REST API and webhooks

What's included

Replify Pro exposes REST API endpoints and webhook infrastructure for integrating with external systems. This covers incoming webhooks (external tools pushing data into Replify), outgoing webhook subscriptions (Replify notifying your systems of events), bearer token authentication, and OAuth flows for customer-facing integrations.

Incoming webhooks

Incoming webhooks let external services create tickets, post messages, or trigger actions inside Replify. Each incoming webhook has:

• A unique endpoint URL generated by Replify
• A secret key for request verification (HMAC signature in the X-Replify-Signature header)
• A configurable action (create ticket, add comment, update status)

To set up an incoming webhook, go to Replify → Settings → API → Incoming Webhooks and click Create Webhook. Copy the URL and secret into your external system. Replify validates the signature on every request and rejects unsigned or tampered payloads.

Authentication (bearer tokens)

For server-to-server communication where your external system calls Replify's REST endpoints directly, use bearer token authentication. Generate a token from Replify → Settings → API → Tokens. Include it in requests as:

Authorization: Bearer rpl_at_yourTokenHere

Tokens inherit the permissions of the agent who created them. You can create multiple tokens with different scopes and revoke any token at any time.

OAuth for customers

Replify Pro includes an OAuth 2.0 server for customer-facing authentication. This is used by companion plugins (like Replify Troubleshooter) that need to authenticate end-users against your Replify installation.

The OAuth flow supports:

• Register. Create a new customer account tied to an email address.
• Login. Exchange credentials for an access token and refresh token.
• Refresh. Exchange an expired access token for a new one without re-authenticating.
• Revoke. Invalidate a customer's tokens (from the admin or via API).

Access tokens use the rpl_at_* prefix. Refresh tokens are long-lived and stored encrypted in the database.

Webhook event subscriptions

Outgoing webhooks notify your external systems when events happen inside Replify. Go to Replify → Settings → API → Event Subscriptions to configure them.

For each subscription, you specify:

• A target URL (your server's endpoint)
• Which events to subscribe to (ticket created, ticket status changed, chat started, message received, etc.)
• A secret for payload verification

Replify delivers events as POST requests with a JSON body. Failed deliveries are retried up to 3 times with exponential backoff. Delivery logs are visible in the admin.

Troubleshooter API

The Replify Troubleshooter companion plugin uses a dedicated API surface to submit pre-diagnosed support tickets. When a customer's site connects via OAuth, the Troubleshooter sends environment data (WordPress version, PHP version, active plugins, theme, hosting details) along with the ticket. This data appears as structured metadata on the ticket in your Replify admin, saving the back-and-forth of asking for debug info.

The Troubleshooter API endpoint accepts only requests authenticated with a valid OAuth access token. No anonymous submissions are accepted.