[NL] Developer docs | Office 168/52

[NL] 🔐 Authentication

POST /api/auth/login

[NL] Authenticate admin users and obtain access token

{
  "email": "admin@office16852.com",
  "password": "your_password"
}

POST /api/customers/auth/login

[NL] Authenticate customer users (multi-tenant)

{
  "email": "customer@business.com",
  "password": "customer_password"
}

[NL] 💬 Chat & Conversations

[NL] Three paths: [NL] (1) [NL] Public same-origin anonymous → POST /api/chat [NL] (e.g. marketing site widget; no login). (2) [NL] Cross-origin embed → POST /api/widget/chat [NL] with X-Widget-Key [NL] and allowed Origin[NL] . (3) [NL] Authenticated app / Mission Control → POST /api/chat/session [NL] and POST /api/chat/message [NL] (requires chat.manage [NL] and session/CSRF for cookie auth) — [NL] not [NL] for anonymous fetch [NL] from public pages.

[NL] 1) Public anonymous (same-origin)

POST /api/chat

[NL] Unified pipeline for visitors on your own domain without signing in. Body includes message, session_id[NL] , optional business_id.

[NL] 2) Cross-origin widget

POST /api/widget/chat

[NL] Embeds on customer sites. Headers: X-Widget-Key, Content-Type: application/json. Origin [NL] must be allowed for the key. See docs/REQUEST_FLOWS.md [NL] in the repository for CORS details.

[NL] 3) Authenticated session / admin UI only

POST /api/chat/session

[NL] Create session when logged into Mission Control or dashboard (RBAC + CSRF for cookies).

POST /api/chat/message

[NL] Send a message from [NL] authenticated [NL] admin/chat UI (chat.manage[NL] ). Returns 401 [NL] if called anonymously from a public page — use POST /api/chat [NL] for that case instead.

{
  "session_id": "session_123",
  "message": "Hello, I need help with my order"
}

GET /api/chat/history/:session_id

[NL] Retrieve chat conversation history (authenticated)

[NL] 📊 Analytics & Monitoring

GET /api/analytics/overview

[NL] Get system analytics overview

GET /api/health

[NL] Check system health status

GET /api/metrics/business

[NL] Get business-specific metrics

[NL] 🏢 Multi-Tenant Customer Management

GET /api/customers/dashboard/:businessId

[NL] Get customer dashboard data for specific business

GET /api/customers/analytics/:businessId

[NL] Get business analytics for specific customer

GET /api/customers/integration/:businessId/status

[NL] Check integration status for business

[NL] 🎯 UnityXpressions Pilot

GET /api/unityxpressions/dashboard

[NL] UnityXpressions pilot dashboard data

GET /api/pilot/metrics/realtime

[NL] Real-time pilot performance metrics

GET /api/pilot/feedback/recent

[NL] Recent customer feedback from pilot

[NL] 🎓 Training & Learning

POST /api/training/unityxpressions/analyze

[NL] Analyze UnityXpressions business for training

POST /api/training/unityxpressions/quick-setup

[NL] Quick setup training for UnityXpressions

GET /api/learning/health

[NL] Learning engine health status

[NL] 🔌 Widget Installation

[NL] Add Bob to any website with a single script tag. After onboarding, your widget embed code is available in the Customer Portal under [NL] Widget Setup.

<!-- Paste before </body> -->
<script
  src="https://your-domain.com/widget/loader.js"
  data-widget-key="YOUR_WIDGET_KEY"
  data-position="bottom-right"
  async>
</script>

GET /api/customer-portal/widget-code

[NL] Returns ready-to-paste embed code for your website. Requires customer JWT.

[NL] 🎭 Persona Customization

[NL] Personas control how Bob communicates — tone, name, and system instructions. Every tenant gets a default persona on signup; you can customize it from the Admin Dashboard or the API.

GET /api/personas/:tenantId

[NL] List all personas for a tenant.

POST /api/personas/:tenantId

[NL] Create a new persona. Body: { name, description, tone, systemPrompt }

PUT /api/personas/:tenantId/:personaId

[NL] Update an existing persona's tone, instructions, or name.

[NL] 💰 Plans & Pricing

[NL] Published pricebook is the source of truth. Use the APIs below for live numbers; this table matches pricebook-seed [NL] V1 (adjusts when you publish a new version).

[NL] Feature	[NL] Starter	[NL] Pro	[NL] Enterprise
[NL] List price (USD/mo)	[NL] $79	[NL] $249	[NL] $899
[NL] Included AI credits / mo	[NL] 15,000	[NL] 75,000	[NL] 250,000
[NL] Team seats	[NL] Up to 3	[NL] Up to 10	[NL] Unlimited
[NL] Standard integrations (included)	1	3	10
[NL] Support	[NL] Email	[NL] Priority	[NL] Dedicated

GET /api/pricing/marketing-cards

[NL] Plan cards for marketing and checkout UI (prices, credits, estimates)—derived from the published pricebook. No authentication required.

GET /api/pricing/snapshot

[NL] Public-safe full pricebook snapshot (no provider cost fields). No authentication required.

[NL] 🛠️ Integration Examples

[NL] Use the block that matches your scenario. Do not copy the admin example into anonymous marketing HTML.

[NL] Public same-origin (anonymous)

const response = await fetch('/api/chat', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    session_id: sessionId,
    message: userMessage,
    business_id: 'office16852-platform'
  })
});
const data = await response.json();

[NL] Cross-origin widget

const response = await fetch('https://office16852.com/api/widget/chat', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Widget-Key': 'pk_live_...',
    'Origin': 'https://your-customer-site.com'
  },
  body: JSON.stringify({ session_id: sessionId, message: userMessage })
});

[NL] Authenticated admin only (Bearer)

// JavaScript — requires logged-in admin / Mission Control (Bearer)
const response = await fetch('/api/chat/message', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer ' + token
  },
  body: JSON.stringify({
    session_id: sessionId,
    message: userMessage
  })
});
const data = await response.json();

// Python — authenticated only
import requests
response = requests.post(
    'https://office16852.com/api/chat/message',
    headers={
        'Content-Type': 'application/json',
        'Authorization': f'Bearer {token}'
    },
    json={ 'session_id': session_id, 'message': user_message }
)

[NL] Office 168/52 developer documentation