2 min read
What it does
This endpoint sits on the public /public/v1 ring — unauthenticated, anonymous and open to any caller. There is no API key and no OAuth token on this ring; the trust boundary is enforced by rate limiting, strict input validation and a server-fixed response shape rather than by a credential.
The support chat endpoint accepts a visitor message and returns the assistant’s reply. It is the runtime for the drop-in support widget: you load widget.js and widget.css on your page, and the widget posts here as the visitor types.
Request body
| Field | Type | Required | Notes |
|---|---|---|---|
message | string | Yes | The visitor’s message text. |
session | string | No | An opaque conversation id to thread a multi-turn chat. Omit on the first message; echo back the value the API returns. |
Example request
curl -sS -X POST \
https://hub.credicorp.co.uk/public/v1/support/chat \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{"message":"How long does an application take?","session":"sess_abc123"}'
Rate limiting and abuse
The public ring is rate limited to 60 requests per 60 seconds per IP as a fixed window. When you exceed it the API returns 429 Too Many Requests with a Retry-After header giving the number of seconds until the window resets. See Rate limits and 429 for the retry pattern, and Errors and status codes for the envelope.
Because the endpoint is open, keep messages short and let the widget debounce input. A burst of messages from one IP will hit the 60/60 s window and start returning 429.
Frequently asked questions
Do visitors need an account to chat?
No. The support chat is on the public ring so a visitor can ask a question before they ever register. It is rate limited by IP to keep it fair.
How do I keep a multi-turn conversation together?
Echo the session id the API returns on your first response back on every subsequent message. Omitting it starts a fresh conversation each time.
How do I embed the widget?
Load the widget.js and widget.css assets on your page — see GET /public/v1/support/widget.js. The widget calls this endpoint for you.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.