Avochato API
Welcome!
If anything isn’t working as documented, please message Avochato Support @ 415-214-8977.
To use the Avochato API, you will need a pair of Auth ID and Secret tokens. Tokens are account-specific and are bound to your specific User, so a pair of tokens must be generated per account. To generate a new set of tokens, please log into www.avochato.com and go to Settings > API Access.
Getting Started
To get started, here are some common routes you may want to check out:
- Contacts, which represent a unique external phone number that is interacting with your Avochato number
- Tickets, which represent a conversation between an Account and a Contact
- Messages, which represent the messages sent and received by your Avochato number
- Broadcasts, which let you create and schedule messages to an audience of Contacts
- Users, which represent team members who have access to your Avochato account
- User Roles, which are notification preference templates you can apply when adding new users
The Default Scope of API Credentials
One set of API credentials is required to use the Avochato API. By default, your API credentials are scoped to the inbox they were created in, and all the actions taken are associated with the user who was assigned to the credentials. Any actions you take will be scoped to that inbox and its settings and capabilities.
For example, any contacts, messages, broadcasts etc that you create with the API will appear in the inbox associated with these credentials.
To view which inbox your API credentials are scoped to, you can send a GET request to the /whoami route.
If the user associated with a pair of API credentials is removed from an inbox, or the credentials are deleted, they will cease to function in that inbox and you will receive an authentication error when attempting to use the API.
Accessing other inboxes with the “subdomain” parameter
You can scope your request to a different inbox using the optional “subdomain” parameter as part of the body of any API request e.g. “subdomain=my_avochato_inbox”.
Use the List Accounts route to view the list of inboxes you have access to, including the list of subdomains.
You may use the subdomain parameter for any request to specify any inbox that your user is a member of. This must equal the subdomain (/accounts/my_avochato_inbox/tickets) of an inbox.
If you cannot access an inbox using your credentials, make sure you are spelling the subdomain correctly and that your user has access to that inbox.
User Permission Roles
Every user in an Avochato account is assigned a permission role that controls what actions they can perform. This is set via the role parameter when adding or updating users.
| Role | Description |
|---|---|
member |
Can view and respond to conversations. Default role when adding a user. |
manager |
Everything a member can do, plus manage team settings (add/remove users, update roles for members). Cannot promote users to owner or modify existing owners. |
owner |
Full account control, including billing and all management actions. Can promote users to any role including owner. |
Role enforcement in the API:
- Any management actions (adding users, updating roles, disabling users) require the API credentials to belong to a manager or owner.
- Only owner-role users (or Avochato admins) can assign or change the owner role.
- Only owner-role users (or Avochato admins) can modify or delete other owner-role users.
Setting a role when adding a user — include role in the body of POST /v1/users:
role=manager
Changing a user’s role — use PUT /v1/users/:id with the new role:
role=owner
User Role Notification Templates
In addition to permission roles, Avochato supports custom User Role templates (configured in your inbox under Settings > Manage Roles). These are named templates that set a new user’s default notification preferences — which alerts they receive for SMS, calls, push notifications, and more.
These are separate from the member/manager/owner permission role. You can use both together when adding a user.
To use a notification template when adding a user:
1. Call GET /v1/user_roles to list your templates and get their encoded IDs.
2. Pass user_role_id along with role when calling POST /v1/users.
role=member
user_role_id=<encoded_id_from_get_v1_user_roles>
user_role_id only takes effect when a brand-new Avochato user is created — existing users already have their own notification settings.
See the User Roles and Users sections for the full endpoint details.
Rate limits
The API is subject to rate-limiting - sending too many requests too quickly will return a 429 HTTP response and the API request will be ignored.
If you receive a rate limit error while using the API, stop making requests immediately and slow down the speed at which you are sending requests.