Reference
Every endpoint in the public API, grouped by resource. Request and response shapes are generated directly from the Zod contract at build time — if it compiles here, it's what the API returns.
Base URLs are published in the OpenAPI servers list and in /.well-known/tyxter.json. Auth: authorization: Bearer $TYXTER_API_KEY or tx_live_....
The canonical API origin is https://api.tyxter.com. The primary site also accepts /v1/* requests for agents that start from https://tyxter.com, but generated clients should prefer the first OpenAPI server URL.
Machine-readable schema: /openapi.json.
CORS: server-side only
The public /v1/* API intentionally serves no CORS headers. Tyxter is built for servers and CLI agents — API keys are credentials and must never be embedded in browser code, so cross-origin browser calls are not supported by design. If you are building a browser app, call your own backend and let it hold the key and forward requests to Tyxter. A CORS preflight failure against api.tyxter.com is this posture, not an outage.
Messages →
Send, list, get, cancel outbound messages.
Media →
Upload, list, delete, and monitor media storage.
Batches →
Broadcast one template to many recipients.
Templates →
Draft, submit, estimate cost on pre-approved copy.
Flows →
Interactive WhatsApp forms.
Phone numbers →
Salvy and BYON number lifecycle.
Contacts →
Opt-in, opt-out, LGPD export & erasure.
Audiences →
Saved contact lists for broadcast targeting.
LLM →
BYOK Anthropic/OpenAI route + completions.
AI Agents →
Beta. Policy-bound agent personas + completions.
Webhook endpoints →
Register URLs that receive signed events.
API keys →
Create and revoke keys; scope enforcement.
Billing →
Balance, rate card, top ups, spend limits, invoices.
Fiscal →
NFS-e documents and DANFSE/XML downloads.
Payments →
Merchant BRL payment request records.
Usage →
Cross-environment cost roll-up.
Sandbox →
Simulate inbound messages.
Feedback →
Report an unexpected failure back to Tyxter.