ARIA API Reference
The ARIA API lets you integrate AI conversation, persistent memory, and agent execution into your applications. All endpoints return JSON. The base URL for all API calls is:
Authentication
ARIA supports two authentication methods depending on your use case:
Generate an API key from Settings → API Keys inside ARIA. Pass it as a Bearer token on every request:
Authorization: Bearer aria_your_key_here
Log in via
POST /auth/login to receive a session cookie. All subsequent requests from the same browser session are automatically authenticated.
API Keys
Auth requiredReturns all active API keys for the authenticated user. Raw key values are never returned after creation.
{"keys": [{"id": 1, "name": "My App", "prefix": "aria_abc1", "scopes": "chat:write memory:read", "is_active": true, "created_at": "2026-03-01T12:00:00"}]}
Generates a new API key. The full key is returned once — copy it immediately. Maximum 10 active keys per account.
| Field | Type | Req? | Description |
|---|---|---|---|
| name | string | Optional | Label for this key (max 64 chars). Defaults to "Default". |
{"ok": true, "key": "aria_abc123...", "id": 1, "prefix": "aria_abc1", "name": "My App", "note": "Store this key securely — it will not be shown again."}
Permanently revokes the key. The key stops working immediately.
{"ok": true, "revoked": 1}
Errors & Rate Limits
All errors return a JSON body with an error key. Standard HTTP status codes apply.
| Code | Meaning |
|---|---|
| 400 | Bad request — missing or invalid parameter |
| 401 | Unauthenticated — missing or invalid API key / session |
| 403 | Forbidden — API key missing required scope |
| 404 | Resource not found |
| 429 | Rate limit exceeded — back off and retry |
| 500 | Internal server error |
POST /api/v1/chat → 60 requests/minute · 500 requests/hour GET /api/v1/memory/* → 120 requests/minute GET /api/v1/agents → 60 requests/minute
Public API v1
Bearer tokenAuthorization: Bearer aria_your_key_here. Keys are scoped — a key needs the relevant scope for each endpoint (e.g. chat:write, memory:read). Scopes are shown on each endpoint below.
Returns platform status. Use this to confirm the API is reachable before making authenticated requests.
{"status": "ok", "version": "1.0.0", "docs": "/api/v1/openapi.json"}
Send a message and receive ARIA's full response. Processes through the full agent pipeline — memory recall, specialist routing, tool execution. Scope required: chat:write
| Field | Type | Req? | Description |
|---|---|---|---|
| message | string | Required | The user message to send to ARIA |
| conversation_id | string | Optional | UUID to continue an existing conversation. A new UUID is generated if omitted. |
| model | string | Optional | Override the AI model for this request (e.g. claude-opus-4-6). Defaults to account setting. |
POST /api/v1/chat
Authorization: Bearer aria_your_key_here
Content-Type: application/json
{
"message": "Write a subject line for our Black Friday campaign",
"conversation_id": "550e8400-e29b-41d4-a716-446655440000"
}
{
"reply": "Here are five subject lines optimised for open rate...",
"conversation_id": "550e8400-e29b-41d4-a716-446655440000",
"model_used": "claude-sonnet-4-6"
}
Full-text search across ARIA's persistent memory for the API key owner's account. Returns ranked results. Scope required: memory:read
| Parameter | Type | Req? | Description |
|---|---|---|---|
| q | string | Required | Search query |
| limit | integer | Optional | Maximum results to return (default 10, max 50) |
{
"results": [
{"key": "client_abc_notes", "value": "Prefers email on Tuesdays...", "score": 0.94},
{"key": "product_pricing", "value": "Pro plan at $49/month...", "score": 0.81}
],
"count": 2
}
Returns the full list of specialist agents available on this ARIA instance. Use agent names to direct conversations to specific areas of expertise. Scope required: agents:read
{
"agents": [
{"name": "Marketing Strategist", "domain": "marketing", "description": "Campaign strategy, positioning, messaging"},
{"name": "Financial Analyst", "domain": "finance", "description": "Forecasting, modelling, reporting"},
...
],
"count": 212
}
Session Auth
Returns a session cookie on success. Rate-limited to 10 requests/minute per IP.
| Field | Type | Req? | Description |
|---|---|---|---|
| string | Required | Registered email address | |
| password | string | Required | Account password |
First registered user becomes the owner. Subsequent registrations create standard users.
| Field | Type | Req? | Description |
|---|---|---|---|
| string | Required | Email address (must be unique) | |
| password | string | Required | Password (minimum 8 characters) |
| name | string | Required | Display name |
Clears session cookie. Redirects to /login.
Chat (Session)
Auth requiredPrimary chat endpoint used by the ARIA web app. Returns a Server-Sent Events stream. Each event is a JSON object on a data: line.
| Field | Type | Req? | Description |
|---|---|---|---|
| message | string | Required | User message text |
| session_id | string | Optional | Conversation UUID (auto-generated if omitted) |
data: {"type": "status", "text": "Routing to Financial Analyst..."}
data: {"type": "delta", "text": "Here is your Q1 forecast:\n\n"}
data: {"type": "delta", "text": "Revenue: $142,000..."}
data: {"type": "done", "session_id": "550e8400-...", "tokens": 312}
Conversations
Auth requiredReturns the 50 most recent conversations for the authenticated user, sorted by last activity.
Returns the full message history for the specified conversation ID.
Permanently removes the conversation and all its messages.
Business Directive
Auth requiredReturns the current business directive content that ARIA uses to personalise every response.
{"content": "# My Business\nWe sell...", "is_blank": false}
Update ARIA's business context. Accepts either raw markdown or structured fields.
| Field | Type | Description |
|---|---|---|
| raw | string | Full markdown content (use this OR the structured fields below) |
| business_name | string | Your business name |
| business_type | string | Type / industry |
| stage | string | e.g. "early-stage", "growth", "enterprise" |
| goals | string | Primary business goals |
| customers | string | Target customer description |
| tone | string | Communication tone (e.g. "professional", "friendly") |
WhatsApp Webhook
Required by Meta during webhook setup. Verifies hub.verify_token against WHATSAPP_VERIFY_TOKEN env var. Returns hub.challenge on success.
Meta delivers message events here. ARIA routes each message through the full agent pipeline and replies automatically. Returns 200 immediately — processing is asynchronous.
Billing Webhook
Stripe delivers subscription and payment events here. Signature verification is performed using STRIPE_WEBHOOK_SECRET. Do not call this endpoint directly.
Privacy & GDPR
Auth requiredDownloads a full JSON export of your account data — conversations, memory, profile. Rate-limited to 5 requests/minute.
Returns whether your account contributes anonymised patterns to collective intelligence. Default: true (opted in).
{"data_sharing": true}
Permanently erases all data for the authenticated user. Requires password confirmation. The owner account cannot be deleted while users remain on the platform.
| Field | Type | Req? | Description |
|---|---|---|---|
| password | string | Required | Current password for confirmation |
System
PublicReturns platform health, version, counts, and component status. Used by load balancers and uptime monitors.
{
"status": "healthy",
"version": "1.0.0",
"agents": 212,
"skills": 18,
"tools": 191,
"db": "ok",
"llm": "ok",
"users": 4
}
Machine-readable OpenAPI spec for the v1 public API. Import into Postman, Insomnia, or any OpenAPI-compatible tool.