbilling purchaseToken can be posted to the same subscriberId, in this case the subscription
associated with the old purchaseToken will be cancelled.
operationId: setPlayStoreSubscription
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: purchaseToken
in: path
required: true
schema:
type: string
responses:
"200":
description: The purchaseToken was validated and acknowledged
"402":
description: The purchaseToken payment is incomplete or invalid
"403":
description: subscriberId authentication failure OR account authentication
is present
"404":
description: No such subscriberId exists or subscriberId is malformed or
the purchaseToken does not exist
"409":
description: subscriberId is already linked to a processor that does not
support Play Billing. Delete this subscriberId and use a new one.
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}:
put:
tags:
- Subscriptions
operationId: setSubscriptionLevel
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: level
in: path
required: true
schema:
type: integer
format: int64
- name: currency
in: path
required: true
schema:
type: string
- name: idempotencyKey
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/verification/session:
post:
tags:
- Verification
summary: Creates a new verification session for a specific phone number
description: |
Initiates a session to be able to verify the phone number for account registration. Check the response and
submit requested information at PATCH /session/{sessionId}
operationId: createSession
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateVerificationSessionRequest'
required: true
responses:
"200":
description: The verification session was created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"422":
description: The request did not pass validation
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
schema:
type: integer
format: int32
/v1/verification/session/{sessionId}:
get:
tags:
- Verification
summary: Get a registration verification session
description: |
Retrieve metadata of the registration verification session with the specified ID
operationId: getSession
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
responses:
"200":
description: Session was retrieved successfully
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"400":
description: Invalid session ID
"404":
description: Session with the specified ID could not be found
"422":
description: Malformed session ID encoding
patch:
tags:
- Verification
summary: Update a registration verification session
description: |
Updates the session with requested information like an answer to a push challenge or captcha.
If `requestedInformation` in the response is empty, and `allowedToRequestCode` is `true`, proceed to call
`POST /session/{sessionId}/code`. If `requestedInformation` is empty and `allowedToRequestCode` is `false`,
then the caller must create a new verification session.
operationId: updateSession
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateVerificationSessionRequest'
required: true
responses:
"200":
description: Session was updated successfully with the information provided
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"403":
description: The information provided was not accepted (e.g push challenge
or captcha verification failed)
"422":
description: The request did not pass validation
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
schema:
type: integer
format: int32
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
/v1/verification/session/{sessionId}/code:
put:
tags:
- Verification
summary: Submit a verification code
description: |
Submits a verification code received via SMS or voice for verification
operationId: verifyCode
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SubmitVerificationCodeRequest'
required: true
responses:
"200":
description: |
The request to check a verification code was processed (though the submitted code may not be the correct code);
the session metadata will indicate whether the submitted code was correct
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"400":
description: Invalid session ID or verification code
"404":
description: Session with the specified ID could not be found
"409":
description: The session is already verified or no code has been requested
yet for this session
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"429":
description: |
Too many attempts; the caller is not permitted to submit a verification code at this time and may need to wait
before trying again; if the session metadata does not specify a time at which the caller may try again, then the
caller has exhausted their permitted attempts and must create a new verification session.
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
schema:
type: integer
format: int32
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
post:
tags:
- Verification
summary: Request a verification code
description: |
Sends a verification code to the phone number associated with the specified session via SMS or phone call.
This endpoint can only be called when the session metadata includes "allowedToRequestCode = true"
operationId: requestVerificationCode
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
- name: Accept-Language
in: header
description: Ordered list of languages in which the client prefers to receive
SMS or voice verification messages
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationCodeRequest'
required: true
responses:
"200":
description: Verification code was successfully sent
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"400":
description: Invalid session ID
"404":
description: Session with the specified ID could not be found
"409":
description: The session is already verified or not in a state to request
a code because requested information hasn't been provided yet
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"418":
description: "The request to send a verification code with the given transport\
\ could not be fulfilled, but may succeed with a different transport"
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"422":
description: Request did not pass validation
"429":
description: |
Too may attempts; the caller is not permitted to send a verification code via the requested channel at this time
and may need to wait before trying again; if the session metadata does not specify a time at which the caller may
try again, then the caller has exhausted their permitted attempts and must either try a different transport or
create a new verification session.
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
schema:
type: integer
format: int32
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
"440":
description: |
The attempt to send a verification code failed because an external service (e.g. the SMS provider) refused to
deliver the code. This may be a temporary or permanent failure, as indicated in the response body. If temporary,
clients may try again after a reasonable delay. If permanent, clients should not retry the request and should
communicate the permanent failure to the end user. Permanent failures may result in the server disallowing all
future attempts to request or submit verification codes (since those attempts would be all but guaranteed to fail).
content:
application/json:
schema:
$ref: '#/components/schemas/SendVerificationCodeFailureResponse'
components:
schemas:
AciServiceIdentifier:
type: string
description: An identifier for an account based on the account's ACI
allOf:
- $ref: '#/components/schemas/ServiceIdentifier'
PniServiceIdentifier:
type: string
description: An identifier for an account based on the account's phone number
identifier (PNI)
allOf:
- $ref: '#/components/schemas/ServiceIdentifier'
ServiceIdentifier:
type: object
description: A service identifier is a tuple of a UUID and identity type that
identifies an account and identity within the Signal service.
UsernameHashResponse:
type: object
properties:
usernameHash:
type: string
description: "The hash of the confirmed username, as supplied in the request"
usernameLinkHandle:
type: string
description: A handle that can be included in username links to retrieve
the stored encrypted username
ConfirmUsernameHashRequest:
required:
- zkProof
type: object
properties:
usernameHash:
type: string
format: byte
zkProof:
type: string
format: byte
encryptedUsername:
maxLength: 128
minLength: 1
type: string
description: The url-safe base64-encoded encrypted username to be stored
for username links
AccountIdentifierResponse:
required:
- uuid
type: object
properties:
uuid:
type: string
description: An identifier for an account based on the account's ACI
EncryptedUsername:
required:
- usernameLinkEncryptedValue
type: object
properties:
usernameLinkEncryptedValue:
maxLength: 128
minLength: 1
type: string
description: the URL-safe base64 encoding of the encrypted username
keepLinkHandle:
type: boolean
description: "if set and the account already has an encrypted-username link\
\ handle, reuse the same link handle rather than generating a new one.\
\ The response will still have the link handle."
ReserveUsernameHashResponse:
type: object
properties:
usernameHash:
type: string
format: byte
ReserveUsernameHashRequest:
required:
- usernameHashes
type: object
properties:
usernameHashes:
maxItems: 20
minItems: 1
type: array
items:
type: string
format: byte
AccountAttributes:
type: object
properties:
fetchesMessages:
type: boolean
registrationId:
type: integer
format: int32
name:
maxLength: 225
minLength: 0
type: string
format: byte
registrationLock:
type: string
unidentifiedAccessKey:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
uniqueItems: true
type: array
items:
type: string
enum:
- STORAGE
- TRANSFER
- DELETE_SYNC
- STORAGE_SERVICE_RECORD_KEY_ROTATION
- ATTACHMENT_BACKFILL
discoverableByPhoneNumber:
type: boolean
recoveryPassword:
type: string
format: byte
eachRegistrationIdValid:
type: boolean
pniRegistrationId:
type: integer
format: int32
ApnRegistrationId:
required:
- apnRegistrationId
type: object
properties:
apnRegistrationId:
type: string
description: |
An APNs token set for the account's primary device. If provided, the account's primary
device will be notified of new messages via push notifications to the given token.
Callers must provide exactly one of an APNs token set, an FCM token, or an
`AccountAttributes` entity with `fetchesMessages` set to `true`.
GcmRegistrationId:
required:
- gcmRegistrationId
type: object
properties:
gcmRegistrationId:
type: string
description: |
An FCM/GCM token for the account's primary device. If provided, the account's primary
device will be notified of new messages via push notifications to the given token.
Callers must provide exactly one of an APNs token set, an FCM token, or an
`AccountAttributes` entity with `fetchesMessages` set to `true`.
DeviceName:
required:
- deviceName
type: object
properties:
deviceName:
maxLength: 225
minLength: 0
type: string
format: byte
RegistrationLock:
required:
- registrationLock
type: object
properties:
registrationLock:
maxLength: 64
minLength: 64
type: string
UsernameLinkHandle:
required:
- usernameLinkHandle
type: object
properties:
usernameLinkHandle:
type: string
description: A handle that can be included in username links to retrieve
the stored encrypted username
format: uuid
AccountIdentityResponse:
type: object
properties:
uuid:
type: string
description: the account identifier for this account
format: uuid
number:
type: string
description: the phone number associated with this account
pni:
type: string
description: the account identifier for this account's phone-number identity
format: uuid
usernameHash:
type: string
description: "a hash of this account's username, if set"
format: byte
usernameLinkHandle:
type: string
description: "this account's username link handle, if set"
format: uuid
storageCapable:
type: boolean
description: whether any of this account's devices support storage
entitlements:
$ref: '#/components/schemas/Entitlements'
BackupEntitlement:
type: object
properties:
backupLevel:
type: integer
description: The backup level of the account
format: int64
expirationSeconds:
type: integer
description: "When the backup entitlement expires, in number of seconds\
\ since epoch"
format: int64
description: "If present, the backup level set via /v1/archives/redeem-receipt"
BadgeEntitlement:
type: object
properties:
id:
type: string
description: The badge id
visible:
type: boolean
description: Whether the badge is currently configured to be visible
expirationSeconds:
type: integer
description: "When the badge expires, in number of seconds since epoch"
format: int64
description: Active badges added via /v1/donation/redeem-receipt
Entitlements:
type: object
properties:
badges:
type: array
description: Active badges added via /v1/donation/redeem-receipt
items:
$ref: '#/components/schemas/BadgeEntitlement'
backup:
$ref: '#/components/schemas/BackupEntitlement'
description: entitlements for this account and their current expirations
MismatchedDevicesResponse:
type: object
properties:
missingDevices:
uniqueItems: true
type: array
description: Devices present on the account but absent in the request
items:
type: string
description: Devices present on the account but absent in the request
format: byte
extraDevices:
uniqueItems: true
type: array
description: Devices absent on the request but present in the account
items:
type: string
description: Devices absent on the request but present in the account
format: byte
StaleDevicesResponse:
type: object
properties:
staleDevices:
uniqueItems: true
type: array
description: Devices that are no longer active
items:
type: string
description: Devices that are no longer active
format: byte
ExternalServiceCredentials:
type: object
properties:
username:
type: string
password:
type: string
RegistrationLockFailure:
type: object
properties:
timeRemaining:
type: integer
description: Time remaining in milliseconds before the existing registration
lock expires
format: int64
svr2Credentials:
$ref: '#/components/schemas/ExternalServiceCredentials'
description: |
Information about the current Registration lock and SVR credentials. With a correct PIN, the credentials can
be used to recover the secret used to derive the registration lock password.
ChangeNumberRequest:
required:
- deviceMessages
- devicePniPqLastResortPrekeys
- devicePniSignedPrekeys
- number
- pniIdentityKey
- pniRegistrationIds
type: object
properties:
sessionId:
type: string
description: |-
A session ID from registration service, if using session id to authenticate this request.
Must not be combined with `recoveryPassword`.
recoveryPassword:
type: string
description: |-
The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request.
Must not be combined with `sessionId`.
number:
type: string
description: the new phone number for this account
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
deviceMessages:
type: array
description: |-
A list of synchronization messages to send to companion devices to supply the private keysManager
associated with the new identity key and their new prekeys.
Exactly one message must be supplied for each device other than the sending (primary) device.
items:
$ref: '#/components/schemas/IncomingMessage'
devicePniSignedPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/ECSignedPreKey'
description: |-
A new signed elliptic-curve prekey for each device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
devicePniPqLastResortPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/KEMSignedPreKey'
description: |-
A new signed post-quantum last-resort prekey for each device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
pniRegistrationIds:
type: object
additionalProperties:
type: integer
description: "the new phone-number-identity registration ID for each device\
\ on the account, including this one"
format: int32
description: "the new phone-number-identity registration ID for each device\
\ on the account, including this one"
eachPniRegistrationIdValid:
type: boolean
valid:
type: boolean
reglock:
type: string
description: "the registration lock password for the new phone number, if\
\ necessary"
ECPublicKey:
type: object
properties:
type:
type: integer
format: int32
publicKeyBytes:
type: string
format: byte
ECSignedPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
signature:
type: string
description: |
The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
description: |
A signed EC pre-key to be associated with this account's PNI.
IdentityKey:
type: object
properties:
publicKey:
$ref: '#/components/schemas/ECPublicKey'
fingerprint:
type: string
description: |
The PNI-associated identity key for the account, encoded as a base64 string.
IncomingMessage:
required:
- content
type: object
properties:
type:
type: integer
format: int32
destinationDeviceId:
type: string
format: byte
destinationRegistrationId:
type: integer
format: int32
content:
maxLength: 2147483647
minLength: 1
type: string
format: byte
validEnvelopeType:
type: boolean
KEMSignedPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents
a single-use or last-resort key, but another party should *not* be able to tell.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded.
signature:
type: string
description: |
The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
description: |
A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI.
PhoneNumberIdentityKeyDistributionRequest:
required:
- deviceMessages
- devicePniPqLastResortPrekeys
- devicePniSignedPrekeys
- pniIdentityKey
- pniRegistrationIds
type: object
properties:
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
deviceMessages:
type: array
description: |
A list of synchronization messages to send to companion devices to supply the private keys
associated with the new identity key and their new prekeys.
Exactly one message must be supplied for each device other than the sending (primary) device.
items:
$ref: '#/components/schemas/IncomingMessage'
devicePniSignedPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/ECSignedPreKey'
description: |-
A new signed elliptic-curve prekey for each device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
devicePniPqLastResortPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/KEMSignedPreKey'
description: |-
A new signed post-quantum last-resort prekey for each device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
pniRegistrationIds:
type: object
additionalProperties:
type: integer
description: "The new registration ID to use for the phone-number identity\
\ of each device, including this one."
format: int32
description: "The new registration ID to use for the phone-number identity\
\ of each device, including this one."
AccountAndDevicesDataReport:
type: object
properties:
account:
$ref: '#/components/schemas/AccountDataReport'
devices:
type: array
items:
$ref: '#/components/schemas/DeviceDataReport'
AccountDataReport:
type: object
properties:
phoneNumber:
type: string
badges:
type: array
items:
$ref: '#/components/schemas/BadgeDataReport'
allowSealedSenderFromAnyone:
type: boolean
findAccountByPhoneNumber:
type: boolean
AccountDataReportResponse:
type: object
properties:
reportId:
type: string
format: uuid
reportTimestamp:
type: string
format: date-time
data:
$ref: '#/components/schemas/AccountAndDevicesDataReport'
text:
type: string
description: A plaintext representation of the data report
BadgeDataReport:
type: object
properties:
id:
type: string
expiration:
type: string
format: date-time
visible:
type: boolean
DeviceDataReport:
type: object
properties:
id:
type: string
format: byte
lastSeen:
type: string
format: date-time
created:
type: string
format: date-time
userAgent:
type: string
PhoneNumberDiscoverabilityRequest:
required:
- discoverableByPhoneNumber
type: object
properties:
discoverableByPhoneNumber:
type: boolean
UploadDescriptorResponse:
type: object
properties:
cdn:
type: integer
description: Indicates the CDN type. 3 indicates resumable uploads using
TUS
format: int32
key:
type: string
description: The location within the specified cdn where the finished upload
can be found.
headers:
type: object
additionalProperties:
type: string
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
signedUploadLocation:
type: string
description: The URL to upload to with the appropriate protocol
BackupInfoResponse:
type: object
properties:
cdn:
type: integer
description: The CDN type where the message backup is stored. Media may
be stored elsewhere.
format: int32
backupDir:
type: string
description: |
The base directory of your backup data on the cdn. The message backup can be found in the returned cdn at
/backupDir/backupName and stored media can be found at /backupDir/mediaDir/mediaId
mediaDir:
type: string
description: |
The prefix path component for media objects on a cdn. Stored media for mediaId can be found at
/backupDir/mediaDir/mediaId.
backupName:
type: string
description: The name of the most recent message backup on the cdn. The
backup is at /backupDir/backupName
usedSpace:
type: integer
description: The amount of space used to store media
format: int64
CopyMediaBatchResponse:
type: object
properties:
responses:
type: array
description: Detailed outcome information for each copy request in the batch
items:
$ref: '#/components/schemas/Entry'
Entry:
required:
- mediaId
type: object
properties:
status:
type: integer
description: |
The outcome of the copy attempt.
A 200 indicates the object was successfully copied.
A 400 indicates an invalid argument in the request
A 410 indicates that the source object was not found
A 413 indicates that the media quota was exhausted
format: int32
failureReason:
type: string
description: "On a copy failure, a detailed failure reason"
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: "The mediaId of the object, encoded in URL-safe padded base64"
description: Detailed outcome information for each copy request in the batch
CopyMediaBatchRequest:
required:
- items
type: object
properties:
items:
maxItems: 1000
minItems: 1
type: array
description: A list of media objects to copy from the attachments CDN to
the backup CDN
items:
$ref: '#/components/schemas/CopyMediaRequest'
CopyMediaRequest:
required:
- encryptionKey
- hmacKey
- mediaId
- objectLength
- sourceAttachment
type: object
properties:
sourceAttachment:
$ref: '#/components/schemas/RemoteAttachment'
objectLength:
type: integer
description: The length of the source attachment before the encryption applied
by the copy operation
format: int32
mediaId:
type: string
description: "mediaId to copy on to the backup CDN, encoded in URL-safe\
\ padded base64"
hmacKey:
type: string
description: "A 32-byte key for the MAC, encoded in standard padded base64"
encryptionKey:
type: string
description: "A 32-byte encryption key for AES, encoded in standard padded\
\ base64"
RemoteAttachment:
required:
- cdn
- key
type: object
properties:
cdn:
type: integer
description: The attachment cdn
format: int32
key:
maxLength: 64
minLength: 0
type: string
description: The attachment key
CopyMediaResponse:
required:
- cdn
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
DeleteMedia:
type: object
properties:
mediaToDelete:
maxItems: 1000
minItems: 1
type: array
items:
$ref: '#/components/schemas/MediaToDelete'
MediaToDelete:
required:
- cdn
- mediaId
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: The mediaId of the object in URL-safe base64
BackupAuthCredential:
type: object
properties:
credential:
type: string
description: "A BackupAuthCredential, encoded in standard padded base64"
format: byte
redemptionTime:
type: integer
description: The day on which this credential is valid. Seconds since epoch
truncated to day boundary
format: int64
description: A map of credential types to lists of BackupAuthCredentials and
their validity periods
BackupAuthCredentialsResponse:
type: object
properties:
credentials:
type: object
additionalProperties:
type: array
description: A map of credential types to lists of BackupAuthCredentials
and their validity periods
items:
$ref: '#/components/schemas/BackupAuthCredential'
description: A map of credential types to lists of BackupAuthCredentials
and their validity periods
ListResponse:
type: object
properties:
storedMediaObjects:
type: array
description: A page of media objects stored for this backup ID
items:
$ref: '#/components/schemas/StoredMediaObject'
backupDir:
type: string
description: |
The base directory of your backup data on the cdn. The stored media can be found at /backupDir/mediaDir/mediaId
mediaDir:
type: string
description: |
The prefix path component for the media objects. The stored media for mediaId can be found at /backupDir/mediaDir/mediaId.
cursor:
type: string
description: "If set, the cursor value to pass to the next list request\
\ to continue listing. If absent, all objects have been listed"
StoredMediaObject:
required:
- cdn
- mediaId
- objectLength
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: The mediaId of the object in URL-safe base64
objectLength:
type: integer
description: The length of the object in bytes
format: int64
description: A page of media objects stored for this backup ID
ReadAuthResponse:
type: object
properties:
headers:
type: object
additionalProperties:
type: string
description: Auth headers to include with cdn read requests
description: Auth headers to include with cdn read requests
RedeemBackupReceiptRequest:
required:
- receiptCredentialPresentation
type: object
properties:
receiptCredentialPresentation:
type: string
description: Presentation of a ZK receipt encoded in standard padded base64
SetBackupIdRequest:
required:
- mediaBackupAuthCredentialRequest
- messagesBackupAuthCredentialRequest
type: object
properties:
messagesBackupAuthCredentialRequest:
type: string
description: |
A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64.
This backup-id should be used for message backups only, and must have the message backup type set on the
credential.
mediaBackupAuthCredentialRequest:
type: string
description: |
A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64.
This backup-id should be used for media only, and must have the media type set on the credential.
SetPublicKeyRequest:
type: object
properties:
publicKey:
type: string
description: |
The public key, serialized in libsignal's elliptic-curve public key format and then encoded as a standard (i.e.
not URL-safe), padded, base64-encoded string.
AttachmentDescriptorV3:
type: object
properties:
cdn:
type: integer
description: |
Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API.
2 indicates resumable uploads using GCS,
3 indicates resumable uploads using TUS
format: int32
key:
type: string
description: The location within the specified cdn where the finished upload
can be found
headers:
type: object
additionalProperties:
type: string
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
signedUploadLocation:
type: string
description: The URL to upload to with the appropriate protocol
CreateCallLinkCredential:
type: object
properties:
credential:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GetCreateCallLinkCredentialsRequest:
required:
- createCallLinkCredentialRequest
type: object
properties:
createCallLinkCredentialRequest:
type: string
format: byte
GetCallingRelaysResponse:
type: object
properties:
relays:
type: array
items:
$ref: '#/components/schemas/TurnToken'
TurnToken:
type: object
properties:
username:
type: string
password:
type: string
urls:
type: array
items:
type: string
urlsWithIps:
type: array
items:
type: string
hostname:
type: string
ttl:
type: integer
format: int64
DeliveryCertificate:
type: object
properties:
certificate:
type: string
format: byte
CallLinkAuthCredential:
type: object
properties:
credential:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GroupCredential:
type: object
properties:
credential:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GroupCredentials:
type: object
properties:
credentials:
type: array
items:
$ref: '#/components/schemas/GroupCredential'
callLinkAuthCredentials:
type: array
items:
$ref: '#/components/schemas/CallLinkAuthCredential'
pni:
type: string
format: uuid
AnswerPushChallengeRequest:
required:
- challenge
type: object
allOf:
- $ref: '#/components/schemas/AnswerChallengeRequest'
- type: object
properties:
challenge:
type: string
description: A token provided to the client via a push payload
AnswerCaptchaChallengeRequest:
required:
- captcha
- token
type: object
allOf:
- $ref: '#/components/schemas/AnswerChallengeRequest'
- type: object
properties:
token:
type: string
description: The value of the token field from the server's 428 response
captcha:
type: string
description: A string representing a solved captcha
example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345
AnswerChallengeRequest:
required:
- type
type: object
properties:
type:
type: string
discriminator:
propertyName: type
ChallengeResponse:
type: object
properties:
challenge:
type: string
description: A challenge to use when generating attestations or assertions
AssertionRequest:
type: object
properties:
challenge:
type: string
description: The challenge retrieved at `GET /v1/devicecheck/assert`
action:
type: string
description: The type of action you'd like to perform with this assert
enum:
- backup
LinkDeviceToken:
type: object
properties:
tokenIdentifier:
type: string
description: |
An opaque identifier for the generated token that the caller may use to watch for a new device to complete the
linking process.
verificationCode:
type: string
description: |
An opaque token to send to a new linked device that authorizes the new device to link itself to the account that
requested this token.
DeviceInfo:
type: object
properties:
id:
type: integer
format: int64
name:
type: string
format: byte
lastSeen:
type: integer
format: int64
created:
type: integer
format: int64
DeviceInfoList:
type: object
properties:
devices:
type: array
items:
$ref: '#/components/schemas/DeviceInfo'
LinkDeviceResponse:
type: object
properties:
uuid:
type: string
format: uuid
pni:
type: string
format: uuid
deviceId:
type: string
format: byte
BasicAuthorizationHeader:
type: object
properties:
username:
type: string
deviceId:
type: integer
format: int64
password:
type: string
DeviceActivationRequest:
required:
- aciPqLastResortPreKey
- aciSignedPreKey
- pniPqLastResortPreKey
- pniSignedPreKey
type: object
properties:
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
LinkDeviceRequest:
required:
- aciPqLastResortPreKey
- aciSignedPreKey
- pniPqLastResortPreKey
- pniSignedPreKey
- verificationCode
type: object
properties:
verificationCode:
type: string
description: |
The verification code associated with this device. Must match the verification code
provided by the server when provisioning this device.
accountAttributes:
$ref: '#/components/schemas/AccountAttributes'
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
RestoreAccountRequest:
required:
- method
type: object
properties:
method:
type: string
description: The method by which the new device has requested account data
restoration
enum:
- REMOTE_BACKUP
- LOCAL_BACKUP
- DEVICE_TRANSFER
- DECLINE
deviceTransferBootstrap:
maxLength: 4096
minLength: 0
type: string
description: "Additional data to use to bootstrap a connection between devices,\
\ in standard unpadded base64."
description: |
Represents a request from a new device to restore account data by some method.
RemoteAttachmentError:
required:
- error
type: object
properties:
error:
type: string
description: The type of error encountered
enum:
- RELINK_REQUESTED
- CONTINUE_WITHOUT_UPLOAD
description: Indicates an attachment failed to upload
TransferArchiveResult:
type: object
description: |
The location of the transfer archive if the archive was successfully uploaded, otherwise a error indicating that
the upload has failed and the destination device should stop waiting
oneOf:
- $ref: '#/components/schemas/RemoteAttachment'
- $ref: '#/components/schemas/RemoteAttachmentError'
TransferArchiveUploadedRequest:
required:
- transferArchive
type: object
properties:
destinationDeviceId:
type: string
description: The ID of the device for which the transfer archive has been
prepared
format: byte
destinationDeviceCreated:
type: integer
description: "The timestamp, in milliseconds since the epoch, at which the\
\ destination device was created"
format: int64
transferArchive:
$ref: '#/components/schemas/TransferArchiveResult'
RedeemReceiptRequest:
required:
- receiptCredentialPresentation
type: object
properties:
receiptCredentialPresentation:
type: string
format: byte
visible:
type: boolean
primary:
type: boolean
WebSocketClient:
type: object
properties:
created:
type: string
format: date-time
userAgent:
type: string
open:
type: boolean
WebSocketSessionContext:
type: object
properties:
authenticated:
type: object
client:
$ref: '#/components/schemas/WebSocketClient'
KeyTransparencyDistinguishedKeyResponse:
required:
- serializedResponse
type: object
properties:
serializedResponse:
type: string
description: The serialized `DistinguishedResponse` encoded in standard
un-padded base64
format: byte
KeyTransparencyMonitorResponse:
required:
- serializedResponse
type: object
properties:
serializedResponse:
type: string
description: The serialized `MonitorResponse` encoded in standard un-padded
base64
format: byte
AciMonitor:
required:
- commitmentIndex
- value
type: object
properties:
value:
type: string
description: An identifier for an account based on the account's ACI
entryPosition:
type: integer
description: A log tree position maintained by the client for the aci.
format: int64
commitmentIndex:
type: string
description: "The commitment index derived from a previous search request,\
\ encoded in standard unpadded base64"
format: byte
E164Monitor:
required:
- commitmentIndex
- value
type: object
properties:
value:
type: string
description: The e164-formatted phone number to monitor
entryPosition:
type: integer
description: A log tree position maintained by the client for the e164.
format: int64
commitmentIndex:
type: string
description: "The commitment index derived from a previous search request,\
\ encoded in standard unpadded base64"
format: byte
KeyTransparencyMonitorRequest:
required:
- aci
- e164
- usernameHash
type: object
properties:
aci:
$ref: '#/components/schemas/AciMonitor'
e164:
$ref: '#/components/schemas/E164Monitor'
usernameHash:
$ref: '#/components/schemas/UsernameHashMonitor'
lastNonDistinguishedTreeHeadSize:
type: integer
description: The tree head size to prove consistency against.
format: int64
lastDistinguishedTreeHeadSize:
type: integer
description: The distinguished tree head size to prove consistency against.
format: int64
UsernameHashMonitor:
required:
- commitmentIndex
- value
type: object
properties:
value:
type: string
description: "The username hash to monitor, encoded in url-safe unpadded\
\ base64."
format: byte
entryPosition:
type: integer
description: A log tree position maintained by the client for the username
hash.
format: int64
commitmentIndex:
type: string
description: "The commitment index derived from a previous search request,\
\ encoded in standard unpadded base64"
format: byte
KeyTransparencySearchResponse:
required:
- serializedResponse
type: object
properties:
serializedResponse:
type: string
description: The serialized `SearchResponse` encoded in standard un-padded
base64.
format: byte
KeyTransparencySearchRequest:
required:
- aci
- aciIdentityKey
type: object
properties:
aci:
type: string
description: An identifier for an account based on the account's ACI
e164:
type: string
description: The E164-formatted phone number to look up
usernameHash:
type: string
description: "The username hash to look up, encoded in web-safe unpadded\
\ base64."
format: byte
aciIdentityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccessKey:
type: string
description: The unidentified access key associated with the account
format: byte
lastTreeHeadSize:
type: integer
description: The non-distinguished tree head size to prove consistency against.
format: int64
distinguishedTreeHeadSize:
type: integer
description: The distinguished tree head size to prove consistency against.
format: int64
unidentifiedAccessKeyProvidedWithE164:
type: boolean
CheckKeysRequest:
required:
- digest
- identityType
type: object
properties:
identityType:
type: string
description: |
The identity type for which to check for a shared view of repeated-use keys
enum:
- ACI
- PNI
digest:
type: string
description: |
A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as:
SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
…where the elements of the hash are:
- identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
- signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
- lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e.
one version byte followed by 1568 bytes of key material for a total of 1569 bytes)
format: byte
ECPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
description: |
A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored
unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not
deleted.
PreKeyResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
devices:
type: array
description: information about each requested device
items:
$ref: '#/components/schemas/PreKeyResponseItem'
PreKeyResponseItem:
type: object
properties:
deviceId:
type: string
description: the device ID of the device to which this item pertains
format: byte
registrationId:
type: integer
description: the registration ID for the device
format: int32
signedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
preKey:
$ref: '#/components/schemas/ECPreKey'
pqPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
description: information about each requested device
Anonymous:
type: object
properties:
accessKey:
type: string
format: byte
GroupSendFullToken:
type: object
properties:
expiration:
type: string
format: date-time
internalContentsForJNI:
type: string
format: byte
GroupSendTokenHeader:
type: object
properties:
token:
$ref: '#/components/schemas/GroupSendFullToken'
PreKeyCount:
type: object
properties:
count:
type: integer
description: the number of stored unsigned elliptic-curve prekeys for this
device
format: int32
pqCount:
type: integer
description: the number of stored one-time post-quantum prekeys for this
device
format: int32
SetKeysRequest:
required:
- pqPreKeys
- preKeys
type: object
properties:
preKeys:
maxItems: 100
minItems: 0
type: array
description: |
A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored
unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not
deleted.
items:
$ref: '#/components/schemas/ECPreKey'
signedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pqPreKeys:
maxItems: 100
minItems: 0
type: array
description: |
A list of signed post-quantum one-time prekeys to use for this device. Each key must have a valid signature from
the identity key in this request. If present and not empty, replaces all stored unsigned PQ prekeys for the
device; if absent or empty, any stored unsigned PQ prekeys for the device are not deleted.
items:
$ref: '#/components/schemas/KEMSignedPreKey'
pqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
SpamReport:
type: object
properties:
token:
type: string
format: byte
IncomingMessageList:
required:
- messages
type: object
properties:
messages:
type: array
items:
$ref: '#/components/schemas/IncomingMessage'
online:
type: boolean
urgent:
type: boolean
timestamp:
maximum: 8640000000000000
type: integer
format: int64
SendMultiRecipientMessageResponse:
type: object
properties:
uuids404:
type: array
description: a list of the service identifiers in the request that do not
correspond to registered Signal users; will only be present if a group
send endorsement was supplied for the request
items:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
AccountMismatchedDevices:
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
devices:
$ref: '#/components/schemas/MismatchedDevicesResponse'
AccountStaleDevices:
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
devices:
$ref: '#/components/schemas/StaleDevicesResponse'
CombinedUnidentifiedSenderAccessKeys:
type: object
properties:
accessKeys:
type: string
format: byte
Recipient:
type: object
properties:
devices:
type: string
format: byte
devicesAndRegistrationIds:
type: object
properties:
parallel:
type: boolean
SealedSenderMultiRecipientMessage:
type: object
properties:
recipients:
type: object
additionalProperties:
$ref: '#/components/schemas/Recipient'
excludedRecipients:
type: array
items:
$ref: '#/components/schemas/ServiceId'
ServiceId:
type: object
properties:
rawUUID:
type: string
format: uuid
ConfirmPayPalBoostRequest:
required:
- amount
- currency
- payerId
- paymentId
- paymentToken
type: object
properties:
currency:
maxLength: 3
minLength: 3
type: string
amount:
minimum: 1
type: integer
description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)"
format: int64
level:
type: integer
description: The level for the boost payment. Assumed to be the boost level
if missing
format: int64
paymentMethod:
type: string
description: The payment method
default: CARD
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
payerId:
type: string
paymentId:
type: string
paymentToken:
type: string
CreateBoostResponse:
type: object
properties:
clientSecret:
type: string
description: A client secret that can be used to complete a stripe PaymentIntent
CreateBoostRequest:
required:
- amount
- currency
type: object
properties:
currency:
maxLength: 3
minLength: 3
type: string
amount:
minimum: 1
type: integer
description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)"
format: int64
level:
type: integer
description: The level for the boost payment. Assumed to be the boost level
if missing
format: int64
paymentMethod:
type: string
description: The payment method
default: CARD
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
CreateBoostReceiptCredentialsRequest:
required:
- paymentIntentId
- processor
- receiptCredentialRequest
type: object
properties:
paymentIntentId:
type: string
receiptCredentialRequest:
type: string
format: byte
processor:
type: string
enum:
- STRIPE
- BRAINTREE
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
CreatePayPalBoostRequest:
required:
- amount
- cancelUrl
- currency
- returnUrl
type: object
properties:
currency:
maxLength: 3
minLength: 3
type: string
amount:
minimum: 1
type: integer
description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)"
format: int64
level:
type: integer
description: The level for the boost payment. Assumed to be the boost level
if missing
format: int64
paymentMethod:
type: string
description: The payment method
default: CARD
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
returnUrl:
type: string
cancelUrl:
type: string
CurrencyConversionEntity:
type: object
properties:
base:
type: string
conversions:
type: object
additionalProperties:
type: number
CurrencyConversionEntityList:
type: object
properties:
currencies:
type: array
items:
$ref: '#/components/schemas/CurrencyConversionEntity'
timestamp:
type: integer
format: int64
Badge:
type: object
properties:
id:
type: string
category:
type: string
name:
type: string
description:
type: string
sprites6:
type: array
items:
type: string
svg:
type: string
svgs:
type: array
items:
$ref: '#/components/schemas/BadgeSvg'
imageUrl:
type: string
description: The displayable badge associated with the level
BadgeSvg:
required:
- dark
- light
type: object
properties:
light:
type: string
dark:
type: string
BaseProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
type: object
additionalProperties:
type: boolean
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
VersionedProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
type: object
additionalProperties:
type: boolean
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
name:
type: string
format: byte
about:
type: string
format: byte
aboutEmoji:
type: string
format: byte
avatar:
type: string
paymentAddress:
type: string
format: byte
phoneNumberSharing:
type: string
format: byte
CredentialProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
type: object
additionalProperties:
type: boolean
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
name:
type: string
format: byte
about:
type: string
format: byte
aboutEmoji:
type: string
format: byte
avatar:
type: string
paymentAddress:
type: string
format: byte
phoneNumberSharing:
type: string
format: byte
BatchIdentityCheckResponse:
type: object
properties:
elements:
type: array
items:
$ref: '#/components/schemas/Element'
Element:
required:
- fingerprint
- uuid
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
fingerprint:
type: string
format: byte
BatchIdentityCheckRequest:
required:
- elements
type: object
properties:
elements:
maxItems: 1000
minItems: 0
type: array
items:
$ref: '#/components/schemas/Element'
CreateProfileRequest:
required:
- commitment
- version
type: object
properties:
commitment:
$ref: '#/components/schemas/ProfileKeyCommitment'
version:
type: string
name:
type: string
format: byte
aboutEmoji:
type: string
format: byte
about:
type: string
format: byte
paymentAddress:
type: string
format: byte
sameAvatar:
type: boolean
phoneNumberSharing:
type: string
format: byte
avatarChange:
type: string
enum:
- UNCHANGED
- CLEAR
- UPDATE
avatar:
type: boolean
badgeIds:
type: array
items:
type: string
ProfileKeyCommitment:
type: object
properties:
internalContentsForJNI:
type: string
format: byte
ProvisioningMessage:
required:
- body
type: object
properties:
body:
type: string
description: The MIME base64-encoded body of the provisioning message to
send to the destination device
AccountCreationResponse:
type: object
properties:
uuid:
type: string
description: the account identifier for this account
format: uuid
number:
type: string
description: the phone number associated with this account
pni:
type: string
description: the account identifier for this account's phone-number identity
format: uuid
usernameHash:
type: string
description: "a hash of this account's username, if set"
format: byte
usernameLinkHandle:
type: string
description: "this account's username link handle, if set"
format: uuid
storageCapable:
type: boolean
description: whether any of this account's devices support storage
entitlements:
$ref: '#/components/schemas/Entitlements'
reregistration:
type: boolean
description: "If true, there was an existing account registered for this\
\ number"
RegistrationRequest:
required:
- accountAttributes
- aciIdentityKey
- aciPqLastResortPreKey
- aciSignedPreKey
- pniIdentityKey
- pniPqLastResortPreKey
- pniSignedPreKey
- skipDeviceTransfer
type: object
properties:
sessionId:
type: string
description: |
The ID of an existing verification session as it appears in a verification session
metadata object. Must be provided if `recoveryPassword` is not provided; must not be
provided if `recoveryPassword` is provided.
recoveryPassword:
type: string
description: |
A base64-encoded registration recovery password. Must be provided if `sessionId` is
not provided; must not be provided if `sessionId` is provided
format: byte
accountAttributes:
$ref: '#/components/schemas/AccountAttributes'
skipDeviceTransfer:
type: boolean
description: |
If true, indicates that the end user has elected not to transfer data from another
device even though a device transfer is technically possible given the capabilities of
the calling device and the device associated with the existing account (if any). If
false and if a device transfer is technically possible, the registration request will
fail with an HTTP/409 response indicating that the client should prompt the user to
transfer data from an existing device.
aciIdentityKey:
$ref: '#/components/schemas/IdentityKey'
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
valid:
type: boolean
UserRemoteConfig:
type: object
properties:
name:
type: string
description: Name of the configuration
example: android.exampleFeature
enabled:
type: boolean
description: Whether the configuration is enabled for the user
value:
type: string
description: "The value to be used for the configuration, if it is a non-boolean\
\ type"
description: List of remote configurations applicable to the user
UserRemoteConfigList:
type: object
properties:
config:
type: array
description: List of remote configurations applicable to the user
items:
$ref: '#/components/schemas/UserRemoteConfig'
serverEpochTime:
type: string
description: |
Timestamp when the configuration was generated. Deprecated in favor of `X-Signal-Timestamp` response header.
format: date-time
deprecated: true
AuthCheckResponseV2:
required:
- matches
type: object
properties:
matches:
type: object
additionalProperties:
type: string
description: "A dictionary with the auth check results: `SVR Credentials\
\ -> 'match'/'no-match'/'invalid'`"
enum:
- match
- no-match
- invalid
description: "A dictionary with the auth check results: `SVR Credentials\
\ -> 'match'/'no-match'/'invalid'`"
AuthCheckRequest:
required:
- number
- tokens
type: object
properties:
number:
type: string
description: The e164-formatted phone number.
tokens:
maxItems: 10
minItems: 0
type: array
description: |-
A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the
of the form "username:password". May contain at most 10 tokens.
items:
type: string
description: |-
A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the
of the form "username:password". May contain at most 10 tokens.
StickerPackFormUploadAttributes:
type: object
properties:
manifest:
$ref: '#/components/schemas/StickerPackFormUploadItem'
stickers:
type: array
items:
$ref: '#/components/schemas/StickerPackFormUploadItem'
packId:
type: string
StickerPackFormUploadItem:
type: object
properties:
id:
type: integer
format: int32
key:
type: string
credential:
type: string
acl:
type: string
algorithm:
type: string
date:
type: string
policy:
type: string
signature:
type: string
CreatePayPalBillingAgreementRequest:
required:
- cancelUrl
- returnUrl
type: object
properties:
returnUrl:
type: string
cancelUrl:
type: string
GetReceiptCredentialsRequest:
required:
- receiptCredentialRequest
type: object
properties:
receiptCredentialRequest:
type: string
format: byte
BackupConfiguration:
type: object
properties:
levels:
type: object
additionalProperties:
$ref: '#/components/schemas/BackupLevelConfiguration'
description: A map of numeric backup level IDs to level-specific backup
configuration
freeTierMediaDays:
type: integer
description: The number of days of media a free tier backup user gets
format: int64
description: Backup specific configuration
BackupLevelConfiguration:
type: object
properties:
storageAllowanceBytes:
type: integer
description: The amount of media storage in bytes that a paying subscriber
may store
format: int64
playProductId:
type: string
description: The play billing productID associated with this backup level
mediaTtlDays:
type: integer
description: "The duration, in days, for which your backed up media is retained\
\ on the server after you stop refreshing with a paid credential"
format: int64
description: Configuration for a backup level - use to present appropriate client
interfaces
CurrencyConfiguration:
type: object
properties:
minimum:
type: number
description: The minimum amount that may be submitted for a one-time donation
in the currency
oneTime:
type: object
additionalProperties:
type: array
description: A map of numeric one-time donation level IDs to the list
of default amounts to be presented
items:
type: number
description: A map of numeric one-time donation level IDs to the list
of default amounts to be presented
description: A map of numeric one-time donation level IDs to the list of
default amounts to be presented
subscription:
type: object
additionalProperties:
type: number
description: A map of numeric subscription level IDs to the amount charged
for that level
description: A map of numeric subscription level IDs to the amount charged
for that level
backupSubscription:
type: object
additionalProperties:
type: number
description: A map of numeric backup level IDs to the amount charged for
that level
description: A map of numeric backup level IDs to the amount charged for
that level
supportedPaymentMethods:
type: array
description: The payment methods that support the given currency
items:
type: string
description: The payment methods that support the given currency
description: Configuration for a currency - use to present appropriate client
interfaces
GetSubscriptionConfigurationResponse:
type: object
properties:
currencies:
type: object
additionalProperties:
$ref: '#/components/schemas/CurrencyConfiguration'
description: A map of lower-cased ISO 3 currency codes to minimums and level-specific
scalar amounts
levels:
type: object
additionalProperties:
$ref: '#/components/schemas/LevelConfiguration'
description: A map of numeric donation level IDs to level-specific badge
configuration
backup:
$ref: '#/components/schemas/BackupConfiguration'
sepaMaximumEuros:
type: number
description: The maximum value of a one-time donation SEPA transaction
description: |-
Comprehensive configuration for donation subscriptions, backup subscriptions, gift subscriptions, and one-time
donations pricing information for all levels are included in currencies. All levels that have an associated
badge are included in levels. All levels that correspond to a backup payment tier are included in
backupLevels.
LevelConfiguration:
type: object
properties:
name:
type: string
description: The localized name for the level
badge:
$ref: '#/components/schemas/Badge'
description: Configuration for a donation level - use to present appropriate
client interfaces
ChargeFailure:
type: object
properties:
code:
type: string
description: |
See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or
[Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes)
depending on which processor was used
message:
type: string
description: |
See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or
[Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes)
depending on which processor was used
outcomeNetworkStatus:
type: string
externalDocs:
description: Outcome Network Status
url: https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status
outcomeReason:
type: string
externalDocs:
description: Outcome Reason
url: https://stripe.com/docs/api/charges/object#charge_object-outcome-reason
outcomeType:
type: string
externalDocs:
description: Outcome Type
url: https://stripe.com/docs/api/charges/object#charge_object-outcome-type
description: |2
Meaningfully interpreting chargeFailure response fields requires inspecting the processor field first.
For Stripe, code will be one of the [codes defined here](https://stripe.com/docs/api/charges/object#charge_object-failure_code),
while message [may contain a further textual description](https://stripe.com/docs/api/charges/object#charge_object-failure_message).
The outcome fields are nullable, but present values will directly map to Stripe [response properties](https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status)
For Braintree, the outcome fields will be null. The code and message will contain one of
- a processor decline code (as a string) in code, and associated text in message, as defined this [table](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses)
- `gateway` in code, with a [reason](https://developer.paypal.com/braintree/articles/control-panel/transactions/gateway-rejections) in message
- `code` = "unknown", message = "unknown"
IAP payment processors will never include charge failure information, and detailed order information should be
retrieved from the payment processor directly
GetSubscriptionInformationResponse:
type: object
properties:
subscription:
$ref: '#/components/schemas/Subscription'
chargeFailure:
$ref: '#/components/schemas/ChargeFailure'
Subscription:
type: object
properties:
level:
type: integer
description: The subscription level
format: int64
billingCycleAnchor:
type: string
description: "If present, UNIX Epoch Timestamp in seconds, can be used to\
\ calculate next billing date."
format: date-time
externalDocs:
description: Calculate next billing date
url: https://stripe.com/docs/billing/subscriptions/billing-cycle
endOfCurrentPeriod:
type: string
description: "UNIX Epoch Timestamp in seconds, when the current subscription\
\ period ends"
format: date-time
active:
type: boolean
description: Whether there is a currently active subscription
cancelAtPeriodEnd:
type: boolean
description: "If true, an active subscription will not auto-renew at the\
\ end of the current period"
currency:
type: string
description: A three-letter ISO 4217 currency code for currency used in
the subscription
amount:
type: number
description: The amount paid for the subscription in the currency's smallest
unit
externalDocs:
description: Stripe Currencies
url: https://docs.stripe.com/currencies
status:
type: string
description: "The subscription's status, mapped to Stripe's statuses. trialing\
\ will never be returned"
externalDocs:
description: Stripe subscription statuses
url: https://docs.stripe.com/billing/subscriptions/overview#subscription-statuses
processor:
type: string
description: The payment provider associated with the subscription
enum:
- STRIPE
- BRAINTREE
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
paymentMethod:
type: string
description: The payment method associated with the subscription
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
- GOOGLE_PLAY_BILLING
- APPLE_APP_STORE
paymentProcessing:
type: boolean
description: Whether the latest invoice for the subscription is in a non-terminal
state
description: "Information about the subscription, or null if no subscription\
\ is present"
VerificationSessionResponse:
required:
- allowedToRequestCode
- id
- verified
type: object
properties:
id:
type: string
description: A URL-safe ID for the session
nextSms:
type: integer
description: Duration in seconds after which next SMS can be requested for
this session
format: int64
nextCall:
type: integer
description: Duration in seconds after which next voice call can be requested
for this session
format: int64
nextVerificationAttempt:
type: integer
description: Duration in seconds after which the client can submit a verification
code for this session
format: int64
allowedToRequestCode:
type: boolean
description: Whether it is allowed to request a verification code for this
session
requestedInformation:
type: array
description: A list of requested information that the client needs to submit
before requesting code delivery
items:
type: string
description: A list of requested information that the client needs to
submit before requesting code delivery
enum:
- pushChallenge
- captcha
verified:
type: boolean
description: Whether this session is verified
CreateVerificationSessionRequest:
required:
- number
type: object
properties:
number:
type: string
description: The e164-formatted phone number to be verified
pushToken:
type: string
description: The APNs or FCM device token to which a push challenge can
be sent
pushTokenType:
type: string
description: The type of push token
enum:
- apn
- fcm
pushChallenge:
type: string
description: Value received by the device in the push challenge
captcha:
type: string
description: Captcha token returned after solving a captcha challenge
mcc:
type: string
description: Mobile country code of the phone subscriber
mnc:
type: string
description: Mobile network code of the phone subscriber
UpdateVerificationSessionRequest:
type: object
properties:
pushToken:
type: string
description: The APNs or FCM device token to which a push challenge can
be sent
pushTokenType:
type: string
description: The type of push token
enum:
- apn
- fcm
pushChallenge:
type: string
description: Value received by the device in the push challenge
captcha:
type: string
description: Captcha token returned after solving a captcha challenge
mcc:
type: string
description: Mobile country code of the phone subscriber
mnc:
type: string
description: Mobile network code of the phone subscriber
SendVerificationCodeFailureResponse:
type: object
properties:
reason:
type: string
enum:
- providerUnavailable
- providerRejected
- illegalArgument
permanentFailure:
type: boolean
VerificationCodeRequest:
required:
- client
- transport
type: object
properties:
transport:
type: string
description: Transport via which to send the verification code
enum:
- sms
- voice
client:
type: string
description: Client type to facilitate platform-specific SMS verification
SubmitVerificationCodeRequest:
required:
- code
type: object
properties:
code:
type: string
securitySchemes:
authenticatedAccount:
type: http
description: "Account authentication is based on Basic authentication schema,\
\ \nwhere `username` has a format of `<user_id>[.<device_id>]`. If `device_id`\
\ is not specified,\nuser's `main` device is assumed.\n"
scheme: basic
Reference in New Issue View Git Blame Copy Permalink