Operator Authorization and Deep Links
This guide explains how to obtain a valid authorization token for operators in the system via API and how to use deep links to navigate to the chat panel.
API Base URL: https://chatapi.smsbat.com/
Swagger: https://chatapi.smsbat.com/index.html
Note: You can use the
X-Authorization-Keyheader with your token (available in your Profile in the dashboard) instead ofBearerauthorization for company-level requests.
1. Obtain Company Token
To get the company token, send an HTTP POST request to /api/company/get-token containing the company’s login credentials.
Request
- Method: POST
- URL:
https://chatapi.smsbat.com/api/company/get-token - Headers:
Content-Type: application/json
Body:
{
"login": "string",
"password": "string"
}
Response
- Status Code: 200 (OK)
- Body: String token (
"your_token_string")
Note: Save the received token for subsequent requests.
2. Retrieve Organization List
Send a GET request to /api/company/organization using the company token to list your organizations.
Request
- Method: GET
- URL:
https://chatapi.smsbat.com/api/company/organization - Headers:
Authorization: Bearer {token}Accept: text/plain
Response
- Status Code: 200 (OK)
- Body:
[
{
"id": 6,
"name": "string"
}
]
3. Retrieve Operators by Organization
Send a GET request to /api/operator using the organizationId parameter.
Request
- Method: GET
- URL:
https://chatapi.smsbat.com/api/operator?organizationId={id} - Headers:
Authorization: Bearer {token}Accept: text/plain
Response
- Status Code: 200 (OK)
- Body:
[
{
"id": 21,
"name": "string",
"status": 1,
"organization": {
"id": 24,
"name": "test_costs"
}
}
]
4. Add Operators to the System
Use the company token to access this endpoint and synchronize operators to the system.
Request
- Method: POST
- URL:
https://chatapi.smsbat.com/api/operator/synchronize - Headers:
Authorization: Bearer {token}Content-Type: application/json
Body:
[
{
"organizationId": 24,
"name": "string"
}
]
Response
- Status Code: 200 (OK)
- Body:
[
{
"id": 21,
"status": 0,
"name": "string"
}
]
Possible Operator Statuses:
- Active:
0 - Inactive:
1 - Deleted:
2
5. Obtain Operator Token
Authorize with the company token to obtain a token for a specific operator.
Request
- Method: POST
- URL:
https://chatapi.smsbat.com/api/operator/get-token - Headers:
Authorization: Bearer {token}Content-Type: application/json
Body:
{
"id": 0,
"expiresAt": "2025-01-20T14:33:34.147Z"
}
expiresAt is required and determines the operator’s session duration (max +24 hours).
Response
- Status Code: 200 (OK)
- Body: String token
6. Validate Operator Token
Verify the validity of an operator’s token.
Request
- Method: POST
- URL:
https://chatapi.smsbat.com/api/operator/validate-token - Headers:
Authorization: Bearer {token}Content-Type: application/json
Body: "operator_token_string"
Valid Response (200 OK):
{
"isValid": true,
"operatorId": 0,
"clientId": 0,
"expiresAt": "2024-12-28T14:04:15.861Z",
"error": null
}
7. Deep Linking to Operator Chat Panel
External systems (CRM, ERP, internal websites) can directly open the Chat panel leveraging the deep links by passing the JWT Operator token as a parameter. If the token is invalid or expired, the user will be redirected to the login interface.
Format 1: By Chat ID
https://chat.smsbat.com/?chat_raw_id=<chat_id>&token=<jwt_token>
Format 2: By Phone Number
https://chat.smsbat.com/?phone=<phone_number>&token=<jwt_token>
Phone number must be in E.164 international format.
Format 3: By Alpha Name & Phone
https://chat.smsbat.com/?from=<bm_id>&phone=<phone_number>&token=<jwt_token>
Format 4: Complete Target Details
Specify exactly which source to intercept messages from:
https://chat.smsbat.com/?source=<sourceId>&from=<bm_id>&phone=<phone_number>&token=<jwt_token>
Chat Sources:
0- Viber1- ViberBot2- TelegramBot3- Whatsapp4- Widget5- Rozetka6- Facebook7- Instagram