API Endpoints

Authentication

Method	Endpoint	Description
POST	/api/auth/device/	Request a device code for CLI login
POST	/api/auth/device/token/	Poll for access token (device-code flow)
POST	/api/auth/token/refresh/	Refresh an expired access token
POST	/api/auth/login/	Login with credentials
POST	/api/auth/logout/	Invalidate tokens
GET	/api/auth/user/	Get current user info

Identities

All Identity endpoints require Bearer authentication.

Method	Endpoint	Description
GET	/api/identities/	List all Identities for the authenticated user
POST	/api/identities/	Create a new Identity
GET	/api/identities/<uuid>/	Get a specific Identity
PUT	/api/identities/<uuid>/	Update an Identity
DELETE	/api/identities/<uuid>/	Delete an Identity

Create Identity request

{
  "name": "my-agent"
}

Identity response

{
  "uuid": "abc-123",
  "name": "my-agent",
  "inbox": "my-agent@in.ravi.app",
  "phone": "+15551234567",
  "created_dt": "2026-02-25T10:30:00Z"
}

Email inbox

Requires X-Ravi-Identity header.

Method	Endpoint	Description
GET	/api/email-inbox/	List email threads
GET	/api/email-inbox/<thread-id>/	Get a specific thread with messages

Query parameters: unread=true

Email messages

Method	Endpoint	Description
GET	/api/email-messages/	List all email messages
GET	/api/email-messages/<id>/	Get a specific email message
POST	/api/email-messages/compose/	Compose and send a new email
POST	/api/email-messages/<id>/reply/	Reply to an email
POST	/api/email-messages/<id>/reply-all/	Reply to all recipients

Compose request

{
  "to": "recipient@example.com",
  "subject": "Hello",
  "body": "<p>HTML content</p>",
  "cc": "",
  "bcc": "",
  "attachment_uuids": []
}

Email attachments

Method	Endpoint	Description
POST	/api/email-attachments/presign/	Get a presigned upload URL

The client uploads the file directly to cloud storage using the presigned URL, then includes the returned attachment UUID in the compose request.

SMS inbox

Requires X-Ravi-Identity header.

Method	Endpoint	Description
GET	/api/sms-inbox/	List SMS conversations
GET	/api/sms-inbox/<conversation-id>/	Get a specific conversation

Query parameters: unread=true

SMS messages

Method	Endpoint	Description
GET	/api/messages/	List all SMS messages
GET	/api/messages/<id>/	Get a specific SMS message

Passwords

Requires X-Ravi-Identity header. All password fields are E2E-encrypted ("e2e::<base64>").

Method	Endpoint	Description
GET	/api/passwords/	List all password entries
POST	/api/passwords/	Create a new password entry
GET	/api/passwords/<uuid>/	Get a specific entry (with ciphertext)
PUT	/api/passwords/<uuid>/	Update a password entry
DELETE	/api/passwords/<uuid>/	Delete a password entry
GET	/api/passwords/generate_password/	Generate a random password

Create request (with encrypted fields)

{
  "domain": "example.com",
  "username": "e2e::<base64>",
  "password": "e2e::<base64>",
  "notes": "e2e::<base64>"
}

Vault secrets

Requires X-Ravi-Identity header. Secret values are E2E-encrypted.

Method	Endpoint	Description
GET	/api/vault/	List all secrets (values redacted)
POST	/api/vault/	Create or update a secret
GET	/api/vault/<uuid>/	Get a specific secret
DELETE	/api/vault/<uuid>/	Delete a secret

Encryption

Method	Endpoint	Description
GET	/api/encryption/	Get encryption metadata (salt, public key, verifier)
POST	/api/encryption/	Upload public key and verifier after first-time PIN setup

Phone

Method	Endpoint	Description
GET	/api/phone/	Get phone numbers for the active Identity

Events (SSE)

Method	Endpoint	Description
GET	/api/events/stream/	Server-Sent Events stream for real-time email and SMS

Supports Last-Event-ID header for resuming after disconnection. The server sends keepalive events every 30 seconds.

Billing

Method	Endpoint	Description
GET	/api/subscription/	Get current subscription status

Returns 402 on endpoints that require an active subscription.