API Reference

Twinlix backend exposes a public REST API under https://api.twinlix.com/v1/. Every screen of the admin is a thin client over these endpoints; you can build your own UI on top of them with the same access.

Authentication

JWT bearer tokens. Get one via:

bash

curl -X POST https://api.twinlix.com/v1/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","password":"…"}'

Response contains tokens.accessToken (1 hour TTL) and tokens.refreshToken (30 days). Send Authorization: Bearer <accessToken> on every protected request.

Sections

Backend API reference — full endpoint inventory.
Frontend integration guide — how the React admin talks to the API; useful when building your own client.
CRM voice channel API — channel CRUD, voice config, the webhook signature scheme.

Tenant scoping

Every CRM endpoint requires ?tenant_id=<uuid> as a query parameter. The backend enforces that the authenticated user is a Member of that tenant (or has platform_role='staff_admin'/super_admin for cross-tenant access).

Webhooks

POST /v1/webhooks/stripe — Stripe events (subscription, invoice, payment).
POST /v1/webhooks/twilio — inbound Twilio calls + SMS.
POST /v1/webhooks/meta — Facebook/Instagram messages + comments.
POST /v1/webhooks/whatsapp (TWIN-80, in progress) — Meta-native WhatsApp Business Calling.

Each webhook validates a provider-specific signature header before trusting the body. See the integration pages for the verification rules.

API Reference ​

Authentication ​

Sections ​

Tenant scoping ​

Webhooks ​

API Reference

Authentication

Sections

Tenant scoping

Webhooks