API Overview
start.chat REST API documentation
v2026.03.6600f9The start.chat API lets you programmatically interact with servers, channels, messages, and more.
Base URL
Authentication
All API requests require authentication via an API key:
Terminal
Get your API key from Server Settings → API Keys in the app.
API keys are scoped to a single server and inherit the permissions of the role
they’re assigned to. Keys use the format sk_live_*.
Key permissions
Permissions are enforced by Zero’s row-level permission model. Your API key inherits the role flags of its assigned role, and Zero checks these against each resource’s write rules.
| Permission | Allows |
|---|---|
canAdmin | Full server administration |
canEditChannel | Create, modify, delete channels |
canEditData | Send messages, create threads, add reactions |
canModerate | Pin messages, manage roles, kick members |
canEditApp | Manage app installations and secrets |
canViewData | Read generic app data |
Response format
All responses are JSON with this structure:
Resources
| Resource | Endpoints | Description |
|---|---|---|
| Apps | 5 | Custom apps |
| App Installs | 2 | App installations |
| Channels | 3 | Create and manage channels |
| Indicators | 3 | Typing indicators |
| Invites | 2 | Server invites |
| Messages | 3 | Send, edit, and delete messages |
| Pins | 2 | Pinned messages |
| Roles | 3 | Roles and permissions |
| Secrets | 2 | App secrets and API keys |
| Servers | 1 | Server settings |
| Server Members | 3 | Server membership |
| Threads | 3 | Message threads |
| User Roles | 2 | Role assignments |
Standard CRUD Operations
Most resources support these standard operations with consistent request/response formats:
Create (POST)
Terminal
Update (PATCH)
Terminal
Delete (DELETE)
Terminal
All CRUD operations return:
Rate limits
Requests are rate-limited per user per resource using a sliding window. Rate-limited responses include headers:
| Resource | Limit | Window |
|---|---|---|
message | 30/min | 60s |
channel | 10/min | 60s |
server | 5/min | 60s |
thread | 20/min | 60s |
reaction | 30/min | 60s |
indicator | 60/min | 60s |
query | 60/min | 60s |
| Everything else | 60/min | 60s |
Error codes
| Code | Status | Description |
|---|---|---|
UNAUTHORIZED | 401 | Missing or invalid authentication |
INVALID_API_KEY | 401 | API key format invalid, revoked, or expired |
FORBIDDEN | 403 | Authenticated but lacks the required permission |
NOT_FOUND | 404 | Resource, endpoint, or query not found |
INVALID_REQUEST | 400 | Missing required fields or invalid values |
ALREADY_EXISTS | 409 | Resource already exists |
RATE_LIMITED | 429 | Too many requests — check Retry-After header |
INTERNAL_ERROR | 500 | Server error |
Queries
Read endpoints use GET with REST paths:
Terminal
Available queries:
| Path | Query | Description |
|---|---|---|
GET /api/v1/servers/:serverId | serverById | Get server details by ID. |
GET /api/v1/servers/:serverId/members | serverMembers | List members of a server. |
GET /api/v1/servers | userServers | List servers the authenticated user belongs to. |
GET /api/v1/servers/joinable | searchJoinableServers | Search for public servers the user can join. |
GET /api/v1/servers/:serverId/channels | channelsByServer | List all channels in a server. |
GET /api/v1/channels/:channelId | channelById | Get channel details by ID. |
GET /api/v1/channels/:channelId/messages | channelMessages | Fetch messages in a channel. Supports cursor-based pagination, filtering, and limit control. |
GET /api/v1/messages/:messageId | messageById | Get a single message by ID. |
GET /api/v1/channels/:channelId/pins | pinnedMessagesPage | Get pinned messages in a channel with pagination. |
GET /api/v1/threads/:threadId | threadWithMessages | Get a thread and all its messages. |
GET /api/v1/messages/:messageId/threads | threadsByMessageId | Get threads attached to a message. |
GET /api/v1/threads/:threadId/info | threadById | Get thread metadata by ID. |
GET /api/v1/users/:userId | userById | Get user profile by ID. |
GET /api/v1/roles/:roleId | roleById | Get role details by ID. |
GET /api/v1/servers/:serverId/invites | invitesByServer | List invites for a server. |
GET /api/v1/invites/:inviteId | inviteById | Get invite details by ID. |
GET /api/v1/servers/:serverId/app-installs | appInstallsByServer | List app installations for a server. |
GET /api/v1/apps/:appId | appById | Get app details by ID. |
GET /api/v1/app-installs/:appInstallId | appInstallById | Get app installation details by ID. |
GET /api/v1/servers/:serverId/flows | flowsByServer | List flows for a server. |
GET /api/v1/flows/:flowId | flowById | Get flow details by ID. |
GET /api/v1/notifications | latestNotifications | Get latest notifications for the authenticated user. |
See the SDK queries reference for typed parameters.
Permissions by Resource
Each resource defines its own write permission rules, enforced by Zero at the row level:
| Resource | Write Permission |
|---|---|
app | server creator, admin, or canEditChannel/canEditServer role |
appInstall | canEditApp role |
channel | server creator, admin, or canEditChannel/canEditServer role |
indicator | own user only |
invite | server admin or invite creator |
message | server admin, moderator, or message creator (non-readonly channel) |
pin | canEditChannel role or server admin |
role | server admin (canAdmin) |
secret | see model definition |
server | platform admin, server creator, or canAdmin/canEditServer role |
serverMember | own membership, server admin, or moderator |
thread | server admin, thread creator, or agent (non-readonly channel) |
userRole | server admin (canAdmin) |