API Reference
Zentalk provides a REST API for client-server communication. All endpoints require authentication unless otherwise noted.
Authentication
Zentalk uses JWT-based authentication tied to your wallet address.
How it works
- Client signs a challenge message with their wallet private key
- Server verifies the signature against the claimed address
- Server issues a JWT token for subsequent requests
- Include the token in the
Authorizationheader:Bearer <token>
Headers
Authorization: Bearer <jwt_token>
Content-Type: application/jsonEndpoints
Messages
End-to-end encrypted message operations.
| Method | Path | Description |
|---|---|---|
| POST | /api/messages | Send an encrypted message |
| GET | /api/messages | Retrieve messages for authenticated user |
POST /api/messages
Send an encrypted message to a recipient.
{
"to": "0x...",
"ciphertext": "base64_encoded_ciphertext",
"nonce": "base64_encoded_nonce",
"timestamp": 1704067200
}GET /api/messages
Retrieve messages. Supports pagination.
GET /api/messages?limit=50&offset=0Keys (E2EE)
Key bundle management for end-to-end encryption using the X3DH protocol.
| Method | Path | Description |
|---|---|---|
| POST | /api/keys | Publish your KeyBundle |
| GET | /api/keys/:address | Get a user’s KeyBundle |
POST /api/keys
Publish your identity and prekeys for X3DH key exchange.
{
"identityKey": "base64_public_key",
"signedPreKey": "base64_public_key",
"signature": "base64_signature",
"oneTimePreKeys": ["base64_key1", "base64_key2"]
}GET /api/keys/:address
Fetch another user’s KeyBundle to initiate encrypted communication.
GET /api/keys/0x1234...abcdMedia
File upload and download for attachments.
| Method | Path | Description |
|---|---|---|
| POST | /api/v1/upload-media | Upload an encrypted file |
| GET | /api/v1/media/:id | Download a file by ID |
POST /api/v1/upload-media
Upload media as multipart form data. Files should be encrypted client-side.
Content-Type: multipart/form-data
file: <binary>
metadata: {"type": "image", "encrypted": true}GET /api/v1/media/:id
Download a previously uploaded file.
GET /api/v1/media/abc123Calls
Voice and video call logging and history.
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/calls/history | Get call history |
| POST | /api/v1/calls/log | Log a completed call |
GET /api/v1/calls/history
Retrieve call history for the authenticated user.
GET /api/v1/calls/history?limit=20POST /api/v1/calls/log
Log call metadata after a call ends.
{
"peer": "0x...",
"duration": 120,
"type": "video",
"timestamp": 1704067200
}Links
URL preview generation.
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/links/preview | Get link preview metadata |
GET /api/v1/links/preview
Fetch OpenGraph metadata for a URL.
GET /api/v1/links/preview?url=https://example.comResponse:
{
"title": "Example Domain",
"description": "This domain is for examples.",
"image": "https://example.com/og-image.png",
"url": "https://example.com"
}Error Responses
All endpoints return standard error responses:
{
"error": "error_code",
"message": "Human readable description"
}| Status | Description |
|---|---|
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Missing or invalid token |
| 403 | Forbidden - Insufficient permissions |
| 404 | Not Found - Resource doesn’t exist |
| 429 | Too Many Requests - Rate limited |
| 500 | Internal Server Error |