Application API
Clear API and contract surface for Topolo Messaging, grouped under the application instead of split across generic reference sections.
App IDs:
app_topolo_messages Repos:
Hosts:
https://messages.topolo.app https://messages.stg.topolo.us Dependencies: topolo-auth, topolo-bugfix, applications-packages
Depends on Topolo Auth: yes
Type: curated
Source: PlatformApplications/TopoloMessaging/functions/api/messaging/[[path]].ts
Source exists: no
Topolo Messaging is a Worker-with-assets application using shared Topolo UI Kit shell, launcher, Auth, command-palette, loading, and BugFix surfaces. Browser login and callback-code redemption are owned by the shared Topolo Auth client after the app resolves the Auth-owned service slug topolo-messaging at runtime, with embedded password-login success completed through Messaging app navigation after shared Auth token persistence. Messaging owns a D1 schema for workspaces, WhatsApp numbers, inboxes, contacts, conversations, messages, campaign drafts, automation definitions, outbound jobs, and webhook events. The app exposes /api/messaging/* for signed workspace operations, /api/auth/* as the same-origin Auth gateway, and /api/messaging/whatsapp/webhook for Meta webhook verification and signed event ingestion. Provider dispatch is queued through Cloudflare Queues; live WhatsApp Cloud API credentials must be provisioned as Worker secrets before outbound jobs move from provider_unconfigured to provider-sent states. Auth API-key scopes for the resolved Messaging app id mirror all seven Messaging permissions and are synced to production D1.
API key scopes in Auth catalog: 7
No global OpenAPI security scheme is declared.
automations.manage campaigns.manage context.read inbox.read inbox.write messages.send numbers.manage Wrangler surfaces: none detected
Environment variables: none derived
Routes: workers.dev fallback or no explicit route declared
Observability enabled: no explicit signal found
Wrangler surfaces: No wrangler file detected in scanned surface
This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.