MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Signal-Server/signal-server-openapi.yaml

4843 lines
144 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

openapi: 3.0.1
info:
title: Signal Server API
license:
name: AGPL-3.0-only
url: https://www.gnu.org/licenses/agpl-3.0.txt
servers:
- url: https://chat.signal.org
description: Production service
- url: https://chat.staging.signal.org
description: Staging service
paths:
/v1/accounts/account/{identifier}:
head:
tags:
- Account
summary: Check whether an account exists
description: |
Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists.
operationId: accountExists
parameters:
- name: identifier
in: path
description: An ACI or PNI account identifier to check
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
responses:
"200":
description: An account with the given identifier was found.
"400":
description: Request must not be authenticated.
"404":
description: An account was not found for the given identifier.
"422":
description: Invalid request format.
"429":
description: Rate-limited.
security:
- authenticatedAccount: []
- {}
/v1/accounts/username_hash/confirm:
put:
tags:
- Account
summary: Confirm username hash
description: |
Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken
by this account.
operationId: confirmUsernameHash
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmUsernameHashRequest'
required: true
responses:
"200":
description: Username hash confirmed successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/UsernameHashResponse'
"401":
description: Account authentication check failed.
"409":
description: Given username hash doesn't match the reserved one or no reservation
found.
"410":
description: Username hash not available (username can't be used).
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/me:
get:
tags:
- Account
operationId: getMe
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
deprecated: true
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: deleteAccount
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/apn:
put:
tags:
- Account
operationId: setApnRegistrationId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApnRegistrationId'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: deleteApnRegistrationId
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/gcm:
put:
tags:
- Account
operationId: setGcmRegistrationId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GcmRegistrationId'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: deleteGcmRegistrationId
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/username_hash:
delete:
tags:
- Account
summary: Delete username hash
description: |
Authenticated endpoint. Deletes previously stored username for the account.
operationId: deleteUsernameHash
responses:
"204":
description: Username successfully deleted.
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
/v1/accounts/username_link:
put:
tags:
- Account
summary: Set username link
description: |
Authenticated endpoint. For the given encrypted username generates a username link handle.
The username link handle can be used to lookup the encrypted username.
An account can only have one username link at a time; this endpoint overwrites the previous encrypted username if there was one.
operationId: updateUsernameLink
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EncryptedUsername'
required: true
responses:
"200":
description: Username Link updated successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/UsernameLinkHandle'
"401":
description: Account authentication check failed.
"409":
description: Username is not set for the account.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
delete:
tags:
- Account
summary: Delete username link
description: |
Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted
and username link handle is deactivated.
operationId: deleteUsernameLink
responses:
"204":
description: Username Link successfully deleted.
"401":
description: Account authentication check failed.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/turn:
get:
tags:
- Account
operationId: getTurnToken
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/TurnToken'
deprecated: true
security:
- authenticatedAccount: []
/v1/accounts/username_hash/{usernameHash}:
get:
tags:
- Account
summary: Lookup username hash
description: |
Forced unauthenticated endpoint. For the given username hash, look up a user ID.
operationId: lookupUsernameHash
parameters:
- name: usernameHash
in: path
required: true
schema:
type: string
responses:
"200":
description: Account found for the given username.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentifierResponse'
"400":
description: Request must not be authenticated.
"404":
description: Account not found for the given username.
security:
- authenticatedAccount: []
- {}
/v1/accounts/username_link/{uuid}:
get:
tags:
- Account
summary: Lookup username link
description: |
Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username.
If found, encrypted username is returned, otherwise responds with 404 Not Found.
operationId: lookupUsernameLink
parameters:
- name: uuid
in: path
required: true
schema:
type: string
format: uuid
responses:
"200":
description: Username link with the given handle was found.
content:
application/json:
schema:
$ref: '#/components/schemas/EncryptedUsername'
"400":
description: Request must not be authenticated.
"404":
description: Username link was not found for the given handle.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
- {}
/v1/accounts/registration_lock:
put:
tags:
- Account
operationId: setRegistrationLock
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/RegistrationLock'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
delete:
tags:
- Account
operationId: removeRegistrationLock
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/username_hash/reserve:
put:
tags:
- Account
summary: Reserve username hash
description: |
Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken,
and reserves it for the current account.
operationId: reserveUsernameHash
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReserveUsernameHashRequest'
required: true
responses:
"200":
description: Username hash reserved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/ReserveUsernameHashResponse'
"401":
description: Account authentication check failed.
"409":
description: All username hashes from the list are taken.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/accounts/attributes:
put:
tags:
- Account
operationId: setAccountAttributes
parameters:
- name: X-Signal-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AccountAttributes'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/accounts/name:
put:
tags:
- Account
operationId: setName
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/DeviceName'
required: true
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/accounts/whoami:
get:
tags:
- Account
operationId: whoAmI
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
security:
- authenticatedAccount: []
/v2/accounts/number:
put:
tags:
- Account
summary: Change number
description: Changes a phone number for an existing account.
operationId: changeNumber
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ChangeNumberRequest'
required: true
responses:
"200":
description: The phone number associated with the authenticated account
was changed successfully
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
"401":
description: Account authentication check failed.
"403":
description: Verification failed for the provided Registration Recovery
Password
"409":
description: Mismatched number of devices or device ids in 'devices to notify'
list
content:
application/json:
schema:
$ref: '#/components/schemas/MismatchedDevices'
"410":
description: Mismatched registration ids in 'devices to notify' list
content:
application/json:
schema:
$ref: '#/components/schemas/StaleDevices'
"422":
description: The request did not pass validation
"423":
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationLockFailure'
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v2/accounts/phone_number_identity_key_distribution:
put:
tags:
- Account
summary: Set phone-number identity keys
description: Updates key material for the phone-number identity for all devices
and sends a synchronization message to companion devices
operationId: distributePhoneNumberIdentityKeys
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest'
required: true
responses:
"200":
description: Indicates the transaction was successful and returns basic
information about this account.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
"401":
description: Account authentication check failed.
"403":
description: This endpoint can only be invoked from the account's primary
device.
"422":
description: The request body failed validation.
"409":
description: The set of devices specified in the request does not match
the set of devices active on the account.
content:
application/json:
schema:
$ref: '#/components/schemas/MismatchedDevices'
"410":
description: The registration IDs provided for some devices do not match
those stored on the server.
content:
application/json:
schema:
$ref: '#/components/schemas/StaleDevices'
security:
- authenticatedAccount: []
/v2/accounts/data_report:
get:
tags:
- Account
summary: Produces a report of non-ephemeral account data stored by the service
operationId: getAccountDataReport
responses:
"200":
description: Response with data report. A plain text representation is a
field in the response.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountDataReportResponse'
security:
- authenticatedAccount: []
/v2/accounts/phone_number_discoverability:
put:
tags:
- Account
operationId: setPhoneNumberDiscoverability
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/archives/upload/form:
get:
tags:
- Archive
summary: Fetch message backup upload form
description: Retrieve an upload form that can be used to perform a resumable
upload of a message backup.
operationId: backup
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/MessageBackupResponse'
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives:
get:
tags:
- Archive
summary: Fetch backup info
description: Retrieve information about the currently stored backup
operationId: backupInfo
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/BackupInfoResponse'
"404":
description: No existing backups found
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
post:
tags:
- Archive
summary: Refresh backup
description: |
Indicate that this backup is still active. Clients must periodically upload new backups or perform a refresh
via a POST request. If a backup is not refreshed, after 30 days it may be deleted.
operationId: refresh
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"204":
description: The backup was successfully refreshed
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/media/batch:
put:
tags:
- Archive
summary: Batched backup media
description: |
Copy and re-encrypt media from the attachments cdn into the backup cdn.
The original already encrypted attachment will be encrypted with the provided key material before being copied
If the batch request is processed at all, a 207 will be returned and the outcome of each constituent copy will
be provided as a separate entry in the response.
operationId: copyMedia
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaBatchRequest'
required: true
responses:
"207":
description: |
The request was processed and each operation's outcome must be inspected individually. This does NOT necessarily
indicate the operation was a success.
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaBatchResponse'
"413":
description: All media capacity has been consumed. Free some space to continue.
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/media:
get:
tags:
- Archive
summary: List media objects
description: |
Retrieve a list of media objects stored for this backup-id. A client may have previously stored media objects
that are no longer referenced in their current backup. To reclaim storage space used by these orphaned
objects, perform a list operation and remove any unreferenced media objects via DELETE /v1/backups/<mediaId>.
operationId: listMedia
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
- name: cursor
in: query
description: A cursor returned by a previous call
schema:
type: string
- name: limit
in: query
description: The number of entries to return per call
schema:
type: integer
format: int32
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ListResponse'
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
security:
- authenticatedAccount: []
- {}
put:
tags:
- Archive
summary: Backup media
description: |
Copy and re-encrypt media from the attachments cdn into the backup cdn.
The original, already encrypted, attachment will be encrypted with the provided key material before being copied.
A particular destination media id should not be reused with a different source media id or different encryption
parameters.
operationId: copyMedia_1
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaRequest'
required: true
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/CopyMediaResponse'
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
"413":
description: All media capacity has been consumed. Free some space to continue.
"410":
description: The source object was not found.
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
security:
- authenticatedAccount: []
- {}
/v1/archives/media/delete:
post:
tags:
- Archive
summary: Delete media objects
description: Delete media objects stored with this backup-id
operationId: deleteMedia
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/DeleteMedia'
required: true
responses:
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/auth:
get:
tags:
- Archive
summary: 'Fetch ZK credentials '
description: |
After setting a blinded backup-id with PUT /v1/archives/, this fetches credentials that can be used to perform
operations against that backup-id. Clients may (and should) request up to 7 days of credentials at a time.
The redemptionStart and redemptionEnd seconds must be UTC day aligned, and must not span more than 7 days.
operationId: getBackupZKCredentials
parameters:
- name: redemptionStartSeconds
in: query
required: true
schema:
type: integer
format: int64
- name: redemptionEndSeconds
in: query
required: true
schema:
type: integer
format: int64
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/BackupAuthCredentialsResponse'
"400":
description: The start/end did not meet alignment/duration requirements
"404":
description: Could not find an existing blinded backup id
"429":
description: Rate limited.
security:
- authenticatedAccount: []
/v1/archives/auth/read:
get:
tags:
- Archive
summary: Get CDN read credentials
description: Retrieve credentials used to read objects stored on the backup
cdn
operationId: readAuth
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ReadAuthResponse'
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/archives/backupid:
put:
tags:
- Archive
summary: Set backup id
description: |
Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used
to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated
using /v1/archives/auth.
The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret.
operationId: setBackupId
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SetBackupIdRequest'
required: true
responses:
"204":
description: The backup-id was set
"400":
description: The provided backup auth credential request was invalid
"429":
description: Rate limited. Too many attempts to change the backup-id have
been made
security:
- authenticatedAccount: []
/v1/archives/keys:
put:
tags:
- Archive
summary: Set public key
description: |
Permanently set the public key of an ED25519 key-pair for the backup-id. All requests that provide a anonymous
BackupAuthCredentialPresentation (including this one!) must also sign the presentation with the private key
corresponding to the provided public key.
operationId: setPublicKey
parameters:
- name: X-Signal-ZK-Auth
in: header
description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\
\ encoded in standard padded base64"
required: true
schema:
type: string
- name: X-Signal-ZK-Auth-Signature
in: header
description: "Signature of the ZK auth credential's presentation, encoded\
\ in standard padded base64"
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SetPublicKeyRequest'
required: true
responses:
"204":
description: The public key was set
"429":
description: Rate limited.
"403":
description: Forbidden. The request had insufficient permissions to perform
the requested action
"401":
description: |-
The provided backup auth credential presentation could not be verified or
The public key signature was invalid or
There is no backup associated with the backup-id in the presentation
"400":
description: Bad arguments. The request may have been made on an authenticated
channel
security:
- authenticatedAccount: []
- {}
/v1/art/auth:
get:
tags:
- Art
operationId: getAuth
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v2/attachments/form/upload:
get:
tags:
- Attachments
operationId: getAttachmentUploadForm
parameters:
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/AttachmentDescriptorV2'
security:
- authenticatedAccount: []
/v3/attachments/form/upload:
get:
tags:
- Attachments
operationId: getAttachmentUploadForm_1
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/AttachmentDescriptorV3'
security:
- authenticatedAccount: []
/v4/attachments/form/upload:
get:
tags:
- Attachments
summary: Get an upload form
description: |
Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number
indicating what protocol should be used to perform the upload.
operationId: getAttachmentUploadForm_2
responses:
"200":
description: "Success, response body includes upload form"
content:
application/json:
schema:
$ref: '#/components/schemas/AttachmentDescriptorV3'
"413":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/call-link/create-auth:
post:
tags:
- CallLink
summary: Generate a credential for creating call links
description: |
Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge
group infrastructure, the server does not know the room ID.
operationId: getCreateAuth
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest'
required: true
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/CreateCallLinkCredential'
"400":
description: Invalid create call link credential request.
"401":
description: Account authentication check failed.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/calling/relays:
get:
tags:
- Calling
summary: Get 1:1 calling relay options for the client
description: |
Get 1:1 relay addresses in IpV4, Ipv6, and URL formats.
operationId: getCallingRelays
responses:
"200":
description: '`JSON` with call endpoints.'
content:
application/json:
schema:
$ref: '#/components/schemas/TurnToken'
"400":
description: Invalid get call endpoint request.
"401":
description: Account authentication check failed.
"422":
description: Invalid request format.
"429":
description: Ratelimited.
security:
- authenticatedAccount: []
/v1/certificate/delivery:
get:
tags:
- Certificate
operationId: getDeliveryCertificate
parameters:
- name: includeE164
in: query
schema:
type: boolean
default: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/DeliveryCertificate'
security:
- authenticatedAccount: []
/v1/certificate/auth/group:
get:
tags:
- Certificate
operationId: getGroupAuthenticationCredentials
parameters:
- name: redemptionStartSeconds
in: query
schema:
type: integer
format: int64
- name: redemptionEndSeconds
in: query
schema:
type: integer
format: int64
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/GroupCredentials'
security:
- authenticatedAccount: []
/v1/challenge:
put:
tags:
- Challenge
summary: Submit proof of a challenge completion
description: |
Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing.
Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then
continue their original operation.
operationId: handleChallengeResponse
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/AnswerPushChallengeRequest'
- $ref: '#/components/schemas/AnswerCaptchaChallengeRequest'
responses:
"200":
description: Indicates the challenge proof was accepted
"413":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/challenge/push:
post:
tags:
- Challenge
summary: Request a push challenge
description: |
Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be
sent to the requesting accounts main device. When the push is received it may be provided as proof of completed
challenge to /v1/challenge.
APNs challenge payloads will be formatted as follows:
```
{
"aps": {
"sound": "default",
"alert": {
"loc-key": "APN_Message"
}
},
"rateLimitChallenge": "{CHALLENGE_TOKEN}"
}
```
FCM challenge payloads will be formatted as follows:
```
{"rateLimitChallenge": "{CHALLENGE_TOKEN}"}
```
Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must
implement an exponential back-off system and limit the total number of retries.
operationId: requestPushChallenge
responses:
"200":
description: |
Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push
notification, they may issue a PUT request to /v1/challenge.
"404":
description: |
The server does not have a push notification token for the authenticated accounts main device; clients may add a push
token and try again
"413":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
/v1/devices/provisioning/code:
get:
tags:
- Devices
operationId: createDeviceToken
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationCode'
security:
- authenticatedAccount: []
/v1/devices:
get:
tags:
- Devices
operationId: getDevices
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/DeviceInfoList'
security:
- authenticatedAccount: []
/v1/devices/link:
put:
tags:
- Devices
summary: Link a device to an account
description: |
Links a device to an account identified by a given phone number.
operationId: linkDevice
parameters:
- name: Authorization
in: header
schema:
$ref: '#/components/schemas/BasicAuthorizationHeader'
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LinkDeviceRequest'
required: true
responses:
"200":
description: The new device was linked to the calling account
content:
application/json:
schema:
$ref: '#/components/schemas/DeviceResponse'
"403":
description: The given account was not found or the given verification code
was incorrect
"411":
description: The given account already has its maximum number of linked
devices
"422":
description: The request did not pass validation
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
/v1/devices/{device_id}:
delete:
tags:
- Devices
operationId: removeDevice
parameters:
- name: device_id
in: path
required: true
schema:
type: string
format: byte
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/devices/capabilities:
put:
tags:
- Devices
operationId: setCapabilities
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/DeviceCapabilities'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/devices/unauthenticated_delivery:
put:
tags:
- Devices
operationId: setUnauthenticatedDelivery
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v2/directory/auth:
get:
tags:
- Directory
operationId: getAuthToken
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/donation/redeem-receipt:
post:
tags:
- Donations
operationId: redeemReceipt
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RedeemReceiptRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
text/plain: {}
security:
- authenticatedAccount: []
/v1/keepalive:
get:
tags:
- Keep Alive
operationId: getKeepAlive
requestBody:
content:
'*/*':
schema:
$ref: '#/components/schemas/WebSocketSessionContext'
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
- {}
/v1/keepalive/provisioning:
get:
tags:
- Keep Alive
operationId: getProvisioningKeepAlive
responses:
default:
description: default response
content:
'*/*': {}
/v2/keys/check:
post:
tags:
- Keys
summary: Check keys
description: |
Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients
submit a digest of their repeated-use key material. The digest is calculated as:
SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
…where the elements of the hash are:
- identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
- signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
- lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one
version byte followed by 1568 bytes of key material for a total of 1569 bytes)
operationId: checkKeys
parameters:
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: Indicates that client and server have consistent views of repeated-use
keys
"401":
description: Account authentication check failed
"409":
description: |2
Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could
not be found
"422":
description: Invalid request format
security:
- authenticatedAccount: []
/v2/keys/{identifier}/{device_id}:
get:
tags:
- Keys
summary: Fetch public keys for another user
description: Retrieves the public identity key and available device prekeys
for a specified account or phone-number identity
operationId: getDeviceKeys
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: identifier
in: path
description: the account or phone-number identifier to retrieve keys for
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
- name: device_id
in: path
description: "the device id of a single device to retrieve prekeys for, or\
\ `*` for all enabled devices"
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: Indicates at least one prekey was available for at least one
requested device.
content:
application/json:
schema:
$ref: '#/components/schemas/PreKeyResponse'
"401":
description: Account authentication check failed and unidentified-access
key was not supplied or invalid.
"404":
description: "Requested identity or device does not exist, is not active,\
\ or has no available prekeys."
"429":
description: Rate limit exceeded.
headers:
Retry-After:
description: "If present, a positive integer indicating the number of\
\ seconds before a subsequent attempt could succeed"
style: simple
security:
- authenticatedAccount: []
- {}
/v2/keys:
get:
tags:
- Keys
summary: Get prekey count
description: Gets the number of one-time prekeys uploaded for this device and
still available
operationId: getStatus
parameters:
- name: identity
in: query
schema:
type: string
default: aci
enum:
- ACI
- PNI
responses:
"200":
description: Body contains the number of available one-time prekeys for
the device.
content:
application/json:
schema:
$ref: '#/components/schemas/PreKeyCount'
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
put:
tags:
- Keys
summary: Upload new prekeys
description: Upload new pre-keys for this device.
operationId: setKeys
parameters:
- name: identity
in: query
allowEmptyValue: true
schema:
type: string
description: whether this operation applies to the account (aci) or phone-number
(pni) identity
default: aci
enum:
- ACI
- PNI
- aci
- pni
- name: User-Agent
in: header
schema:
type: string
responses:
"200":
description: Indicates that new keys were successfully stored.
"401":
description: Account authentication check failed.
"403":
description: Attempt to change identity key from a non-primary device.
"422":
description: Invalid request format.
security:
- authenticatedAccount: []
/v2/keys/signed:
put:
tags:
- Keys
summary: Upload a new signed prekey
description: |2
Upload a new signed elliptic-curve prekey for this device. Deprecated; use PUT /v2/keys instead.
operationId: setSignedKey
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: identity
in: query
schema:
type: string
default: aci
enum:
- ACI
- PNI
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ECSignedPreKey'
responses:
"200":
description: Indicates that new prekey was successfully stored.
"401":
description: Account authentication check failed.
"422":
description: Invalid request format.
deprecated: true
security:
- authenticatedAccount: []
/v1/messages:
get:
tags:
- Messages
operationId: getPendingMessages
parameters:
- name: X-Signal-Receive-Stories
in: header
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
/v1/messages/uuid/{uuid}:
delete:
tags:
- Messages
operationId: removePendingMessage
parameters:
- name: uuid
in: path
required: true
schema:
type: string
format: uuid
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/messages/report/{source}/{messageGuid}:
post:
tags:
- Messages
operationId: reportSpamMessage
parameters:
- name: source
in: path
required: true
schema:
type: string
- name: messageGuid
in: path
required: true
schema:
type: string
format: uuid
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SpamReport'
responses:
default:
description: default response
content:
'*/*': {}
security:
- authenticatedAccount: []
/v1/messages/{destination}:
put:
tags:
- Messages
operationId: sendMessage
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: User-Agent
in: header
schema:
type: string
- name: destination
in: path
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
- name: story
in: query
schema:
type: boolean
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/IncomingMessageList'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
/v1/messages/multi_recipient:
put:
tags:
- Messages
summary: Send multi-recipient sealed-sender message
description: |
Deliver a common-payload message to multiple recipients.
An unidentifed-access key for all recipients must be provided, unless the message is a story.
operationId: sendMultiRecipientMessage
parameters:
- name: Unidentified-Access-Key
in: header
description: The bitwise xor of the unidentified access keys for every recipient
of the message. Will be replaced with group send credentials
schema:
$ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys'
- name: Group-Send-Credential
in: header
description: A group send credential covering all (included and excluded)
recipients of the message. Must not be combined with `Unidentified-Access-Key`
or set on a story message.
schema:
$ref: '#/components/schemas/GroupSendCredentialHeader'
- name: User-Agent
in: header
schema:
type: string
- name: online
in: query
description: "If true, deliver the message only to recipients that are online\
\ when it is sent"
schema:
type: boolean
- name: ts
in: query
description: The sender's timestamp for the envelope
schema:
type: integer
format: int64
- name: urgent
in: query
description: "If true, this message should cause push notifications to be\
\ sent to recipients"
schema:
type: boolean
default: true
- name: story
in: query
description: "If true, the message is a story; access tokens are not checked\
\ and sending to nonexistent recipients is permitted"
schema:
type: boolean
requestBody:
description: The sealed-sender multi-recipient message payload as serialized
by libsignal
content:
application/vnd.signal-messenger.mrm:
schema:
$ref: '#/components/schemas/SealedSenderMultiRecipientMessage'
required: true
responses:
"200":
description: Message was successfully sent to all recipients
"400":
description: The envelope specified delivery to the same recipient device
multiple times
"401":
description: The message is not a story and the unauthorized access key
or group send credential is missing or incorrect
"404":
description: The message is not a story and some of the recipient service
IDs do not correspond to registered Signal users
"409":
description: Incorrect set of devices supplied for some recipients
content:
application/json:
schema:
type: string
"410":
description: Mismatched registration ids supplied for some recipient devices
content:
application/json:
schema:
type: string
/v1/payments/auth:
get:
tags:
- Payments
operationId: getAuth_1
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v1/payments/conversions:
get:
tags:
- Payments
operationId: getConversions
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/CurrencyConversionEntityList'
security:
- authenticatedAccount: []
/v1/profile/{identifier}/{version}:
get:
tags:
- Profile
operationId: getProfile
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/AciServiceIdentifier'
- name: version
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VersionedProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/{identifier}/{version}/{credentialRequest}:
get:
tags:
- Profile
operationId: getProfile_1
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/AciServiceIdentifier'
- name: version
in: path
required: true
schema:
type: string
- name: credentialRequest
in: path
required: true
schema:
type: string
- name: credentialType
in: query
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/{identifier}:
get:
tags:
- Profile
operationId: getUnversionedProfile
parameters:
- name: Unidentified-Access-Key
in: header
schema:
$ref: '#/components/schemas/Anonymous'
- name: User-Agent
in: header
schema:
type: string
- name: identifier
in: path
required: true
schema:
$ref: '#/components/schemas/ServiceIdentifier'
- name: ca
in: query
schema:
type: boolean
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/BaseProfileResponse'
security:
- authenticatedAccount: []
- {}
/v1/profile/identity_check/batch:
post:
tags:
- Profile
operationId: runBatchIdentityCheck
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/BatchIdentityCheckRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/BatchIdentityCheckResponse'
/v1/profile:
put:
tags:
- Profile
operationId: setProfile
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateProfileRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/provisioning/{destination}:
put:
tags:
- Provisioning
operationId: sendProvisioningMessage
parameters:
- name: destination
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningMessage'
required: true
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
/v1/registration:
post:
tags:
- Registration
summary: Registers an account
description: "Registers a new account or attempts to “re-register” an existing\
\ account. It is expected that a well-behaved client\ncould make up to three\
\ consecutive calls to this API:\n1. gets 423 from existing registration lock\
\ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n"
operationId: register
parameters:
- name: Authorization
in: header
required: true
schema:
$ref: '#/components/schemas/BasicAuthorizationHeader'
- name: X-Signal-Agent
in: header
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationRequest'
required: true
responses:
"200":
description: The phone number associated with the authenticated account
was changed successfully
content:
application/json:
schema:
$ref: '#/components/schemas/AccountIdentityResponse'
"403":
description: Verification failed for the provided Registration Recovery
Password
"409":
description: "The caller has not explicitly elected to skip transferring\
\ data from another device, but a device transfer is technically possible"
"422":
description: The request did not pass validation
"423":
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationLockFailure'
"429":
description: Too many attempts
headers:
Retry-After:
description: "If present, an positive integer indicating the number\
\ of seconds before a subsequent attempt could succeed"
style: simple
/v1/config:
get:
tags:
- Remote Config
operationId: getAll
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/UserRemoteConfigList'
security:
- authenticatedAccount: []
/v1/storage/auth:
get:
tags:
- Secure Storage
operationId: getAuth_2
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
security:
- authenticatedAccount: []
/v2/backup/auth/check:
post:
tags:
- Secure Value Recovery
summary: Check SVR2 credentials
description: |
Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage.
To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key
(from which a registration recovery password can be derived), clients should call this endpoint
with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2.
operationId: authCheck
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckRequest'
required: true
responses:
"200":
description: '`JSON` with the check results.'
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckResponse'
"422":
description: Provided list of SVR2 credentials could not be parsed
"400":
description: '`POST` request body is not a valid `JSON`'
/v2/backup/auth:
get:
tags:
- Secure Value Recovery
summary: Generate credentials for SVR2
description: |
Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days
(however, the TTL is fully controlled by the server side and may change even for already generated credentials).
operationId: getAuth_3
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
/v3/backup/auth/check:
post:
tags:
- Secure Value Recovery
summary: Check SVR3 credentials
description: |
Over time, clients may wind up with multiple sets of SVR3 authentication credentials in cloud storage.
To determine which set is most current and should be used to communicate with SVR3 to retrieve a master key
(from which a registration recovery password can be derived), clients should call this endpoint
with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR3.
operationId: authCheck_1
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckRequest'
required: true
responses:
"200":
description: '`JSON` with the check results.'
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCheckResponse'
"422":
description: Provided list of SVR3 credentials could not be parsed
"400":
description: '`POST` request body is not a valid `JSON`'
/v3/backup/auth:
get:
tags:
- Secure Value Recovery
summary: Generate credentials for SVR3
description: |
Generate SVR3 service credentials. Generated credentials have an expiration time of 30 days
(however, the TTL is fully controlled by the server side and may change even for already generated credentials).
operationId: getAuth_4
responses:
"200":
description: '`JSON` with generated credentials.'
content:
application/json:
schema:
$ref: '#/components/schemas/ExternalServiceCredentials'
"401":
description: Account authentication check failed.
security:
- authenticatedAccount: []
/v1/sticker/pack/form/{count}:
get:
tags:
- Stickers
operationId: getStickersForm
parameters:
- name: count
in: path
required: true
schema:
maximum: 201
minimum: 1
type: integer
format: int32
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/StickerPackFormUploadAttributes'
security:
- authenticatedAccount: []
/v1/subscription/boost/paypal/confirm:
post:
tags:
- Subscriptions
operationId: confirmPayPalBoost
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmPayPalBoostRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/boost/create:
post:
tags:
- Subscriptions
operationId: createBoostPaymentIntent
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBoostRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/boost/receipt_credentials:
post:
tags:
- Subscriptions
operationId: createBoostReceiptCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/boost/paypal/create:
post:
tags:
- Subscriptions
operationId: createPayPalBoost
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePayPalBoostRequest'
required: true
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/{subscriberId}/create_payment_method/paypal:
post:
tags:
- Subscriptions
operationId: createPayPalPaymentMethod
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePayPalBillingAgreementRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/create_payment_method:
post:
tags:
- Subscriptions
operationId: createPaymentMethod
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: type
in: query
schema:
type: string
default: CARD
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/receipt_credentials:
post:
tags:
- Subscriptions
operationId: createSubscriptionReceiptCredentials
parameters:
- name: User-Agent
in: header
schema:
type: string
- name: subscriberId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetReceiptCredentialsRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}:
get:
tags:
- Subscriptions
operationId: getSubscriptionInformation
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
put:
tags:
- Subscriptions
operationId: updateSubscriber
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
delete:
tags:
- Subscriptions
operationId: deleteSubscriber
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
security:
- authenticatedAccount: []
- {}
/v1/subscription/bank_mandate/{bankTransferType}:
get:
tags:
- Subscriptions
operationId: getBankMandate
parameters:
- name: bankTransferType
in: path
required: true
schema:
type: string
enum:
- SEPA_DEBIT
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/boost/badges:
get:
tags:
- Subscriptions
operationId: getBoostBadges
responses:
default:
description: default response
content:
application/json: {}
deprecated: true
/v1/subscription/configuration:
get:
tags:
- Subscriptions
operationId: getConfiguration
responses:
default:
description: default response
content:
application/json: {}
/v1/subscription/{subscriberId}/default_payment_method/{paymentMethodId}:
post:
tags:
- Subscriptions
operationId: setDefaultPaymentMethod
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: paymentMethodId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
deprecated: true
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}:
post:
tags:
- Subscriptions
operationId: setDefaultPaymentMethodForIdeal
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: setupIntentId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}:
post:
tags:
- Subscriptions
operationId: setDefaultPaymentMethodWithProcessor
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: processor
in: path
required: true
schema:
type: string
enum:
- STRIPE
- BRAINTREE
- name: paymentMethodToken
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}:
put:
tags:
- Subscriptions
operationId: setSubscriptionLevel
parameters:
- name: subscriberId
in: path
required: true
schema:
type: string
- name: level
in: path
required: true
schema:
type: integer
format: int64
- name: currency
in: path
required: true
schema:
type: string
- name: idempotencyKey
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: object
properties:
completedExceptionally:
type: boolean
numberOfDependents:
type: integer
format: int32
done:
type: boolean
cancelled:
type: boolean
security:
- authenticatedAccount: []
- {}
/v1/verification/session:
post:
tags:
- Verification
operationId: createSession
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateVerificationSessionRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
/v1/verification/session/{sessionId}:
get:
tags:
- Verification
operationId: getSession
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
patch:
tags:
- Verification
operationId: updateSession
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateVerificationSessionRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
/v1/verification/session/{sessionId}/code:
put:
tags:
- Verification
operationId: verifyCode
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SubmitVerificationCodeRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
post:
tags:
- Verification
operationId: requestVerificationCode
parameters:
- name: sessionId
in: path
required: true
schema:
type: string
- name: User-Agent
in: header
schema:
type: string
- name: Accept-Language
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationCodeRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationSessionResponse'
components:
schemas:
AciServiceIdentifier:
type: string
description: An identifier for an account based on the account's ACI
allOf:
- $ref: '#/components/schemas/ServiceIdentifier'
PniServiceIdentifier:
type: string
description: An identifier for an account based on the account's phone number
identifier (PNI)
allOf:
- $ref: '#/components/schemas/ServiceIdentifier'
ServiceIdentifier:
type: object
description: A service identifier is a tuple of a UUID and identity type that
identifies an account and identity within the Signal service.
UsernameHashResponse:
type: object
properties:
usernameHash:
type: string
description: "The hash of the confirmed username, as supplied in the request"
usernameLinkHandle:
type: string
description: A handle that can be included in username links to retrieve
the stored encrypted username
ConfirmUsernameHashRequest:
required:
- zkProof
type: object
properties:
usernameHash:
type: array
items:
type: string
format: byte
zkProof:
type: array
items:
type: string
format: byte
encryptedUsername:
maxLength: 128
minLength: 1
type: string
description: The url-safe base64-encoded encrypted username to be stored
for username links
AccountIdentityResponse:
type: object
properties:
uuid:
type: string
description: the account identifier for this account
format: uuid
number:
type: string
description: the phone number associated with this account
pni:
type: string
description: the account identifier for this account's phone-number identity
format: uuid
usernameHash:
type: array
description: "a hash of this account's username, if set"
items:
type: string
description: "a hash of this account's username, if set"
format: byte
storageCapable:
type: boolean
description: whether any of this account's devices support storage
TurnToken:
type: object
properties:
username:
type: string
password:
type: string
urls:
type: array
items:
type: string
urlsWithIps:
type: array
items:
type: string
hostname:
type: string
AccountIdentifierResponse:
required:
- uuid
type: object
properties:
uuid:
type: string
description: An identifier for an account based on the account's ACI
EncryptedUsername:
required:
- usernameLinkEncryptedValue
type: object
properties:
usernameLinkEncryptedValue:
maxLength: 128
minLength: 1
type: string
description: the URL-safe base64 encoding of the encrypted username
keepLinkHandle:
type: boolean
description: "if set and the account already has an encrypted-username link\
\ handle, reuse the same link handle rather than generating a new one.\
\ The response will still have the link handle."
ReserveUsernameHashResponse:
type: object
properties:
usernameHash:
type: array
items:
type: string
format: byte
ReserveUsernameHashRequest:
required:
- usernameHashes
type: object
properties:
usernameHashes:
maxItems: 20
minItems: 1
type: array
items:
type: array
items:
type: string
format: byte
AccountAttributes:
type: object
properties:
fetchesMessages:
type: boolean
registrationId:
type: integer
format: int32
name:
maxItems: 225
minItems: 0
type: array
items:
type: string
format: byte
registrationLock:
type: string
unidentifiedAccessKey:
type: array
items:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
$ref: '#/components/schemas/DeviceCapabilities'
discoverableByPhoneNumber:
type: boolean
recoveryPassword:
type: array
items:
type: string
format: byte
eachRegistrationIdValid:
type: boolean
pniRegistrationId:
type: integer
format: int32
DeviceCapabilities:
type: object
properties:
storage:
type: boolean
transfer:
type: boolean
paymentActivation:
type: boolean
ApnRegistrationId:
required:
- apnRegistrationId
type: object
properties:
apnRegistrationId:
type: string
voipRegistrationId:
type: string
description: |
An APNs token set for the account's primary device. If provided, the account's primary
device will be notified of new messages via push notifications to the given token.
Callers must provide exactly one of an APNs token set, an FCM token, or an
`AccountAttributes` entity with `fetchesMessages` set to `true`.
GcmRegistrationId:
required:
- gcmRegistrationId
type: object
properties:
gcmRegistrationId:
type: string
description: |
An FCM/GCM token for the account's primary device. If provided, the account's primary
device will be notified of new messages via push notifications to the given token.
Callers must provide exactly one of an APNs token set, an FCM token, or an
`AccountAttributes` entity with `fetchesMessages` set to `true`.
DeviceName:
required:
- deviceName
type: object
properties:
deviceName:
maxItems: 225
minItems: 0
type: array
items:
type: string
format: byte
RegistrationLock:
required:
- registrationLock
type: object
properties:
registrationLock:
maxLength: 64
minLength: 64
type: string
UsernameLinkHandle:
required:
- usernameLinkHandle
type: object
properties:
usernameLinkHandle:
type: string
description: A handle that can be included in username links to retrieve
the stored encrypted username
format: uuid
MismatchedDevices:
type: object
properties:
missingDevices:
type: array
description: Devices present on the account but absent in the request
items:
type: string
description: Devices present on the account but absent in the request
format: byte
extraDevices:
type: array
description: Devices absent on the request but present in the account
items:
type: string
description: Devices absent on the request but present in the account
format: byte
StaleDevices:
type: object
properties:
staleDevices:
type: array
description: Devices that are no longer active
items:
type: string
description: Devices that are no longer active
format: byte
ExternalServiceCredentials:
type: object
properties:
username:
type: string
password:
type: string
RegistrationLockFailure:
type: object
properties:
timeRemaining:
type: integer
description: Time remaining in milliseconds before the existing registration
lock expires
format: int64
svr2Credentials:
$ref: '#/components/schemas/ExternalServiceCredentials'
description: A token provided to the client via a push payload
ChangeNumberRequest:
required:
- deviceMessages
- devicePniSignedPrekeys
- number
- pniIdentityKey
- pniRegistrationIds
type: object
properties:
reglock:
type: string
description: "the registration lock password for the new phone number, if\
\ necessary"
sessionId:
type: string
description: |-
A session ID from registration service, if using session id to authenticate this request.
Must not be combined with `recoveryPassword`.
recoveryPassword:
type: string
description: |-
The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request.
Must not be combined with `sessionId`.
number:
type: string
description: the new phone number for this account
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
deviceMessages:
type: array
description: |-
A list of synchronization messages to send to companion devices to supply the private keysManager
associated with the new identity key and their new prekeys.
Exactly one message must be supplied for each enabled device other than the sending (primary) device.
items:
$ref: '#/components/schemas/IncomingMessage'
devicePniSignedPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/ECSignedPreKey'
description: |-
A new signed elliptic-curve prekey for each enabled device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
devicePniPqLastResortPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/KEMSignedPreKey'
description: |-
A new signed post-quantum last-resort prekey for each enabled device on the account, including this one.
May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored.
If present, must contain one prekey per enabled device including this one.
Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped.
Each must be accompanied by a valid signature from the new identity key in this request.
pniRegistrationIds:
type: object
additionalProperties:
type: integer
description: "the new phone-number-identity registration ID for each enabled\
\ device on the account, including this one"
format: int32
description: "the new phone-number-identity registration ID for each enabled\
\ device on the account, including this one"
eachPniRegistrationIdValid:
type: boolean
valid:
type: boolean
ECPublicKey:
type: object
properties:
type:
type: integer
format: int32
publicKeyBytes:
type: array
items:
type: string
format: byte
ECSignedPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
signature:
type: string
description: |
The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
description: |
A signed EC pre-key to be associated with this account's PNI.
IdentityKey:
type: object
properties:
publicKey:
$ref: '#/components/schemas/ECPublicKey'
fingerprint:
type: string
description: |
The PNI-associated identity key for the account, encoded as a base64 string.
IncomingMessage:
type: object
properties:
type:
type: integer
format: int32
destinationDeviceId:
type: string
format: byte
destinationRegistrationId:
type: integer
format: int32
content:
type: string
KEMSignedPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents
a single-use or last-resort key, but another party should *not* be able to tell.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded.
signature:
type: string
description: |
The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
description: |
A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI.
PhoneNumberIdentityKeyDistributionRequest:
required:
- deviceMessages
- devicePniSignedPrekeys
- pniIdentityKey
- pniRegistrationIds
type: object
properties:
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
deviceMessages:
type: array
description: |
A list of synchronization messages to send to companion devices to supply the private keys
associated with the new identity key and their new prekeys.
Exactly one message must be supplied for each enabled device other than the sending (primary) device.
items:
$ref: '#/components/schemas/IncomingMessage'
devicePniSignedPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/ECSignedPreKey'
description: |-
A new signed elliptic-curve prekey for each enabled device on the account, including this one.
Each must be accompanied by a valid signature from the new identity key in this request.
devicePniPqLastResortPrekeys:
type: object
additionalProperties:
$ref: '#/components/schemas/KEMSignedPreKey'
description: |-
A new signed post-quantum last-resort prekey for each enabled device on the account, including this one.
May be absent, in which case the last resort PQ prekeys for each device will be deleted if any had been stored.
If present, must contain one prekey per enabled device including this one.
Prekeys for devices that did not previously have any post-quantum prekeys stored will be silently dropped.
Each must be accompanied by a valid signature from the new identity key in this request.
pniRegistrationIds:
type: object
additionalProperties:
type: integer
description: "The new registration ID to use for the phone-number identity\
\ of each device, including this one."
format: int32
description: "The new registration ID to use for the phone-number identity\
\ of each device, including this one."
AccountAndDevicesDataReport:
type: object
properties:
account:
$ref: '#/components/schemas/AccountDataReport'
devices:
type: array
items:
$ref: '#/components/schemas/DeviceDataReport'
AccountDataReport:
type: object
properties:
phoneNumber:
type: string
badges:
type: array
items:
$ref: '#/components/schemas/BadgeDataReport'
allowSealedSenderFromAnyone:
type: boolean
findAccountByPhoneNumber:
type: boolean
AccountDataReportResponse:
type: object
properties:
reportId:
type: string
format: uuid
reportTimestamp:
type: string
format: date-time
data:
$ref: '#/components/schemas/AccountAndDevicesDataReport'
text:
type: string
description: A plaintext representation of the data report
BadgeDataReport:
type: object
properties:
id:
type: string
expiration:
type: string
format: date-time
visible:
type: boolean
DeviceDataReport:
type: object
properties:
id:
type: string
format: byte
lastSeen:
type: string
format: date-time
created:
type: string
format: date-time
userAgent:
type: string
PhoneNumberDiscoverabilityRequest:
required:
- discoverableByPhoneNumber
type: object
properties:
discoverableByPhoneNumber:
type: boolean
MessageBackupResponse:
type: object
properties:
cdn:
type: integer
description: Indicates the CDN type. 3 indicates resumable uploads using
TUS
format: int32
key:
type: string
description: The location within the specified cdn where the finished upload
can be found.
headers:
type: object
additionalProperties:
type: string
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
signedUploadLocation:
type: string
description: The URL to upload to with the appropriate protocol
BackupInfoResponse:
type: object
properties:
cdn:
type: integer
description: The CDN type where the message backup is stored. Media may
be stored elsewhere.
format: int32
backupDir:
type: string
description: |
The base directory of your backup data on the cdn. The message backup can be found in the returned cdn at
/backupDir/backupName and stored media can be found at /backupDir/mediaDir/mediaId
mediaDir:
type: string
description: |
The prefix path component for media objects on a cdn. Stored media for mediaId can be found at
/backupDir/mediaDir/mediaId.
backupName:
type: string
description: The name of the most recent message backup on the cdn. The
backup is at /backupDir/backupName
usedSpace:
type: integer
description: The amount of space used to store media
format: int64
CopyMediaBatchResponse:
type: object
properties:
responses:
type: array
description: Detailed outcome information for each copy request in the batch
items:
$ref: '#/components/schemas/Entry'
Entry:
required:
- mediaId
type: object
properties:
status:
type: integer
description: |
The outcome of the copy attempt.
A 200 indicates the object was successfully copied.
A 400 indicates an invalid argument in the request
A 410 indicates that the source object was not found
format: int32
failureReason:
type: string
description: "On a copy failure, a detailed failure reason"
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: "The mediaId of the object, encoded in URL-safe padded base64"
description: Detailed outcome information for each copy request in the batch
CopyMediaBatchRequest:
required:
- items
type: object
properties:
items:
maxItems: 1000
minItems: 1
type: array
description: A list of media objects to copy from the attachments CDN to
the backup CDN
items:
$ref: '#/components/schemas/CopyMediaRequest'
CopyMediaRequest:
required:
- encryptionKey
- hmacKey
- iv
- mediaId
- objectLength
- sourceAttachment
type: object
properties:
sourceAttachment:
$ref: '#/components/schemas/RemoteAttachment'
objectLength:
type: integer
description: The length of the source attachment before the encryption applied
by the copy operation
format: int32
mediaId:
type: string
description: "mediaId to copy on to the backup CDN, encoded in URL-safe\
\ padded base64"
hmacKey:
type: string
description: "A 32-byte key for the MAC, encoded in standard padded base64"
encryptionKey:
type: string
description: "A 32-byte encryption key for AES, encoded in standard padded\
\ base64"
iv:
type: string
description: "A 16-byte IV for AES, encoded in standard padded base64"
RemoteAttachment:
required:
- cdn
- key
type: object
properties:
cdn:
type: integer
description: The attachment cdn
format: int32
key:
type: string
description: The attachment key
description: The object on the attachment CDN to copy
CopyMediaResponse:
required:
- cdn
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
DeleteMedia:
type: object
properties:
mediaToDelete:
maxItems: 1000
minItems: 1
type: array
items:
$ref: '#/components/schemas/MediaToDelete'
MediaToDelete:
required:
- cdn
- mediaId
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: The mediaId of the object in URL-safe base64
BackupAuthCredential:
type: object
properties:
credential:
type: array
description: "A BackupAuthCredential, encoded in standard padded base64"
items:
type: string
description: "A BackupAuthCredential, encoded in standard padded base64"
format: byte
redemptionTime:
type: integer
description: The day on which this credential is valid. Seconds since epoch
truncated to day boundary
format: int64
description: A list of BackupAuthCredentials and their validity periods
BackupAuthCredentialsResponse:
type: object
properties:
credentials:
type: array
description: A list of BackupAuthCredentials and their validity periods
items:
$ref: '#/components/schemas/BackupAuthCredential'
ListResponse:
type: object
properties:
storedMediaObjects:
type: array
description: A page of media objects stored for this backup ID
items:
$ref: '#/components/schemas/StoredMediaObject'
backupDir:
type: string
description: |
The base directory of your backup data on the cdn. The stored media can be found at /backupDir/mediaDir/mediaId
mediaDir:
type: string
description: |
The prefix path component for the media objects. The stored media for mediaId can be found at /backupDir/mediaDir/mediaId.
cursor:
type: string
description: "If set, the cursor value to pass to the next list request\
\ to continue listing. If absent, all objects have been listed"
StoredMediaObject:
required:
- cdn
- mediaId
- objectLength
type: object
properties:
cdn:
type: integer
description: The backup cdn where this media object is stored
format: int32
mediaId:
type: string
description: The mediaId of the object in URL-safe base64
objectLength:
type: integer
description: The length of the object in bytes
format: int64
description: A page of media objects stored for this backup ID
ReadAuthResponse:
type: object
properties:
headers:
type: object
additionalProperties:
type: string
description: Auth headers to include with cdn read requests
description: Auth headers to include with cdn read requests
SetBackupIdRequest:
required:
- backupAuthCredentialRequest
type: object
properties:
backupAuthCredentialRequest:
type: string
description: |
A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64
SetPublicKeyRequest:
required:
- backupIdPublicKey
type: object
properties:
backupIdPublicKey:
type: string
description: "The public key, serialized in libsignal's elliptic-curve public\
\ key format, and encoded in standard padded base64."
AttachmentDescriptorV2:
type: object
properties:
attachmentId:
type: integer
format: int64
key:
type: string
credential:
type: string
acl:
type: string
algorithm:
type: string
date:
type: string
policy:
type: string
signature:
type: string
attachmentIdString:
type: string
AttachmentDescriptorV3:
type: object
properties:
cdn:
type: integer
description: |
Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API.
2 indicates resumable uploads using GCS,
3 indicates resumable uploads using TUS
format: int32
key:
type: string
description: The location within the specified cdn where the finished upload
can be found
headers:
type: object
additionalProperties:
type: string
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
description: A map of headers to include with all upload requests. Potentially
contains time-limited upload credentials
signedUploadLocation:
type: string
description: The URL to upload to with the appropriate protocol
CreateCallLinkCredential:
type: object
properties:
credential:
type: array
items:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GetCreateCallLinkCredentialsRequest:
required:
- createCallLinkCredentialRequest
type: object
properties:
createCallLinkCredentialRequest:
type: array
items:
type: string
format: byte
DeliveryCertificate:
type: object
properties:
certificate:
type: array
items:
type: string
format: byte
CallLinkAuthCredential:
type: object
properties:
credential:
type: array
items:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GroupCredential:
type: object
properties:
credential:
type: array
items:
type: string
format: byte
redemptionTime:
type: integer
format: int64
GroupCredentials:
type: object
properties:
credentials:
type: array
items:
$ref: '#/components/schemas/GroupCredential'
callLinkAuthCredentials:
type: array
items:
$ref: '#/components/schemas/CallLinkAuthCredential'
pni:
type: string
format: uuid
AnswerPushChallengeRequest:
required:
- challenge
type: object
allOf:
- $ref: '#/components/schemas/AnswerChallengeRequest'
- type: object
properties:
challenge:
type: string
description: A token provided to the client via a push payload
AnswerCaptchaChallengeRequest:
required:
- captcha
- token
type: object
allOf:
- $ref: '#/components/schemas/AnswerChallengeRequest'
- type: object
properties:
token:
type: string
description: The value of the token field from the server's 428 response
captcha:
type: string
description: A string representing a solved captcha
example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345
AnswerChallengeRequest:
required:
- type
type: object
properties:
type:
type: string
discriminator:
propertyName: type
VerificationCode:
type: object
properties:
verificationCode:
type: string
DeviceInfo:
type: object
properties:
id:
type: integer
format: int64
name:
type: array
items:
type: string
format: byte
lastSeen:
type: integer
format: int64
created:
type: integer
format: int64
DeviceInfoList:
type: object
properties:
devices:
type: array
items:
$ref: '#/components/schemas/DeviceInfo'
DeviceResponse:
type: object
properties:
uuid:
type: string
format: uuid
pni:
type: string
format: uuid
deviceId:
type: string
format: byte
BasicAuthorizationHeader:
type: object
properties:
username:
type: string
deviceId:
type: integer
format: int64
password:
type: string
DeviceActivationRequest:
required:
- aciPqLastResortPreKey
- aciSignedPreKey
- pniPqLastResortPreKey
- pniSignedPreKey
type: object
properties:
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
LinkDeviceRequest:
required:
- aciPqLastResortPreKey
- aciSignedPreKey
- pniPqLastResortPreKey
- pniSignedPreKey
- verificationCode
type: object
properties:
verificationCode:
type: string
description: |
The verification code associated with this device. Must match the verification code
provided by the server when provisioning this device.
accountAttributes:
$ref: '#/components/schemas/AccountAttributes'
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
RedeemReceiptRequest:
required:
- receiptCredentialPresentation
type: object
properties:
receiptCredentialPresentation:
type: array
items:
type: string
format: byte
visible:
type: boolean
primary:
type: boolean
WebSocketClient:
type: object
properties:
userAgent:
type: string
open:
type: boolean
createdTimestamp:
type: integer
format: int64
WebSocketSessionContext:
type: object
properties:
authenticated:
type: object
client:
$ref: '#/components/schemas/WebSocketClient'
CheckKeysRequest:
required:
- digest
- identityType
type: object
properties:
identityType:
type: string
description: |
The identity type for which to check for a shared view of repeated-use keys
enum:
- ACI
- PNI
digest:
type: array
description: |
A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as:
SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
…where the elements of the hash are:
- identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
- signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
- lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e.
one version byte followed by 1568 bytes of key material for a total of 1569 bytes)
items:
type: string
description: |
A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as:
SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
…where the elements of the hash are:
- identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
- signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
version byte followed by 32 bytes of key material for a total of 33 bytes)
- lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
- lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e.
one version byte followed by 1568 bytes of key material for a total of 1569 bytes)
format: byte
ECPreKey:
type: object
properties:
keyId:
type: integer
description: |
An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
Should not be zero. Should be less than 2^24.
format: int64
publicKey:
type: string
description: |
The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
description: |
A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored
unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not
deleted.
PreKeyResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
devices:
type: array
description: information about each requested device
items:
$ref: '#/components/schemas/PreKeyResponseItem'
PreKeyResponseItem:
type: object
properties:
deviceId:
type: string
description: the device ID of the device to which this item pertains
format: byte
registrationId:
type: integer
description: the registration ID for the device
format: int32
signedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
preKey:
$ref: '#/components/schemas/ECPreKey'
pqPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
description: information about each requested device
Anonymous:
type: object
properties:
accessKey:
type: array
items:
type: string
format: byte
PreKeyCount:
type: object
properties:
count:
type: integer
description: the number of stored unsigned elliptic-curve prekeys for this
device
format: int32
pqCount:
type: integer
description: the number of stored one-time post-quantum prekeys for this
device
format: int32
SetKeysRequest:
type: object
properties:
preKeys:
type: array
description: |
A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored
unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not
deleted.
items:
$ref: '#/components/schemas/ECPreKey'
signedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pqPreKeys:
type: array
description: |
A list of signed post-quantum one-time prekeys to use for this device. Each key must have a valid signature from
the identity key in this request. If present and not empty, replaces all stored unsigned PQ prekeys for the
device; if absent or empty, any stored unsigned PQ prekeys for the device are not deleted.
items:
$ref: '#/components/schemas/KEMSignedPreKey'
pqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
SpamReport:
type: object
properties:
token:
type: array
items:
type: string
format: byte
IncomingMessageList:
required:
- messages
type: object
properties:
messages:
type: array
items:
$ref: '#/components/schemas/IncomingMessage'
online:
type: boolean
urgent:
type: boolean
timestamp:
type: integer
format: int64
AccountMismatchedDevices:
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
devices:
$ref: '#/components/schemas/MismatchedDevices'
AccountStaleDevices:
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
devices:
$ref: '#/components/schemas/StaleDevices'
CombinedUnidentifiedSenderAccessKeys:
type: object
properties:
accessKeys:
type: array
items:
type: string
format: byte
GroupSendCredentialHeader:
type: object
properties:
presentation:
$ref: '#/components/schemas/GroupSendCredentialPresentation'
GroupSendCredentialPresentation:
type: object
properties:
internalContentsForJNI:
type: array
items:
type: string
format: byte
Recipient:
type: object
properties:
devices:
type: array
items:
type: string
format: byte
devicesAndRegistrationIds:
type: object
properties:
parallel:
type: boolean
SealedSenderMultiRecipientMessage:
type: object
properties:
recipients:
type: object
additionalProperties:
$ref: '#/components/schemas/Recipient'
excludedRecipients:
type: array
items:
$ref: '#/components/schemas/ServiceId'
ServiceId:
type: object
properties:
rawUUID:
type: string
format: uuid
CurrencyConversionEntity:
type: object
properties:
base:
type: string
conversions:
type: object
additionalProperties:
type: number
CurrencyConversionEntityList:
type: object
properties:
currencies:
type: array
items:
$ref: '#/components/schemas/CurrencyConversionEntity'
timestamp:
type: integer
format: int64
Badge:
type: object
properties:
id:
type: string
category:
type: string
name:
type: string
description:
type: string
sprites6:
type: array
items:
type: string
svg:
type: string
svgs:
type: array
items:
$ref: '#/components/schemas/BadgeSvg'
imageUrl:
type: string
BadgeSvg:
required:
- dark
- light
type: object
properties:
light:
type: string
dark:
type: string
BaseProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: array
items:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
$ref: '#/components/schemas/UserCapabilities'
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
UserCapabilities:
type: object
properties:
paymentActivation:
type: boolean
pni:
type: boolean
pnp:
type: boolean
giftBadges:
type: boolean
VersionedProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: array
items:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
$ref: '#/components/schemas/UserCapabilities'
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
name:
type: array
items:
type: string
format: byte
about:
type: array
items:
type: string
format: byte
aboutEmoji:
type: array
items:
type: string
format: byte
avatar:
type: string
paymentAddress:
type: array
items:
type: string
format: byte
phoneNumberSharing:
type: array
items:
type: string
format: byte
CredentialProfileResponse:
type: object
properties:
identityKey:
$ref: '#/components/schemas/IdentityKey'
unidentifiedAccess:
type: array
items:
type: string
format: byte
unrestrictedUnidentifiedAccess:
type: boolean
capabilities:
$ref: '#/components/schemas/UserCapabilities'
badges:
type: array
items:
$ref: '#/components/schemas/Badge'
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
name:
type: array
items:
type: string
format: byte
about:
type: array
items:
type: string
format: byte
aboutEmoji:
type: array
items:
type: string
format: byte
avatar:
type: string
paymentAddress:
type: array
items:
type: string
format: byte
phoneNumberSharing:
type: array
items:
type: string
format: byte
BatchIdentityCheckResponse:
type: object
properties:
elements:
type: array
items:
$ref: '#/components/schemas/Element'
Element:
required:
- fingerprint
type: object
properties:
uuid:
type: string
description: A service identifier is a tuple of a UUID and identity type
that identifies an account and identity within the Signal service.
aci:
type: string
description: An identifier for an account based on the account's ACI
fingerprint:
type: array
items:
type: string
format: byte
BatchIdentityCheckRequest:
required:
- elements
type: object
properties:
elements:
maxItems: 1000
minItems: 0
type: array
items:
$ref: '#/components/schemas/Element'
CreateProfileRequest:
required:
- commitment
- version
type: object
properties:
avatar:
type: boolean
badgeIds:
type: array
items:
type: string
commitment:
$ref: '#/components/schemas/ProfileKeyCommitment'
version:
type: string
name:
type: array
items:
type: string
format: byte
aboutEmoji:
type: array
items:
type: string
format: byte
about:
type: array
items:
type: string
format: byte
paymentAddress:
type: array
items:
type: string
format: byte
sameAvatar:
type: boolean
phoneNumberSharing:
type: array
items:
type: string
format: byte
avatarChange:
type: string
enum:
- UNCHANGED
- CLEAR
- UPDATE
ProfileKeyCommitment:
type: object
properties:
internalContentsForJNI:
type: array
items:
type: string
format: byte
ProvisioningMessage:
required:
- body
type: object
properties:
body:
type: string
RegistrationRequest:
required:
- accountAttributes
- aciIdentityKey
- aciPqLastResortPreKey
- aciSignedPreKey
- pniIdentityKey
- pniPqLastResortPreKey
- pniSignedPreKey
- skipDeviceTransfer
type: object
properties:
sessionId:
type: string
description: |
The ID of an existing verification session as it appears in a verification session
metadata object. Must be provided if `recoveryPassword` is not provided; must not be
provided if `recoveryPassword` is provided.
recoveryPassword:
type: array
description: |
A base64-encoded registration recovery password. Must be provided if `sessionId` is
not provided; must not be provided if `sessionId` is provided
items:
type: string
description: |
A base64-encoded registration recovery password. Must be provided if `sessionId` is
not provided; must not be provided if `sessionId` is provided
format: byte
accountAttributes:
$ref: '#/components/schemas/AccountAttributes'
skipDeviceTransfer:
type: boolean
description: |
If true, indicates that the end user has elected not to transfer data from another
device even though a device transfer is technically possible given the capabilities of
the calling device and the device associated with the existing account (if any). If
false and if a device transfer is technically possible, the registration request will
fail with an HTTP/409 response indicating that the client should prompt the user to
transfer data from an existing device.
aciIdentityKey:
$ref: '#/components/schemas/IdentityKey'
pniIdentityKey:
$ref: '#/components/schemas/IdentityKey'
aciSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
pniSignedPreKey:
$ref: '#/components/schemas/ECSignedPreKey'
aciPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
pniPqLastResortPreKey:
$ref: '#/components/schemas/KEMSignedPreKey'
apnToken:
$ref: '#/components/schemas/ApnRegistrationId'
gcmToken:
$ref: '#/components/schemas/GcmRegistrationId'
valid:
type: boolean
UserRemoteConfig:
type: object
properties:
name:
type: string
enabled:
type: boolean
value:
type: string
UserRemoteConfigList:
type: object
properties:
config:
type: array
items:
$ref: '#/components/schemas/UserRemoteConfig'
serverEpochTime:
type: string
format: date-time
AuthCheckResponse:
required:
- matches
type: object
properties:
matches:
type: object
additionalProperties:
type: string
description: "A dictionary with the auth check results: `KBS Credentials\
\ -> 'match'/'no-match'/'invalid'`"
enum:
- match
- no-match
- invalid
description: "A dictionary with the auth check results: `KBS Credentials\
\ -> 'match'/'no-match'/'invalid'`"
AuthCheckRequest:
required:
- number
- passwords
type: object
properties:
number:
type: string
description: The e164-formatted phone number.
passwords:
maxItems: 10
minItems: 0
type: array
description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\
\ may contain at most 10."
items:
maxLength: 10
minLength: 0
type: string
description: "A list of SVR auth values, previously retrieved from `/v1/backup/auth`;\
\ may contain at most 10."
StickerPackFormUploadAttributes:
type: object
properties:
manifest:
$ref: '#/components/schemas/StickerPackFormUploadItem'
stickers:
type: array
items:
$ref: '#/components/schemas/StickerPackFormUploadItem'
packId:
type: string
StickerPackFormUploadItem:
type: object
properties:
id:
type: integer
format: int32
key:
type: string
credential:
type: string
acl:
type: string
algorithm:
type: string
date:
type: string
policy:
type: string
signature:
type: string
ConfirmPayPalBoostRequest:
required:
- currency
- payerId
- paymentId
- paymentToken
type: object
properties:
currency:
type: string
amount:
minimum: 1
type: integer
format: int64
level:
type: integer
format: int64
paymentMethod:
type: string
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
payerId:
type: string
paymentId:
type: string
paymentToken:
type: string
CreateBoostRequest:
required:
- currency
type: object
properties:
currency:
type: string
amount:
minimum: 1
type: integer
format: int64
level:
type: integer
format: int64
paymentMethod:
type: string
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
CreateBoostReceiptCredentialsRequest:
required:
- paymentIntentId
- processor
- receiptCredentialRequest
type: object
properties:
paymentIntentId:
type: string
receiptCredentialRequest:
type: array
items:
type: string
format: byte
processor:
type: string
enum:
- STRIPE
- BRAINTREE
CreatePayPalBoostRequest:
required:
- cancelUrl
- currency
- returnUrl
type: object
properties:
currency:
type: string
amount:
minimum: 1
type: integer
format: int64
level:
type: integer
format: int64
paymentMethod:
type: string
enum:
- UNKNOWN
- CARD
- PAYPAL
- SEPA_DEBIT
- IDEAL
returnUrl:
type: string
cancelUrl:
type: string
CreatePayPalBillingAgreementRequest:
required:
- cancelUrl
- returnUrl
type: object
properties:
returnUrl:
type: string
cancelUrl:
type: string
GetReceiptCredentialsRequest:
required:
- receiptCredentialRequest
type: object
properties:
receiptCredentialRequest:
type: array
items:
type: string
format: byte
VerificationSessionResponse:
type: object
properties:
id:
type: string
nextSms:
type: integer
format: int64
nextCall:
type: integer
format: int64
nextVerificationAttempt:
type: integer
format: int64
allowedToRequestCode:
type: boolean
requestedInformation:
type: array
items:
type: string
enum:
- pushChallenge
- captcha
verified:
type: boolean
CreateVerificationSessionRequest:
required:
- number
type: object
properties:
number:
type: string
pushToken:
type: string
pushTokenType:
type: string
enum:
- apn
- fcm
pushChallenge:
type: string
captcha:
type: string
mcc:
type: string
mnc:
type: string
UpdateVerificationSessionRequest:
type: object
properties:
pushToken:
type: string
pushTokenType:
type: string
enum:
- apn
- fcm
pushChallenge:
type: string
captcha:
type: string
mcc:
type: string
mnc:
type: string
VerificationCodeRequest:
required:
- client
- transport
type: object
properties:
transport:
type: string
enum:
- sms
- voice
client:
type: string
SubmitVerificationCodeRequest:
required:
- code
type: object
properties:
code:
type: string
securitySchemes:
authenticatedAccount:
type: http
description: "Account authentication is based on Basic authentication schema,\
\ \nwhere `username` has a format of `<user_id>[.<device_id>]`. If `device_id`\
\ is not specified,\nuser's `main` device is assumed.\n"
scheme: basic
Reference in New Issue View Git Blame Copy Permalink