Setu Public API Documentation
Everything you need to integrate Setu's messaging into your applications.
v1.0Base URL:
Using an AI agent? Connect via the Model Context Protocol — same capabilities as tools.MCP docs →https://setu.theabhipatel.com/api/v1Getting Started
The Setu Public API allows you to send messages, manage conversations, and receive webhooks from your applications. Follow these steps:
1
Create Account
Sign up at setu.app
2
Enable 2FA
Required before generating API keys
3
Generate API Key
Go to API Studio → API Keys → Create Key
4
Make API Calls
Use your key in the Authorization header
Response Format
All responses use a consistent JSON envelope:
json
// Success
{
"success": true,
"data": { ... },
"meta": {
"request_id": "req_abc123def456",
"rate_limit": {
"limit": 60,
"remaining": 42,
"reset": 60
}
}
}
// Error
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid",
"status": 401
}
}Authentication
All API requests require a valid API key passed in the Authorization header as a Bearer token.
bash
curl -X GET https://setu.theabhipatel.com/api/v1/conversations \
-H "Authorization: Bearer tap_setu_a3f8b1c9d4e7f2a0b5c8d1e4f7a0b3c6d9e2f5a8"Never expose your API key in client-side code or public repositories. Always use server-to-server requests.
Key Format
All Setu API keys start with tap_setu_ followed by 64 hexadecimal characters.
Rate Limits
Rate limits depend on your plan. Every response includes rate limit headers:
http
X-RateLimit-Limit: 60 # Max requests per minute
X-RateLimit-Remaining: 42 # Remaining in current window
X-RateLimit-Reset: 60 # Seconds until window resets| Plan | Requests/min | Daily Limit | API Keys | Webhooks |
|---|---|---|---|---|
| Free | 60 | 10,000 | 3 | 2 |
| Plus | 300 | 100,000 | 10 | 10 |
| Pro | 1,000 | 500,000 | 25 | 25 |
Messages API
POST
/v1/messages/send| Parameter | Type | Required | Description |
|---|---|---|---|
| conversation_id | string (UUID) | Required | Target conversation ID |
| content | string | Required | Message text content |
| message_type | string | Optional | text (default), image, file |
| reply_to | string (UUID) | Optional | ID of message to reply to |
bash
curl -X POST https://setu.theabhipatel.com/api/v1/messages/send \
-H "Authorization: Bearer tap_setu_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"conversation_id": "550e8400-e29b-41d4-a716-446655440000",
"content": "Hello from the API!",
"message_type": "text"
}'json
{
"success": true,
"data": {
"id": "msg_uuid",
"conversation_id": "550e8400-...",
"sender_id": "user_uuid",
"content": "Hello from the API!",
"message_type": "text",
"created_at": "2026-04-26T12:00:00Z"
}
}GET
/v1/messages/list/:conversation_id| Parameter | Type | Required | Description |
|---|---|---|---|
| conversation_id | string (UUID) | Required | Conversation ID (URL param) |
| limit | integer | Optional | Items per page (default 50, max 100) |
| before | string (ISO) | Optional | Cursor: messages before this timestamp |
PATCH
/v1/messages/:id| Parameter | Type | Required | Description |
|---|---|---|---|
| content | string | Required | Updated message text |
DELETE
/v1/messages/:idConversations API
GET
/v1/conversationsbash
curl https://setu.theabhipatel.com/api/v1/conversations \
-H "Authorization: Bearer tap_setu_your_key_here"POST
/v1/conversations| Parameter | Type | Required | Description |
|---|---|---|---|
| type | string | Required | 'private' or 'group' |
| member_ids | string[] | Required | Array of user UUIDs to add |
| name | string | Optional | Group name (required for groups) |
| description | string | Optional | Group description |
GET
/v1/conversations/:idGroups API
POST
/v1/groups/:id/members| Parameter | Type | Required | Description |
|---|---|---|---|
| user_ids | string[] | Required | Array of user UUIDs to add |
DELETE
/v1/groups/:id/members/:user_idGET
/v1/groups/:id/membersUsers API
GET
/v1/users/search?q=query| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | Required | Search query (username or name) |
| limit | integer | Optional | Max results (default 20, max 50) |
bash
curl "https://setu.theabhipatel.com/api/v1/users/search?q=john" \
-H "Authorization: Bearer tap_setu_your_key_here"GET
/v1/users/:idFiles API
POST
/v1/files/uploadUse multipart/form-data to upload files. Max size: 10MB.
| Parameter | Type | Required | Description |
|---|---|---|---|
| file | File | Required | The file to upload |
| conversation_id | string (UUID) | Required | Target conversation |
bash
curl -X POST https://setu.theabhipatel.com/api/v1/files/upload \
-H "Authorization: Bearer tap_setu_your_key_here" \
-F "file=@photo.jpg" \
-F "conversation_id=550e8400-e29b-41d4-a716-446655440000"Account API
GET
/v1/accountbash
curl https://setu.theabhipatel.com/api/v1/account \
-H "Authorization: Bearer tap_setu_your_key_here"json
{
"success": true,
"data": {
"id": "user_uuid",
"email": "you@example.com",
"username": "johndoe",
"first_name": "John",
"last_name": "Doe",
"plan": "free",
"created_at": "2026-01-15T08:00:00Z"
}
}Webhooks
Webhooks push real-time events to your endpoint via HTTP POST. Configure them in the API Studio.
Available Events
message.receivedNew message in your conversationsmessage.updatedA message was editedmessage.deletedA message was soft-deletedconversation.createdYou were added to a new conversationmember.joinedNew member joined a groupmember.leftMember left or was removedPayload Format
json
{
"event": "message.received",
"timestamp": "2026-04-26T15:00:00Z",
"data": {
"conversation_id": "uuid",
"message_id": "uuid",
"sender_id": "uuid",
"content_preview": "Hey, how are...",
"message_type": "text",
"created_at": "2026-04-26T15:00:00Z"
}
}Headers
http
Content-Type: application/json
X-Setu-Signature: sha256=<HMAC-SHA256 of body using webhook secret>
X-Setu-Event: message.received
X-Setu-Delivery-Id: dlv_uuid_here
X-Setu-Timestamp: 1714150800Signature Verification (Node.js)
javascript
const crypto = require('crypto');
function verifyWebhookSignature(body, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Error Codes
| HTTP | Code | Description |
|---|---|---|
| 400 | INVALID_REQUEST | Request body is malformed or missing required fields |
| 401 | MISSING_API_KEY | No Authorization header provided |
| 401 | INVALID_API_KEY | The API key is invalid or not found |
| 403 | KEY_DISABLED | The API key has been deactivated |
| 403 | KEY_EXPIRED | The API key has expired |
| 403 | IP_NOT_ALLOWED | Your IP is not in the key's whitelist |
| 403 | PERMISSION_DENIED | This key lacks the required permission scope |
| 404 | NOT_FOUND | The requested resource was not found |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests — wait and retry |
| 500 | INTERNAL_ERROR | Something went wrong on our end |