Skip to main content

chat

The shychat API is a thin proxy over the shychat-v1 ABCI state machine. It exposes mailbox lifecycle, message dispatch and retrieval, and delivery close paths. The same routes serve shyrest-v1 deployments with surface_model: "mail".

Base URL

Configured via shyconfig.api.base_url. All paths below are relative to that base.

Authentication

All endpoints require Authorization: Bearer <token>. The sub claim is the input to identityHash derivation for List 2.

Privacy contract

GET /api/messages/dispatches enforces ownerUid at the SQL query layer — only the authenticated participant's dispatches are returned. No path returns dispatches across participants.

Endpoint summary

MethodPathDescription
GET/api/messages/mailboxesList mailboxes accessible to the caller
POST/api/messages/mailboxesCreate a mailbox (period open)
GET/api/messages/mailboxes/:mailboxIdGet a mailbox record
POST/api/messages/dispatchesDispatch a message (atomic List 1 + List 2 write)
POST/api/messages/mailboxes/:mailboxId/closeClose a mailbox + KMS attestation
POST/api/messages/mailboxes/:mailboxId/receiptWrite delivery receipt (off-chain)
GET/api/messages/mailboxes/:mailboxId/receiptRead delivery receipt
GET/api/messages/activityCaller's activity log
POST/api/messages/period-closeTrigger period close
DELETE/api/messages/dispatches/:dispatchIdWithdraw a dispatch (bilateral removal)
PUT/api/messages/dispatches/:dispatchIdUpdate a dispatch (direction change)
GET/api/messages/dispatchesList caller's dispatches
GET/api/messages/mailboxes/:mailboxId/dispatchesList dispatches in a mailbox
GET/api/messages/ledger/count/:scopingIdCount-match query for a scoping ID

POST /api/messages/dispatches

Broadcasts a MessageDispatch transaction — an atomic two-list write.

{
"mailbox_id": "mbx-001",
"message_nonce": "<32-byte hex>",
"sealed_body": "<AES-GCM ciphertext>",
"sealed_subject": "<AES-GCM ciphertext>",
"content_class": "report",
"audit_mode": "delivery_commitment_only",
"sender_pub_key": "<Ed25519 hex>",
"sender_sig": "<Sign(sk_s, nonce + ':' + mailbox_id)>",
"idv_attestation": { ... }
}

Response: { "message_id": "<H(nonce)>" }

sealed_body and sealed_subject must be AES-GCM encrypted before submission. Readable content is never stored in canonical state.

DELETE /api/messages/dispatches/:dispatchId

Bilateral withdrawal: removes List 1 message entry and List 2 identity entry atomically. Count-match preserved.

GET /api/messages/ledger/count/:scopingId

Returns { "list1_count": N, "list2_count": N } for a mailbox scoping ID. Used to verify count-match independently.