Skip to main content

WhatsApp — Gupshup (Primary)

The main WhatsApp integration. Most production users go through Gupshup.
  • API client: shared/gupshup.ts
  • Incoming message webhook: POST /api/webhooks/gupshup/incoming_msg
  • Message events webhook (delivery/read): POST /api/webhooks/gupshup/message-events
  • Required env: GUPSHUP_WEBHOOKS_BASE_URL
  • Update webhooks script: npx tsx server/scripts/update-gupshup-subscription.ts
Supports: text, media, location, authentication, and interactive button templates.

WhatsApp — Wasimple

Alternative WhatsApp integration.
  • API client: shared/wasimple.ts
  • Webhook endpoint: POST /api/webhook/wasimple?user_id=X&bot_id=Y
  • Required env: WASIMPLE_API_KEY, WASIMPLE_PHONE_ID
  • Dev tip: Set WASIMPLE_AI_AGENT_RESPONSE_ALLOW_ALL=true to skip phone number whitelisting

WhatsApp — Facebook / Meta

  • Endpoints:
    • GET /api/webhook/facebook — verification challenge
    • POST /api/webhook/facebook — incoming messages
    • POST /api/facebook/auth-callback — OAuth callback
  • Required env: FACEBOOK_APP_ID, FACEBOOK_APP_SECRET, FACEBOOK_WEBHOOK_VERIFY_TOKEN, FACEBOOK_REDIRECT_URI

Authentication — JWT

  • Access tokens: 1 hour expiry, stored in HTTP-only cookies
  • Refresh tokens: 30 days, stored in HTTP-only cookies
  • Protected routes use jwtAuth.requireAuth middleware
  • On expiry: client calls POST /api/auth/refresh
  • API token auth: Users can generate an API token stored in users.api_token. Pass as Authorization: Bearer <token> or x-api-token header.

Payments — Stripe

  • Webhook: POST /api/stripe-webhook (requires raw body — do not parse as JSON)
  • Required env: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, STRIPE_PRICE_ID
  • Events handled: invoice.payment_succeeded, invoice.payment_failed, customer.subscription.updated, customer.subscription.deleted
  • API version: 2025-05-28.basil

Payments — Cashfree

Alternative payment gateway for Indian users.
  • Required env: CASHFREE_APP_ID, CASHFREE_SECRET_KEY, CASHFREE_WEBHOOK_SECRET

Cloud Storage — AWS S3

Used for media uploads and training files.
  • Helpers: server/storage.tsuploadToS3, deleteFromS3, getS3Object, validateImageFile
  • Required env: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, S3_BUCKET_NAME

AI / LLM

ServicePurposeEnv key
Google Gemini (@langchain/google-genai)Text generation + embeddingsGOOGLE_API_KEY
OpenAI (@langchain/openai)Embeddings (fallback)OPENAI_API_KEY
QdrantVector search (RAG)QDRANT_URL, QDRANT_API_KEY
LangChainRAG orchestration, agent flows
RAG pipeline:
  1. Upload PDF or URL → stored in training_files / training_urls
  2. Run processTrainingFiles.ts or processTrainingUrls.ts → chunks embedded → stored in Qdrant
  3. On bot message → vectorSearch.ts queries Qdrant → relevant chunks injected into prompt
Init Qdrant collection: 
npx tsx server/scripts/createQdrantCollection.ts

Redis / Cache

  • Local (Docker): redis://localhost:6380
  • Production (Upstash): Set REDIS_HOST to Upstash HTTPS URL and REDIS_TOKEN to the auth token

OAuth Providers

ProviderEnv keys
GoogleGOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET
TwitterTWITTER_API_KEY, TWITTER_API_SECRET
FacebookFACEBOOK_APP_ID, FACEBOOK_APP_SECRET
Redirect base URL is controlled by API_URL.

Other Integrations

ServiceLibraryEnv key
AirtableairtableAIRTABLE_API_KEY
Slack@slack/web-apivia credentials table
Google (Gmail, Drive)googleapisvia OAuth / credentials table