API reference

POST /public/v1/support/chat

POST /public/v1/support/chat powers the embedded support assistant — the endpoint the on-site chat widget calls to send a visitor message and receive a reply. It is public and rate limited by IP, and it is the runtime counterpart to the widget.js/widget.css assets you drop into a page.

2 min read

widgetBacks the embeddable chat
publicNo login to start a chat
60/60 sPer-IP rate limit

What it does

This endpoint sits on the public /public/v1 ring — unauthenticated, anonymous and open to any caller. There is no API key and no OAuth token on this ring; the trust boundary is enforced by rate limiting, strict input validation and a server-fixed response shape rather than by a credential.

The support chat endpoint accepts a visitor message and returns the assistant’s reply. It is the runtime for the drop-in support widget: you load widget.js and widget.css on your page, and the widget posts here as the visitor types.

Request body

FieldTypeRequiredNotes
messagestringYesThe visitor’s message text.
sessionstringNoAn opaque conversation id to thread a multi-turn chat. Omit on the first message; echo back the value the API returns.

Example request

curl -sS -X POST \
  https://hub.credicorp.co.uk/public/v1/support/chat \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{"message":"How long does an application take?","session":"sess_abc123"}'

Rate limiting and abuse

The public ring is rate limited to 60 requests per 60 seconds per IP as a fixed window. When you exceed it the API returns 429 Too Many Requests with a Retry-After header giving the number of seconds until the window resets. See Rate limits and 429 for the retry pattern, and Errors and status codes for the envelope.

Because the endpoint is open, keep messages short and let the widget debounce input. A burst of messages from one IP will hit the 60/60 s window and start returning 429.

Frequently asked questions

Do visitors need an account to chat?

No. The support chat is on the public ring so a visitor can ask a question before they ever register. It is rate limited by IP to keep it fair.

How do I keep a multi-turn conversation together?

Echo the session id the API returns on your first response back on every subsequent message. Omitting it starts a fresh conversation each time.

How do I embed the widget?

Load the widget.js and widget.css assets on your page — see GET /public/v1/support/widget.js. The widget calls this endpoint for you.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.