{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"9154f40a-2436-4015-a246-6c881807ed20","name":"Synthetix API Documentation","description":"![](\"https://synthetix.com/wp-content/uploads/2021/01/logo_synthetix.png\")
\n\nWelcome to the Synthetix API documentation. Synthetix is a leading provider of SaaS Business to Business customer service software. Our platform offers a complete online customer service solution, combining automated and agent-assisted Customer Experience (CX) channels to revolutionize the way businesses interact with their customers.\n\nOur API provides developers with the tools to integrate our services into their own applications, allowing for seamless access to our features such as real-time messaging, knowledge base, and chatbot capabilities. This enables businesses to boost their customer service efficiency by up to 20%, delivering a superior customer experience.\n\nWhether you're looking to integrate our services into your existing systems, develop new applications, or simply explore the possibilities of our platform, this documentation will guide you through the process. It includes detailed explanations of our endpoints, example requests and responses, and troubleshooting tips.\n\nWe're committed to helping you make the most of our API, and we're always here to help if you have any questions or run into any issues. Let's get started!\n\n# Overview\n\nThe Synthetix Application Programming Interface (API) is a REST-based platform with predictable, resource-oriented URLs, and uses standard HTTP responses to indicate API errors. We support cross-origin resource sharing, enabling you to interact securely with our API from a client-side web application. All API responses are returned in JSON format.\n\nThis document provides comprehensive information about the functionality, standards, and rules of engagement for using the Synthetix API. Please make sure to read and understand this information before you begin integrating with our API.\n\n# Getting Started\n\nThe following sections provide detailed information about how to start using the Synthetix API, including acquiring and using API keys, setting up and managing service accounts, and other important procedures.\n\n## Acquiring API Keys\n\nAPI keys, designated as `APPLICATIONKEY` and `CONSUMERKEY`, are essential for authentication and resource access. These keys are accessible solely to registered and authorised businesses and users, and are linked to a default view of your knowledge base and product assortment.\n\n#### Understanding Application Key and Consumer Key\n\n- **Application Key (****`APPLICATIONKEY`****):** This key serves as the identifier for the application making the request to the Synthetix API. It is crucial for tracking and managing the interactions between your application and Synthetix’s resources. The `APPLICATIONKEY` is unique to each application and helps ensure that the requests are routed correctly and that the application adheres to the permissions and limitations set forth by Synthetix.\n \n- **Consumer Key (****`CONSUMERKEY`****):** A consumer, in this context, is a client of Synthetix. The `CONSUMERKEY` is tied to the consumer and identifies the consumer to Synthetix when requests are made. This key helps Synthetix to verify the identity of the consumer and to ensure that the consumer has the necessary permissions to access or modify the resources requested.\n \n\nIt's crucial that each application has its own application key, uniquely configured for its specific purpose. Using keys intended for another application, or reusing keys provided for your Synthetix.cloud application or your website's hosted application, is strictly prohibited.\n\n_To obtain a set of API keys, you should contact your Synthetix Account Manager with a written request. This request must include a detailed description of what the application is intended for, as well as a name and a description for your keys, which will be stored against them for easy identification. In addition, you must acknowledge that you agree with the terms of use of the Synthetix API, as outlined in this documentation. Failure to adhere to these terms may result in your keys being banned and may result in your API access being revoked._\n\nAPI keys must be included in the HTTP header for authentication when using the API.\n\n``` json\n{\n \"APPLICATIONKEY\": \"your-application-key\",\n \"CONSUMERKEY\": \"your-consumer-key\"\n}\n\n ```\n\n## Using Service Accounts\n\nFor any user accounts being used by the API programmatically, it's recommended to use service accounts rather than standard user accounts. This offers a higher level of security and control over API access. For more information on setting up service accounts, please contact your account manager.\n\n## API Environments\n\nSynthetix provides various environments for different stages of application development and testing. By default, any application that has not undergone a review will only have access to the Sandbox environment. Once your application passes a review, access to the Production environment will be granted. Below are the details of each environment:\n\n### 1\\. Production Environment\n\n- **URL:** `https://api.synthetix.com`\n \n- **Description:** The Production environment is the live environment that uses real, operational data. This environment should be used for applications that have been fully developed, tested, and reviewed.\n \n- **Access:** Granted following a successful review of the application. This environment should be used with caution as it affects real-world data and user interactions.\n \n\n### 2\\. Staging Environment\n\n- **URL:** `https://apistaging.synthetix.com`\n \n- **Description:** The Staging environment is a close replica of the Production environment, using cloned databases. It is primarily used for final testing before deploying to Production.\n \n- **Access:** This environment is ideal for pre-production testing, allowing developers to validate their application in a setting that closely mirrors the actual Production environment.\n \n\n### 3\\. Sandbox Environment\n\n- **URL:** `https://apisandbox.synthetix.com`\n \n- **Description:** The Sandbox environment is a safe and isolated environment for development and penetration testing. It uses cloned databases and is completely separate from the Production environment.\n \n- **Access:** Automatically available to all applications. This environment is recommended for initial development, testing, and ongoing experimentation. It provides a risk-free setting to try new features or conduct security tests.\n \n\n### Environment Usage Guidelines\n\n- **Initial Development:** Start with the Sandbox environment to develop and test your application.\n \n- **Testing and Validation:** Move to the Staging environment for final testing once your application is stable and ready for a pre-production review.\n \n- **Production Deployment:** After successful review and testing, use the Production environment for your live application.\n \n\n### **Example Development Workflow**\n\n1. **Start in Sandbox**\n \n - Use the Sandbox environment (`https://apisandbox.synthetix.com`) to build and test your application.\n \n - Focus on functionality and handling API responses.\n \n2. **Test in Staging**\n \n - Once your application is stable, move to the Staging environment (`https://apistaging.synthetix.com`).\n \n - Perform final testing in an environment that mirrors Production.\n \n3. **Submit for Review**\n \n - Submit your application to Synthetix for review.\n \n - Address any feedback provided.\n \n4. **Deploy to Production**\n \n - After approval, switch your application to use the Production environment (`https://api.synthetix.com`).\n \n - Monitor the application for any issues.\n \n\nRemember to handle each environment with the appropriate level of caution and consideration, especially when dealing with real user data in the Production environment. Regularly review and update your application's access to ensure compliance with Synthetix's security standards and best practices.\n\n## Application Review Process\n\nTo ensure the proper integration and usage of the Synthetix API, we have implemented an application review process. This process involves a code review conducted by a Synthetix developer, aimed at evaluating the functionality, logic, and adherence to best practices within your application. Please follow the steps below to initiate the application review:\n\n1. **Contact your Account Manager**: Reach out to your Synthetix Account Manager to express your interest in scheduling an application review. They will guide you through the process and provide further instructions.\n \n2. **Purpose Overview**: During the review, provide an overview of your application's purpose. Explain its intended functionality, the target audience, and how it will interact with the Synthetix API. This will help the developer gain a comprehensive understanding of your application's objectives.\n \n3. **Demonstration of API Usage**: Prepare a demonstration of how your application interacts with the Synthetix API. You can present your source code or pseudo code, highlighting the key integration points. Walk through the code and explain the logic and data flow related to Synthetix API access. This demonstration will assist the developer in assessing the implementation and identifying any areas for improvement.\n \n4. **Examination of Logic**: The Synthetix developer will carefully examine and analyze the sections of your code where interactions with the Synthetix API occur. They will assess the adherence to best practices, efficiency, error handling, and security measures. Be prepared to discuss the decision-making process and rationale behind the integration logic.\n \n5. **Live Network Requests**: During the review, the developer may request to observe live network requests made by your application to Synthetix servers. This allows them to verify the data exchange, identify any potential issues or performance bottlenecks, and offer suggestions for optimization.\n \n\n> **Important**: To ensure a controlled environment and maintain the stability and security of our production environment, it is crucial to perform all development and testing exclusively on the Sandbox environment. Only after your application has been thoroughly reviewed, approved, and signed off by the Synthetix developer, should it be used in our production environment to handle live production-level traffic. \n \n\nBy following this application review process, we can ensure that your application integrates smoothly with the Synthetix API, meets our quality standards, and provides a reliable experience for your users.\n\n## Unused Application/API Key Policy\n\n#### Purpose\n\nTo maintain the security and efficiency of our API services, Synthetix implements a policy for the management of unused API keys. This policy outlines the procedures for deactivating and potentially deleting API keys that remain inactive for an extended period.\n\n#### Scope\n\nThis policy applies to all API keys issued by Synthetix and is intended to prevent security vulnerabilities and optimize system performance.\n\n#### Deactivation of Unused API Keys\n\n- **Monitoring and Identification:** Synthetix monitors the activity of all issued API keys. API keys that have not been used for more than 90 days are identified as inactive.\n \n- **Temporary Deactivation:** Inactive API keys are automatically disabled. Business and Key owners and will be notified and given instructions on how to request reactivation.\n \n\n#### Reactivation of API Keys\n\n- **Request Process:** Users whose API keys have been deactivated can request reactivation by submitting a support ticket under the category \"API & Applications\". The subject of the ticket should be \"Reverse auto key disable\" followed by the API key in question.\n \n- **Assessment and Reactivation:** The support team will assess the reactivation request. If approved, the API key will be reactivated.\n \n\n#### Deletion of Inactive API Keys\n\n- **Deletion Warning:** Key holders will receive a final notice if their API key remains inactive and unreactivated by the specified deadline.\n \n- **Permanent Deletion:** If no action is taken by the deadline, the API key and any associated application data will be permanently deleted from our systems.\n \n\n#### Compliance and Security\n\nThis process is conducted in compliance with our data security protocols and privacy standards, ensuring the protection and integrity of user data and system resources.\n\n# Whitelisting\n\nWhile it is not mandatory to whitelist IPs, it is highly recommended as a crucial security measure. Whitelisting allows you to specify which IP addresses, IP ranges, or fully qualified domain names (FQDNs) are permitted to access your API keys. By implementing whitelisting, you can control and restrict access to your API, enhancing security and protecting your sensitive data.\n\nThere are two approaches to configuring whitelisting:\n\n1. **Specific IP Addresses or Domains:** \n You can provide a list of specific IP addresses or FQDNs that are authorized to access your API keys. To set up this type of whitelisting, please raise a support ticket and include the complete list of additonal allowed IPs or domains. Once added to the whitelist, only the specified IPs or domains will have access, while all others will be automatically blocked.\n \n2. **Wildcard (\\*) Whitelisting (Caution advised):** \n As an alternative, you have the option to use a wildcard (\\*) to allow anyone with the application and consumer key unrestricted access to your API. However, this approach poses potential security risks and should be used with extreme caution. If you decide to proceed with wildcard whitelisting, kindly document the rationale behind it when raising the support ticket, and we will implement it accordingly.\n \n\nIt's important to note that when configuring whitelisting, you can also include IP ranges (CIDR notation) for added flexibility. For example, you can whitelist an entire range of IP addresses like 192.168.1.1/32.\n\nPlease ensure that all relevant IP addresses and domains your application may use are included in the whitelist. Any changes made to the whitelist may take upto an hour to propagate and take effect.\n\nIn the event of a security breach or suspected unauthorized access, it is crucial to act promptly. Immediately rotate your API keys and update the whitelist accordingly. Additionally, notify your account manager as soon as possible in such cases. They can provide guidance, investigate the situation, and assist you in mitigating potential risks or damages.\n\nIf you have any questions or concerns about setting up IP or domain whitelisting, please don't hesitate to contact support. We are dedicated to helping you ensure that your API usage remains secure.\n\n# Session Management\n\nTo access and authenticate API requests, we use an Authorization header with a bearer token. The bearer token is a temporary token generated from the profile or session endpoints, and it must be used in conjunction with the application and consumer keys. Please note that we do not utilize OAuth for authentication.\n\n## Obtaining a Bearer Token\n\nTo obtain a bearer token, you need to make a request to the profile or session endpoints using your application and consumer keys. This request will authenticate and authorize your session, generating a temporary bearer token that grants access to the API for that specific session.\n\nIt's important to note that bearer tokens are temporary and specific to each session. They provide a level of security and control by limiting the access and lifespan of each token.\n\n## Including the Bearer Token in the Authorization Header\n\nOnce you have obtained a bearer token, you need to include it in the Authorization header of your API requests. The header should follow the format:\n\n`Authorization: {{vault:bearer-token}}`\n\nReplace `SAMPLE_TOKEN` with the actual bearer token generated for your session.\n\n## Protecting and Securing Bearer Tokens\n\nBearer tokens are sensitive information and should be handled securely. Treat bearer tokens with the same level of confidentiality and protection as you would with any other sensitive credential. It's essential to keep bearer tokens secure and avoid exposing them to unauthorized individuals or publicly accessible locations.\n\nDo not include bearer tokens in URLs, query parameters, or other easily accessible locations, as they can be intercepted or compromised. Always use the Authorization header to transmit bearer tokens securely.\n\n## Including the User Agent Header\n\nTo ensure the security and integrity of our API, all API requests must include a `User-Agent` header. We have rules configured on our Web Application Firewall (WAF) that will automatically ban requests lacking a `User-Agent` string.\n\n### Why is the User-Agent Header Required?\n\nThe `User-Agent` header serves several purposes related to security and protection:\n\n1. **Identification:** The `User-Agent` string helps us identify the nature of the requests, whether they are coming from a web browser, a mobile application, or another type of client.\n \n2. **Security Measures:** The `User-Agent` string allows us to implement advanced security rules and measures. For instance, we may restrict certain types of clients or versions from accessing our API based on the `User-Agent`.\n \n3. **Protection Against Abuse:** Automated bots and malicious actors often omit the `User-Agent` string to disguise their requests. By requiring a `User-Agent`, we add an extra layer of security that can filter out potentially harmful activity.\n \n\n### How to Include the User-Agent Header\n\nWhen making an API request, include the `User-Agent` header like so:\n\n``` php\nUser-Agent: YourAppName/1.0 \n\n ```\n\nReplace `YourAppName/1.0` with a string that appropriately identifies your application and its version.\n\nFailure to include a `User-Agent` header may result in your request being automatically banned by our WAF, so it's crucial that you implement this in all your API requests.\n\nIf you have any questions or require further clarification about the `User-Agent` header requirement, please don't hesitate to contact our support team. We are committed to ensuring that your experience with our API is both secure and efficient.\n\n## Session Expiry and Renewal\n\nBearer tokens have a limited lifespan and are valid only for the duration of the session for which they were generated. The session lengths for different types of sessions are as follows:\n\n- External Session Length: 2 hours\n \n- Internal Session Length (Generic): 1 hour\n \n- Internal Session Length (Metrics): 6 hours\n \n\nOnce a session expires, the bearer token becomes invalid, and you will need to obtain a new token by re-authenticating with the profile or session endpoints.\n\nIt's important to manage and track session expiry to ensure uninterrupted access to the API. You may need to implement mechanisms to handle session renewal or prompt users to re-authenticate when their session expires.\n\nBy using bearer tokens in the Authorization header and following the guidelines mentioned above, you can securely authenticate your API requests and ensure controlled access to the API resources within the context of each session.\n\n## Long-Lived Access Tokens (Paid Add-On)\n\nLong-lived access tokens are sessions that do not expire. They’re an alternative to our standard sessions, which expire after a set duration. They are available on request as a paid add-on.\n\nWith a long-lived access token, you do not need to refresh or request new tokens when a normal session expires. This can simplify your integration and reduce authentication overhead in long-running jobs, backend services, or high-throughput workflows. Optionally, you are able to set an expiration with a variety of options from 1 hour to no expiration.\n\n**Key benefits:**\n\n- **No expiry/custom expiry:** Unlike standard sessions, long-lived access tokens remain valid until you revoke them or they expire when the optional expiration is met.\n \n- **Fewer auth calls:** Eliminates periodic token refresh logic and reduces failed calls due to token expiry.\n \n- **Same access:** Permissions and rate limits are the same as your account/configuration allows.\n \n\n**Good fit for:**\n\n- Always-on backend services\n \n- Batch processing and scheduled jobs\n \n- Systems where token rotation is operationally costly\n \n\n> **Note:** Not ideal for short-lived applications or environments where frequent rotation is required by your internal policy. \n \n\nIf you have any questions about these tokens, please speak to your Synthetix account manager.\n\nIf you wish to learn more about setting up or managing long-lived tokens, please visit this link for more information: [https://help.synthetix.com/article/qed791084/managing-longlived-access-tokens/0/ralJYa6lTmn7qQ==](https://help.synthetix.com/article/qed791084/managing-longlived-access-tokens/0/ralJYa6lTmn7qQ==)\n\n# Rate Limiting\n\nTo ensure the stability and performance of our API, we have implemented rate limiting based on our Web Application Firewall (WAF). The rate limiting is applied to the aggregation of requests originating from a specific source IP address. This means that the total number of requests from a single IP address is limited within a specific timeframe.\n\n## Rate Limit Details\n\n- Rate limit: 5,000 requests\n \n- Timeframe: 5 minutes\n \n\nThe rate limit signifies the maximum number of requests allowed from a single source IP address within a five-minute timeframe. Once the rate limit is reached, further requests from that IP address will be temporarily delayed or denied until the rate limit resets.\n\n## Scope of Inspection and Rate Limiting\n\nOur rate limiting mechanism considers all requests originating from a specific IP address. This includes requests made to any endpoint or resource within the API. Therefore, it's important to ensure that your application adheres to the rate limit to prevent disruptions in API access.\n\nPlease note that rate limiting is implemented to maintain the stability and fair usage of our API resources. If you find that your application consistently exceeds the rate limit, we recommend optimizing your API usage or contacting our support team to discuss potential solutions.\n\n> **Note:** The rate limit values mentioned above are subject to change. We will notify you in case of any adjustments to the rate limiting thresholds. \n \n\n# Webhooks\n\nWebhooks are a powerful feature that enables your application to receive real-time notifications and take action when specific event codes are triggered within the Synthetix system. They provide a simple way to connect your application with the API and react to events as they occur, rather than continuously polling for updates.\n\n> **Note:** Please note that this section is incomplete, and more event codes will be added in the future. \n \n\n## Webhook Event codes\n\nThe following table lists the currently available event codes, their descriptions, and potential use cases:\n\n| Event Code | Description | Use case |\n| --- | --- | --- |\n| 605 | New live chat requested | When a chat enters the queue, request data from a third-party system |\n| 606 | Live chat accepted by agent | Send a notification to the user that an agent has accepted their chat |\n| 604 | Live chat ended | Generate a chat summary or store the chat transcript |\n| 609 | Live chat abandoned | Notify administrators or agents of abandoned chat opportunities |\n| 628 | Live chat missed | Notify administrators or agents of missed chat opportunities |\n| 611 | Agent feedback left on live chat | This can be used to send agent feedback and transcription data following a chat |\n| 619 | Customer left feedback on live chat | Update customer satisfaction metrics or notify support team members |\n\nTo effectively use webhooks in your application, you'll need to configure them according to your specific requirements and ensure that your application listens for the specified events. This will enable your application to respond to these events in real-time, enhancing overall system efficiency and user experience.\n\n## Setting Up Webhooks\n\n1. Identify the event codes your application needs to respond to, as listed in the table above.\n \n2. Implement a listener within your application to handle incoming webhook notifications. This listener should be an endpoint that can process incoming HTTP requests, typically a POST request containing the event data.\n \n3. Liase with your account manager to setup the webhooks, specifying the event codes you want to receive notifications for and the URL of your listener endpoint.\n \n4. Test the webhook integration by triggering the corresponding events in the Synthetix system and confirming that your application receives the notifications and processes them correctly.\n \n\n## Handling Webhook Notifications\n\nWhen your listener receives a webhook notification, it should process the event data and take the appropriate action based on the event code. For example, if the event code is 605 (New live chat requested), your application might fetch additional data from a third-party system and display it to the agent handling the chat.\n\nIt is essential to implement appropriate error handling and logging mechanisms within your listener, as the webhook notifications may occasionally encounter issues such as network errors, timeouts, or malformed data.\n\n## Securing Webhooks\n\nTo ensure the security and integrity of your webhook integration, you should take the following precautions:\n\n1. Use HTTPS for your listener endpoint to encrypt the data transmitted between the Synthetix system and your application.\n \n2. Validate the incoming requests to confirm they originate from the Synthetix system. You can do this by checking the request headers, or implementing a shared secret for authentication.\n \n3. Limit the scope of the API keys used for webhook integration to minimize potential damage if the keys are compromised.\n \n4. Additionally, Synthetix offers a static IP service for an enhanced layer of security. When enabled, all webhooks will originate from a dedicated IP address, allowing you to whitelist this IP address in your firewall or security settings. This feature ensures that only traffic from the Synthetix system can reach your endpoint, further safeguarding your integration. Please note that this is a premium feature and comes at an additional cost. It can be enabled in the add-ons section of your account or by speaking to your account manager.\n \n\nBy incorporating webhooks into your application, you can create a more responsive, efficient, and user-friendly system that seamlessly integrates with the Synthetix API.\n\n## Using Variables in Webhooks and Throughout the System\n\nVariables in webhooks provide a dynamic way to personalize and automate responses based on specific user data and system information. They act as placeholders that are replaced with actual values when the webhook is triggered. Below is a list of default placeholders and their descriptions:\n\n- `{{INPUT}}` - Represents all user input.\n \n- `{{OUTPUT}}` - Contains all output from the API.\n \n- `{{SALUTATION}}` - Generates a greeting based on the current time (e.g., 'Morning', 'Afternoon', 'Evening').\n \n- `{{EMAIL}}` - The user's email address.\n \n- `{{nickname}}` - The user's nickname.\n \n- `{{firstname}}` - The user's first name.\n \n- `{{NAME}}` - The user's full name.\n \n- `{{USERNAME}}` - The user's username.\n \n- `{{USERID}}` - The user's ID.\n \n- `{{UNIQREF}}` - A unique reference for the queue entity.\n \n- `{{ CONSUMERKEY}}` - A specific key associated with the consumer.\n \n- `{{ APPLICATIONKEY}}` - A key associated with the application.\n \n- `{{SESSION}}` - The current session identifier.\n \n- `{{YEAR}}`, `{{MONTH}}`, `{{DAY}}` - Current year, month, and day, respectively.\n \n- `{{DATE}}` - The current date.\n \n- `{{ISO8601}}` - The current date and time in ISO 8601 format.\n \n- `{{TIME12}}` - The current time in 12-hour format.\n \n- `{{TIME24}}` - The current time in 24-hour format.\n \n- `{{TIMESTAMP}}` - A timestamp of the current moment.\n \n\nThese variables can be used within your webhook payload to tailor the response based on the context of the event and the user involved. For example, you can use `{{NAME}}` in a message template to automatically insert the user's name.\n\n# Penetration Testing Policy\n\n### Introduction\n\nThis policy governs the conduct of penetration testing within Synthetix systems. Penetration testing is an essential practice intended to identify and resolve security vulnerabilities. This policy is designed to ensure that all penetration testing activities are performed safely, legally, and without disrupting the operational integrity of Synthetix systems.\n\n### Permitted Testing Environment\n\n**Important Note:** All penetration testing activities must be confined exclusively to the designated sandbox environment. Engaging in testing activities outside of this specified environment is strictly prohibited and will be considered a malicious attack against Synthetix systems. Violations of this policy may result in financial penalties and further legal action. Please ensure that all penetration testing is conducted responsibly and in accordance with this policy to avoid any unintended liabilities.\n\n- **Sandbox Environment URL:** [https://apisandbox.synthetix.com](https://apisandbox.synthetix.com)\n \n\n### Test Authorization Procedure\n\nTo conduct penetration testing, the following steps must be followed:\n\n1. **Request Access:** File a request through our support system including:\n \n - Objective of the test\n \n - Scope of the test\n \n - Testing methods\n \n - Start and end dates\n \n - IP addresses used for testing\n \n - Testing tools and software\n \n - Personnel involved\n \n - Data handling procedures\n \n - Communication plan\n \n2. **Approval:** Await confirmation and access credentials from the Synthetix security team.\n \n3. **Credentials Access:**\n \n - **Agent Side URL:** [https://pentest_sandbox.synthetix.cloud/sandbox/](https://pentest_sandbox.synthetix.cloud/sandbox/)\n \n - **Customer Side URL:** [https://cdn.synthetix.com/synthetixjs/sandbox/pentest/index.html?synthetix=/home](https://cdn.synthetix.com/synthetixjs/sandbox/pentest/index.html?synthetix=/home)\n \n - _Username, Password, and MFA Secret/QR are provided upon request approval._\n \n\n### Restrictions and Prohibited Actions\n\nDuring penetration testing, the following actions are prohibited:\n\n- **Load Testing:** No tests that degrade performance or availability.\n \n- **Brute Forcing:** No brute force attacks on authentication mechanisms.\n \n- **Physical Security Testing:** No testing involving physical security or personnel interaction.\n \n- **Out-of-Scope Attacks:** Do not target systems or assets outside the agreed scope.\n \n- **Third-Party Services and Integrations:** Do not test third-party services unless explicitly included in the scope.\n \n- **Modification or Deletion of Data:** Do not alter or delete data within the sandbox.\n \n- **Use of High-Risk Exploits:** Avoid exploits that could cause harm or irreversible changes.\n \n- **Social Engineering:** No testing involving deception of Synthetix employees or partners.\n \n- **Automated Scanning:** Automated tools must be configured to avoid excessive load.\n \n\n### Test Reporting\n\nPost-testing, submit a detailed report to the Synthetix security team including:\n\n- An executive summary of findings\n \n- Detailed descriptions of vulnerabilities\n \n- Mitigation recommendations\n \n- Raw outputs and proofs-of-concept\n \n\n### Compliance and Ethical Considerations\n\nTesters must adhere to all legal requirements and conduct testing ethically and professionally. This includes respecting the privacy and security of all data and systems.\n\n### Contact Information\n\nFor questions or to submit testing results, contact our support team through the official ticket system and update your original ticket if applicable.\n\n# Use Cases\n\n## Bulk Transcript Downloading\n\nIf you need to download a large number of live chat transcripts from the Synthetix platform in bulk, you can follow this flow to achieve that:\n\n1. Establish an HTTP client to communicate with the Synthetix API.\n \n2. Implement the login functionality by sending a POST request to the login endpoint (`https://api{environment}.synthetix.com/2.0/internal/session`) with the necessary headers and form data (`username` and `password` ).\n \n3. Upon successful login, retrieve the bearer token from the response.\n \n4. Use the obtained bearer token and required headers (`APPLICATIONKEY` and `CONSUMERKEY`) to authenticate subsequent API requests.\n \n5. Send a GET request to the chat IDs endpoint (`https://api{environment}.synthetix.com/2.0/internal/chatids`) with the desired parameters, such as start and end dates, to fetch the chat IDs.\n \n6. Process the response to obtain the list of chat IDs.\n \n7. Initialize a loop to iterate over each chat ID retrieved in step 6.\n \n8. For each chat ID, send a POST request to the details endpoint (`https://api{environment}.synthetix.com/2.0/livechat/details`) with the chat ID in the request payload to retrieve the chat details.\n \n9. Handle the response and save the chat details, such as the JSON response or the text content, to the desired location, such as a local file or a database.\n \n10. Repeat the loop for each chat ID until all transcripts have been downloaded.\n \n\n**Some general rules:**\n\n1. Your script should open a session first, obtain a list of all the required Chat IDs over your selected date range and then obtain transcripts for each of the chat IDs. There is no need to call Profile or Chatids for each call to Details – just open one session for all calls with Profile and make just one call to Chatids to obtain the list, following by multiple calls to Details.\n \n2. Once you have written your script, please arrange a quick walkthrough with the Synthetix development team to approve your application for use. This will take the form of a short screenshare of your code, describing its function.\n \n3. As your script will do hundreds of thousands of calls to the Details API, which performs quite a few database queries, we would ask you run it after 9pm and to query no more than one month's worth of data in a session. The session duration is 6 hours. Response time for the Details API can be up to 2.5 seconds and rate limiting will prevent you from submitting more than 10 simultaneous requests, therefore it should be possible to obtain up to 14,400 transcripts per hour. If you submit more than 10 simultaneous requests, an error code (158) will be returned by the request.\n \n\nBy following this flow and understanding the underlying logic, you can customize and build your own application to interact with the Synthetix API and implement specific functionalities based on your requirements.\n\n_Please note that the provided logic serves as a reference implementation, and you should adapt it to suit your specific use case and application architecture._\n\n> To see an unofficial application that uses this use case as an example, you can check out the **Unofficial Synthetix Transcript Downloader** on GitHub at [https://github.com/HairyDuck/Synthetix-Transcript-Downloader](https://github.com/HairyDuck/Synthetix-Transcript-Downloader). \n[https://addons.mozilla.org/en-GB/firefox/addon/synthetix-transcript-download/](https://addons.mozilla.org/en-GB/firefox/addon/synthetix-transcript-download/) \n[https://chromewebstore.google.com/detail/ndcacfbnjlggoolaginndlpdmkpomjba](https://chromewebstore.google.com/detail/ndcacfbnjlggoolaginndlpdmkpomjba) \n \n\n## Displaying Knowledge FAQs and Articles Nativly on Your Website or App\n\nTo display knowledge articles from the Synthetix platform on your website or app for external users, you can follow this flow:\n\n### Session Management\n\nYou need a session token to access the Synthetix API. When you launch your application, you should verify that your stored session token is still valid. If it is no longer valid, or you have no previously stored session token, you need to initialise a new session.\n\n#### Initialise a Session\n\nSend a `POST` request to `https://api{environment}.synthetix.com/2.0/external/session`. Your request header needs to include your `APPLICATIONKEY` and your `CONSUMERKEY`. If your api keys are valid, the response will include a new session token.\n\n#### Verifiy an Existing Session\n\nSend a `GET` request to `https://api{environment}.synthetix.com/2.0/external/session`. Your request header needs to include your `APPLICATIONKEY` and your `CONSUMERKEY`. As `Authorization`, you need to use your existing session token as a Bearer Token. If your session token has expired, an error will be thrown.\n\nAll subsequent API calls will need to include the following request headers and Authorization:\n\n```\n{\n \"headers\": {\n \"APPLICATIONKEY\": \"{your application key}\",\n \"CONSUMERKEY\": \"{your consumer key}\",\n \"Authorization\": \"{{vault:bearer-token}}\"\n }\n}\n\n ```\n\n### Displaying Popular FAQs\n\nYou can get a list of the most popular FAQs by sending a `GET` request to `https://api{environment}.synthetix.com/2.0/external/all_faqs` with the query parameter `?pop=true`. If `pop` is set to `false`, you will receive a list of FAQs that are not sorted by popularity. Other params include `limitno` to set a limit to the amount of FAQs returned, and `limitdate` to set a date range. Refer to the [official Synthetix API documentation](https://documentation.synthetix.com/#dd682fbf-af5b-49b8-a3c9-fd075d28866b) for a list of all possible parameters and their use cases, as well as up-to-date response formats.\n\n### Search Functionality\n\nTo search for specific articles based on a search query, send a `POST` request to `https://api{environment}.synthetix.com/2.0/external/search`. The following body is required\n\n```\n{\n \"body\": {\n \"query\": \"{Your search query}\",\n \"channel\": 14, //{use channel 14 to search Knowledgebase}\n \"userid\": 1234 //{neccessary in external searches such as this}\n }\n}\n\n ```\n\nFor optional body parameters and their use cases, as well as up-to-date response formats, refer to the [official Synthetix API documentation](https://documentation.synthetix.com/#b1917ea3-3ea5-47b1-a945-0f23e1a4ad10).\n\n### Article Display\n\nTo access individual articles, you will need the corresponding article label.\n\nSend a `POST` request to `https://api{environment}.synthetix.com/2.0/external/article`. The following body is required:\n\n```\n{\n \"body\": {\n \"label\": \"qedXXXXXX\",\n \"channel\": 14,\n \"userid\": \"XXXXXX\"\n }\n}\n\n ```\n\nFor optional body parameters and their use cases, as well as up-to-date response formats, refer to the [official Synthetix API documentation](https://documentation.synthetix.com/#7cb87ae9-2558-4f8e-8397-bf8e1af71f0d).\n\n### Collecting Feedback\n\nYou can collect feedback for each article. Each feedback question and answer cobination is represented by a unique ID that will be logged. A common feedback question is \"Did this answer your question?\" with answer options being a thumb up or a thumb down. Additional feedback text can also be captured.\n\nSend a `POST` request to `https://api{environment}.synthetix.com/2.0/external/article_feedback`. In the request body, you need to send the label fo the corresponding article, the feedback question/answer combo id via the `feedback` param, and, optionally, the additionally captured feedback text.\n\n```\n{\n \"body\": {\n \"label\": \"qedXXXXXX\",\n \"feedback\": 3246,\n \"text\": \"Great article\"\n }\n}\n\n ```\n\nOn successfull feedback, the response returns `{\"success\": true}`\n\n_Please note that the provided logic serves as a reference implementation, and you should adapt it to suit your specific use case and application architecture._\n\n> To see an unofficial application that uses this use case as an example, you can check out the [synthetix-knowledge-app](https://github.com/judithdemuijnck/synthetix-knowledge-app) by Judith De Muijnck on GitHub at [https://github.com/judithdemuijnck/synthetix-knowledge-app](https://github.com/judithdemuijnck/synthetix-knowledge-app). \n \n\n# Add Ons\n\nAdd Ons are optional components that extend Synthetix functionality. They let you enhance your platform by enabling third-party integrations and custom modules—without modifying your core configuration.\n\n### What you can do with Add Ons\n\n- Extend capabilities by adding new features or workflows\n \n- Integrate with external tools such as analytics, storage, messaging, or identity providers\n \n- Enable custom modules built for your organisation’s needs.\n \n\n### How Add Ons work\n\nAdd Ons are installed and configured from within Synthetix. Once enabled, they operate alongside your existing setup and can be managed independently from the base product.\n\n### Manage Add Ons\n\nFrom the Add Ons section you can:\n\n- Browse available Add Ons and view descriptions and requirements\n \n- Install and configure selected Add Ons\n \n- Enable, disable, or uninstall Add Ons as needed\n \n- Review installed Add Ons to understand what’s active on your platform.\n \n\n### Notes\n\nSome Add Ons may require additional configuration (for example API keys, access permissions, or external accounts) before they become fully operational.\n\n# Website Widgets\n\n## Penfield\n\n### Adding the Script to Your Website\n\nFollow these instructions to add the Synthetix script to your website. Adhering to these guidelines is crucial for ensuring proper functionality and avoiding potential issues.\n\n### Script to be Added\n\nInclude the following script in your HTML:\n\n``` html\n\n\n ```\n\n### Key Guidelines\n\n#### 1\\. Last Included Script\n\nEnsure that the Synthetix script is the last script included in your HTML or . This is important to prevent conflicts with other scripts and ensure all necessary resources are loaded before the Synthetix script executes.\n\n##### Example:\n\n``` html\n\n\n \n \n Your Website\n # Other script and link tags\n \n\n\n # Your content\n\n\n\n ```\n\nOR:\n\n``` html\n\n\n \n \n Your Website\n\n\n # Your content\n # Other script and link tags\n \n\n\n\n ```\n\n#### 2\\. Avoid Dynamic Inclusion\n\nDo not dynamically add the Synthetix script using JavaScript. This can lead to issues with script execution order and dependencies.\n\n##### Not Recommended:\n\n``` javascript\n// Avoid this approach\nvar script = document.createElement('script');\nscript.src = \"https://cdn.synthetix.com/penfield/get_synthetix.min.js?applicationkey={{APPLICATIONKEY}}&consumerkey={{CONSUMERKEY}}\";\ndocument.head.appendChild(script);\n\n ```\n\n#### 3\\. Avoid Manual Synthetix Function Calls\n\nDo not manually invoke any Synthetix functions. Incorrect implementation of function calls or error handling can cause unexpected behaviour and disrupt your website's functionality. Allow the script to manage its own function calls.\n\n##### Not Recommended:\n\n``` javascript\n// Avoid manual function calls like this\nsynthetix.someFunction();\n\n ```\n\n### Summary\n\n1. **Include the Synthetix script as the last script** in your HTML to prevent conflicts.\n \n2. **Avoid dynamically adding** the Synthetix script using JavaScript.\n \n3. **Do not manually call** any functions from the Synthetix library to prevent errors and ensure proper handling by the library itself.\n \n\nBy following these guidelines, you can seamlessly integrate the Synthetix script into your website, ensuring smooth and reliable performance.\n\n## SynthetixJS\n\n### Adding the Script to Your Website\n\nInstructions coming soon.\n\n# Channel Codes\n\nThe different modalities of potential contact are designated 'channels'. In most cases channel codes are not required, but for the avoidance of doubt channel codes are as found below.\n\n| Channel Number | Description | Status |\n| --- | --- | --- |\n| 0 | Live Chat | Active |\n| 1 | Callback | Active |\n| 10 | Facebook | Active |\n| 14 | Knowledge | Active |\n| 15 | IVA | Active |\n| 16 | Form Agent | Active |\n| 17 | Virtual Agent | Active |\n| 99 | Unknown | Active |\n\n# Error Codes\n\nOur API uses standard HTTP status codes to indicate the success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information (e.g. a required parameter was missing, a charge failed, etc.), and codes in the 5xx range indicate an error with our servers.\n\nHere are some of the most common status codes you'll encounter:\n\n- **200 OK**: The request was successful.\n \n- **201 Created**: The request was successful, and a resource was created as a result.\n \n- **204 No Content**: The request was successful, but there's no representation to return (i.e. the response is empty).\n \n- **400 Bad Request**: The request could not be understood or was missing required parameters.\n \n- **401 Unauthorized**: Authentication failed or was not provided.\n \n- **403 Forbidden**: Authentication succeeded, but the authenticated user does not have access to the requested resource.\n \n- **404 Not Found**: The requested resource could not be found.\n \n- **405 Method Not Allowed**: The HTTP method used is not supported for the requested resource.\n \n- **406 Not Acceptable**: The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.\n \n- **426 Upgrade Required**: The client should switch to a different protocol such as TLS/1.0.\n \n- **429 Too Many Requests**: The user has sent too many requests in a given amount of time (\"rate limiting\").\n \n- **500 Internal Server Error**: An error occurred with our servers. Please try again later or raise a support request\n \n- **503 Service Unavailable**: The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.\n \n\nIf an error occurs, the API will return an error object. This object will include a `code` (an internal error code unique to the error), a `message` (a human-readable message explaining the error), and a `field` (the field in the request that caused the error, if applicable).\n\n| Error Code/Number | Severity | Description | ['HTTP Status Code'](https://) |\n| --- | --- | --- | --- |\n| 101 | NOTICE | NOT USING HTTPS 443 | 426 (Upgrade Required) |\n| 102 | INFO | INVALID HEADERS | 406 (Not Acceptable) |\n| 103 | INFO | API CALL QUOTA LIMIT EXCEEDED | 406 (Not Acceptable) |\n| 104 | INFO | FORMAT MISSING | 200 (OK) |\n| 105 | INFO | INVALID FORMAT | 405 (Method Not Allowed) |\n| 106 | INFO | MISSING PARAMETER | 200 (OK) |\n| 110 | INFO | APPLICATION OFFLINE | 423 (Locked) |\n| 111 | INFO | BAD ORIGIN IP | 403 (Forbidden) |\n| 112 | INFO | TOKEN DOES NOT CONTAIN VALID SIGNATURE | 200 (OK) |\n| 113 | INFO | TOKEN EXPIRED | 401 (Unauthorized) |\n| 114 | INFO | INVALID TOKEN | 401 (Unauthorized) |\n| 115 | INFO | INVALID IP | 200 (OK) |\n| 117 | INFO | DATA NOT VALID | 200 (OK) |\n| 124 | CRITICAL | FAILED TO CONNECT | 503 (Service Unavailable) |\n| 128 | INFO | HTTP PUT METHOD NOT AVAILABLE | 405 (Method Not Allowed) |\n| 129 | INFO | HTTP HEAD METHOD NOT AVAILABLE | 405 (Method Not Allowed) |\n| 130 | INFO | HTTP DELETE METHOD NOT AVAILABLE | 405 (Method Not Allowed) |\n| 131 | INFO | HTTP OPTIONS METHOD NOT AVAILABLE | 405 (Method Not Allowed) |\n| 132 | INFO | HTTP GET METHOD NOT AVAILABLE | 405 (Method Not Allowed) |\n| 133 | INFO | HTTP OPTIONS POST NOT AVAILABLE | 200 (OK) |\n| 134 | INFO | HTTP METHOD NOT ACCEPTED | 405 (Method Not Allowed) |\n| 135 | INFO | MODE NOT RECOGNIZED | 200 (OK) |\n| 136 | INFO | NO RESULTS | 200 (OK) |\n| 137 | CRITICAL | CANNOT CONNECT | 503 (Service Unavailable) |\n| 144 | CRITICAL | CANNOT CONNECT | 503 (Service Unavailable) |\n| 145 | CRITICAL | CANNOT CONNECT | 503 (Service Unavailable) |\n| 146 | INFO | INVALID CHANNEL | 501 (Not Implemented) |\n| 147 | INFO | VOID ID | 200 (OK) |\n| 148 | INFO | MISSING OR MALFORMED SKILL | 200 (OK) |\n| 149 | INFO | INVALID SKILL | 200 (OK) |\n| 150 | INFO | INVALID VARIABLE | 200 (OK) |\n| 151 | INFO | 3RD PARTY RETURNED INVALID STATUS RESPONSE | 200 (OK) |\n| 154 | INFO | NO DATA | 200 (OK) |\n| 155 | INFO | CANNOT SET 3RD PARTY TIMEOUT | 200 (OK) |\n| 156 | INFO | 3RD PARTY INTEGRATION SETTINGS INCOMPLETE | 200 (OK) |\n| 157 | INFO | NO RESULTS | 200 (OK) |\n| 158 | INFO | RATE LIMIT EXCEEDED | 429 (Too Many Requests) |\n| 159 | INFO | MALFORMED TIME RATE PARAMETER | 200 (OK) |\n| 160 | INFO | 3RD PARTY SESSION DOES NOT EXIST | 200 (OK) |\n| 161 | INFO | 3RD PARTY ENVIRONMENT HAS A FAULT | 200 (OK) |\n| 162 | INFO | NO RESULTS | 200 (OK) |\n| 163 | INFO | NO SLA DATA | 200 (OK) |\n| 164 | INFO | NO AUTO RESPONDER | 200 (OK) |\n| 165 | INFO | CATEGORY DOES NOT EXIST | 200 (OK) |\n| 166 | INFO | CATEGORY AND SUBCATEGORY ARE INCOMPATIBLE | 200 (OK) |\n| 167 | INFO | CANNOT FIND GLOBAL PRESETS | 200 (OK) |\n| 169 | INFO | INCOMPATIBLE PARAMETERS | 200 (OK) |\n| 170 | INFO | NO ACCESS TO THIS RESOURCE | 403 (Forbidden) |\n| 171 | INFO | CANNOT CHANGE EXISTING EMAIL | 200 (OK) |\n| 173 | HIGH | CSRF SUSPECTED | 200 (OK) |\n| 174 | INFO | ALREADY SUSPENDED | 200 (OK) |\n| 175 | INFO | ALREADY UNSUSPENDED | 200 (OK) |\n| 177 | INFO | VOID TRIGGER ID | 200 (OK) |\n| 179 | INFO | UNKNOWN SUBDOMAIN | 200 (OK) |\n| 180 | INFO | TEAM MATE INVALID | 200 (OK) |\n| 181 | INFO | YOU ARE NOT A PARTICIPANT IN THIS CONVERSATION | 200 (OK) |\n| 182 | INFO | CHAT NOT ASSIGNED TO YOU | 200 (OK) |\n| 183 | INFO | ERROR IN UPDATING OR ADDING AD IMPRESSIONS | 200 (OK) |\n| 184 | INFO | TRANSFER NOT AVAILABLE | 200 (OK) |\n| 185 | WARNING | LOGGING FAILURE | 200 (OK) |\n| 186 | WARNING | CANNOT REMOVE OWNER | 200 (OK) |\n| 187 | INFO | MURDER, DEATH, KILL. OR (INVALID PARTICIPANT) | 200 (OK) |\n| 188 | HIGH | DATABASE UPDATE ERROR | 200 (OK) |\n| 189 | INFO | DUPLICATE CATEGORIES IN KNOWLEDGE BASE | 200 (OK) |\n| 190 | INFO | AGENT IS INACTIVE | 200 (OK) |\n| 191 | INFO | TITLE DOES NOT MEET LIMIT REQUIRMENTS | 200 (OK) |\n| 192 | INFO | INVITATION ALREADY OFFERED | 200 (OK) |\n| 193 | INFO | NO GOALS AVAILABLE | 200 (OK) |\n| 194 | INFO | NO TOKEN OR SESSION IN PAYLOAD | 200 (OK) |\n| 195 | INFO | API DOES NOT EXIST | 200 (OK) |\n| 196 | INFO | YOUR SLOTS ARE FULL | 200 (OK) |\n| 197 | INFO | PROBLEM WITH SUBMITTER | 200 (OK) |\n| 198 | INFO | SKILL NO LONGER ACTIVE | 200 (OK) |\n| 201 | INFO | MISSING APPLICATION KEY | 200 (OK) |\n| 202 | INFO | MISSING CONSUMER KEY | 200 (OK) |\n| 203 | INFO | ANTECEDING ENTITY IN QUEUE | 200 (OK) |\n| 204 | INFO | NOT AUTHORISED | 403 (Forbidden) |\n| 222 | INFO | NOT AUTHORISED | 200 (OK) |\n| 223 | NOTICE | YOU HAVE NO PERMISSIONS | 200 (OK) |\n| 224 | NOTICE | AGENT HAS NO MODULES | 200 (OK) |\n| 225 | NOTICE | ACCOUNT IS FROZEN | 403 (Forbidden) |\n| 226 | INFO | USER SET AS LOGGED OUT | 401 (Unauthorized) |\n| 227 | INFO | CANNOT RETURN TO QUEUE IF INVITATION STILL OUT | 200 (OK) |\n| 228 | HIGH | ONGOING CHATS AND DB OUT OF SYNC | 200 (OK) |\n| 229 | INFO | TICKET DOES NOT EXIST | 200 (OK) |\n| 230 | INFO | PERMISSION NOT SET | 401 (Unauthorized) |\n| 231 | INFO | USERNAME INVALID | 200 (OK) |\n| 232 | INFO | USERNAME ALREADY TAKEN | 200 (OK) |\n| 233 | INFO | EMAIL INVALID | 200 (OK) |\n| 234 | NOTICE | USER DOES NOT BELONG TO THIS AGENT | 200 (OK) |\n| 235 | NOTICE | NO MFA METHOD | 200 (OK) |\n| 236 | INFO | RESET SESSIONS | 200 (OK) |\n| 237 | NOTICE | USER ID VOID | 200 (OK) |\n| 238 | INFO | LABEL ID VOID | 200 (OK) |\n| 239 | INFO | CHAT ALREADY COMPLETE | 200 (OK) |\n| 240 | INFO | ONLY OWNERS CAN END CHATS | 200 (OK) |\n| 241 | INFO | BAD SIGNATURE | 200 (OK) |\n| 242 | INFO | HISTORICAL API CANNOT BE USED FOR REALTIME DATA | 200 (OK) |\n| 243 | INFO | INVALID SCORE | 200 (OK) |\n| 244 | INFO | TRIGGER ID INVALID FOR TYPE | 200 (OK) |\n| 245 | INFO | INVALID REASON FOR SUSPENSION | 200 (OK) |\n| 246 | INFO | PIPELINE NOT OWNED BY USER | 200 (OK) |\n| 247 | INFO | PIPELINE DOES NOT EXIST | 200 (OK) |\n| 248 | INFO | NO BREADCRUMBS COLLECTED | 200 (OK) |\n| 249 | NOTICE | INVALID USER ID FOR THIS ACTION | 200 (OK) |\n| 250 | INFO | CALLBACK ID NOT RECOGNISED | 200 (OK) |\n| 251 | INFO | CALLBACK ALREADY COMPLETE | 200 (OK) |\n| 252 | INFO | CALLBACK CANCELLED | 200 (OK) |\n| 253 | INFO | CALLBACK ALREADY FAILED | 200 (OK) |\n| 254 | INFO | CALLBACK SLOT BLOCKED OUT | 200 (OK) |\n| 255 | INFO | CALLBACK STILL IN PROGRESS | 200 (OK) |\n| 256 | INFO | CALLBACK EITHER NOT STARTED OR ALREADY COMPLETED | 200 (OK) |\n| 257 | INFO | CALLBACK NOT LOCKED | 200 (OK) |\n| 258 | INFO | CANNOT UNSUSPEND WHILE CALLBACK ONGOING | 200 (OK) |\n| 259 | WARNING | ENVIRONMENT NOT ENABLED FOR USE WITH THIS CONSUMER AND/OR APPLICATION | 200 (OK) |\n| 260 | INFO | UNDERGOING MAINTENANCE | 503 (Service Unavailable) |\n| 261 | CRITICAL | WRITE DATABASE CONNECTION FAILED | 503 (Service Unavailable) |\n| 262 | CRITICAL | READ DATABASE CONNECTION FAILED | 503 (Service Unavailable) |\n| 263 | CRITICAL | WRITE DATABASE CONNECTION TIMEEDOUT | 503 (Service Unavailable) |\n| 264 | CRITICAL | READ DATABASE CONNECTION TIMEOUT | 503 (Service Unavailable) |\n| 265 | WARNING | NO CUSTOMER FEEDBACK CONFIGURED | 200 (OK) |\n| 266 | INFO | INVALID PAYMENTLINKREFERENCEID | 200 (OK) |\n| 267 | INFO | EMPTY LOGIC EXPRESSION | 200 (OK) |\n| 268 | INFO | EVALUATED LOGIC EXPRESSION FAILED | 200 (OK) |\n| 269 | INFO | SESSION OUT OF SCOPE | 401 (Unauthorized) |\n| 303 | INFO | NO AD DATA | 200 (OK) |\n| 304 | INFO | NO AD DATA | 200 (OK) |\n| 305 | INFO | NO KNOWLEDGE DATA | 200 (OK) |\n| 306 | INFO | NO KNOWLEDGE DATA | 200 (OK) |\n| 307 | INFO | NO KNOWLEDGE DATA | 200 (OK) |\n| 309 | INFO | INVALID VIEW | 200 (OK) |\n| 310 | INFO | DATA NOT MODIFIED | 304 (Not Modified) |\n| 311 | INFO | INVALID DATE RANGE | 200 (OK) |\n| 312 | INFO | MAGIC LINK EXPIRED OR INVALID | 200 (OK) |\n| 313 | INFO | REACHED MAX DATA DOWNLOADS | 200 (OK) |\n| 314 | INFO | STREAM LOG ERROR RETRYING | 200 (OK) |\n| 403 | INFO | NOT AUTHORISED | 403 (Forbidden) |\n\n**(Expand to view the full list)**.\n\n# Support\n\n### Support Policy for API Implementation\n\n#### Overview\n\nAt Synthetix, we strive to provide comprehensive resources to assist you in implementing our APIs effectively. Our documentation is designed to guide you through integration and troubleshooting common issues independently.\n\n#### Support Scope\n\nWe do not generally offer one-to-one support for API implementation. Users are encouraged to utilize our extensive documentation for guidance and best practices in implementing our APIs.\n\n#### Reporting Genuine Issues\n\nIf you encounter a genuine issue with the API that goes beyond a typical implementation error, we are here to help:\n\n- **Issue Reporting:** Please submit a detailed report of your issue through our support portal. Ensure that you include all relevant information such as error logs, API responses, and a clear description of the problem. This will help us in diagnosing and addressing the issue more efficiently.\n \n\n#### Support Portal\n\n- **Ticket Submission:** All management and support operations are conducted through our dedicated support portal. This centralised system allows us to manage queries effectively and ensures that your issues are resolved promptly.\n \n\n#### How to Raise a Support Ticket\n\n1. **Access the Portal:** Visit your Synthetix.cloud portal and log in with your credentials or visit the support portal [https://support.synthetix.com](https://support.synthetix.com)\n \n2. **Create a New Ticket:** Select the option to create a new ticket and categorize it as an API & Applications.\n \n3. **Provide Details:** Fill in the details of your issue, including steps to reproduce the problem, the impact it has on your operations, and any troubleshooting steps you have already attempted.\n \n4. **Submit the Ticket:** Once completed, submit the ticket. Our support team will review your submission and get back to you as soon as possible.\n \n\n#### Assistance Expectations\n\nPlease note that our response time may vary depending on the complexity of the issue and current ticket volume. We prioritize issues based on their severity and impact.\n\n# Restrictions and Limitations\n\nWhile our API provides powerful functionality, there are certain restrictions and limitations in place to ensure the overall performance, security, and fair usage of our services. It's important to be aware of these restrictions to effectively integrate and utilize our API. The following are the key restrictions and limitations to consider:\n\n## 1\\. Rate Limiting\n\nAs mentioned in the Rate Limiting section, our API implements rate limiting to prevent abuse and ensure fair usage of resources. The rate limit defines the maximum number of requests allowed within a specific timeframe. Exceeding the rate limit will result in temporary delays or denials of further requests until the rate limit resets. Please refer to the Rate Limiting section for specific details on rate limit values and implementation.\n\n## 2\\. Authentication and Access Controls\n\nTo access our API, you are required to authenticate using valid credentials, such as API keys or tokens. It's essential to keep your authentication credentials secure and confidential. Additionally, access controls may be enforced to limit certain operations or data based on user roles or permissions. Make sure to follow the authentication guidelines provided in our API documentation to ensure proper access and data protection.\n\n## 3\\. Data Usage and Privacy\n\nWhen using our API, you must adhere to relevant data usage and privacy regulations. Ensure that you have appropriate legal rights and permissions to access and process any data provided through the API. It's your responsibility to handle user data in compliance with applicable privacy laws and protect the confidentiality and integrity of user information.\n\n## 4\\. Acceptable Use Policy\n\nOur API has an acceptable use policy that defines the terms and conditions for utilizing our services. You must comply with this policy, which may include restrictions on prohibited activities, content, or usage patterns. Violations of the acceptable use policy may result in temporary or permanent suspension of API access privileges.\n\n## 5\\. Service Level Agreement (SLA)\n\nWhile we strive to provide a reliable and high-performance API service, certain factors beyond our control may impact service availability or performance. It's important to review our Service Level Agreement (SLA) in your contract, if applicable, which outlines the guaranteed uptime, response times, and support commitments. The SLA will specify any compensation or remedies available in case of service disruptions or performance degradation.\n\n## 6\\. Changes and Updates\n\nPlease note that the restrictions and limitations mentioned above are subject to change. We may update these restrictions from time to time to improve our services or address security concerns. It's recommended to stay updated with our API documentation and any communications from us to ensure compliance with the latest restrictions and limitations.\n\nBy understanding and adhering to these restrictions and limitations, you can effectively utilize our API while ensuring the stability, security, and fair usage of our services.\n\n# Terms of Service\n\nThese Terms of Service (\"Terms\") govern your access to and use of the Synthetix API (\"API\") provided by Synthetix Ltd. (\"Synthetix\", \"we\", \"us\" or \"our\"), a company registered in the United Kingdom. By accessing or using the API, you (\"Client\", \"you\", or \"your\") agree to be bound by these Terms.\n\n1. Access and Use\n \n 1. Access to the API is granted to Synthetix clients only.\n \n 2. You may not use the API for any purpose that is unlawful or prohibited by these Terms.\n \n 3. You shall not use the staging environment for production workloads. The staging environment is provided for testing purposes only\n \n 4. You are required to use the sandbox environment for development purposes.\n \n2. Code Review and Production Access\n \n 1. Before gaining access to the production API, you must undergo a code review with a Synthetix developer. The developer will help ensure that your application is properly configured for the production environment.\n \n 2. Once the code review is completed and any necessary changes are made, you will be granted access to the production API.\n \n3. Restrictions\n \n 1. You shall not sublicense, resell, transfer, or otherwise share your API access or API key with any third party.\n \n 2. You shall not use the API to create or promote any service that is competitive with Synthetix or any of its products or services.\n \n 3. You shall not use the API in any manner that could damage, disable, overburden, or impair Synthetix's systems or services.\n \n4. Ownership and Intellectual Property\n \n 1. All rights, title, and interest in and to the API, including any and all intellectual property rights, are owned by Synthetix or its licensors.\n \n 2. You acknowledge that the API is provided under license, and not sold, to you. You do not acquire any ownership interest in the API under these Terms.\n \n5. Termination\n \n 1. Synthetix may terminate or suspend your access to the API at any time and for any reason, including, but not limited to, your breach of these Terms.\n \n 2. Upon termination or suspension, you must immediately cease using the API and delete all copies of the API and related data in your possession or control.\n \n6. API Modifications\n \n 1. Synthetix reserves the right to modify, update, or discontinue the API or any part thereof at any time without prior notice. You acknowledge and agree that Synthetix shall not be liable to you or any third party for any modification, suspension, or discontinuation of the API.\n \n7. Compliance and API Key Revocation\n \n 1. Synthetix reserves the right to disable, revoke, or limit your API key at any time if you fail to comply with these Terms or if we suspect any unauthorized or inappropriate use of the API.\n \n8. Governing Law \n These Terms shall be governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of the United Kingdom.\n \n9. Amendments \n Synthetix reserves the right to modify these Terms at any time by providing notice on its website or through the API. Your continued use of the API following the posting of any changes to these Terms constitutes your acceptance of those changes.\n \n10. Contact Information \n If you have any questions or concerns regarding these Terms or the API, please contact us at [support@synthetix.com](https://).\n \n11. Compliance with Laws\n \n 1. You shall comply with all applicable laws, regulations, and rules of the United Kingdom and any other applicable jurisdiction in connection with your access to and use of the API. You shall also obtain all necessary consents, licenses, permits, or other authorizations required for your use of the API.\n \n12. Privacy\n \n 1. Any personal information you provide to us in connection with your access to and use of the API will be processed in accordance with our Privacy Policy, which is available on our website or upon request. By using the API, you acknowledge and agree that you have read and understand our Privacy Policy and consent to the collection, use, and disclosure of your personal information as set forth therein.\n \n13. Feedback\n \n 1. You may provide Synthetix with feedback, suggestions, or comments regarding the API (\"Feedback\"). You agree that any Feedback you provide is given voluntarily and without any expectation of compensation, and Synthetix may use or incorporate such Feedback into its products and services without restriction and without any obligation to you.\n \n14. Support\n \n 1. Synthetix may provide you with limited support or updates for the API in its sole discretion. However, Synthetix is under no obligation to provide any support, upgrades, or updates, and it does not guarantee that any specific errors, defects, or performance issues will be corrected or resolved, unless otherwise stated within your support contract.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":true,"owner":"398027","team":14038,"collectionId":"9154f40a-2436-4015-a246-6c881807ed20","publishedId":"2s93sf1qZM","public":true,"publicUrl":"https://documentation.synthetix.com","privateUrl":"https://go.postman.co/documentation/398027-9154f40a-2436-4015-a246-6c881807ed20","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":"Explore Synthetix's comprehensive API documentation to integrate cutting-edge customer service software into your business. Our APIs, designed for both team efficiency and customer self-service, empower you to deliver exceptional customer experiences 24/7. With tools like an intelligent FAQ help centre, AI-powered chat"},{"name":"title","value":"Synthetix API Documentation: Powering Exceptional CX with Versatile Customer Service Tools"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2023-11-20T11:34:33.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"Synthetix API Documentation: Powering Exceptional CX with Versatile Customer Service Tools","description":"Explore Synthetix's comprehensive API documentation to integrate cutting-edge customer service software into your business. Our APIs, designed for both team efficiency and customer self-service, empower you to deliver exceptional customer experiences 24/7. With tools like an intelligent FAQ help centre, AI-powered chat"},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/3eb6af993c68a828eaedbc2e76b315134d465f9d93329ba170110eb203778013","favicon":"https://res.cloudinary.com/postman/image/upload/v1551277739/team/dvlohs2nhu8mfaastzcd.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documentation.synthetix.com/view/metadata/2s93sf1qZM"}