Skip to main content
GET
/
v1
/
inboxes
Get Inboxes
curl --request GET \
  --url https://api.heymarket.com/v1/inboxes \
  --header 'Authorization: Bearer <token>'
[
  {
    "allowed_domains": [
      "<string>"
    ],
    "auto_assignable": true,
    "bco_chats": true,
    "forward_number": "<string>",
    "id": 123,
    "invited": [
      "<string>"
    ],
    "members": [
      123
    ],
    "name": "<string>",
    "op": "<string>",
    "phone": "<string>",
    "phones": [
      "<string>"
    ],
    "rev": 123,
    "team": 123,
    "widget_code": "<string>",
    "widget_settings": {
      "background_color": "<string>",
      "button_color": "<string>",
      "fab_background_color": "<string>",
      "fab_text_color": "<string>",
      "message": "<string>",
      "name": "<string>",
      "phone": "<string>",
      "position": 123,
      "preview_enabled": true,
      "title_background_color": "<string>",
      "title_text_color": "<string>",
      "tos": "<string>"
    }
  }
]
Use this endpoint to find the inbox_id values required by message, conversation, and schedule requests.
For message sending, use a member ID from GET /v1/inboxes or GET /v1/team as creator_id.

Authorizations

Authorization
string
header
required

Recommended authentication for new integrations. Generate a short-lived JWT from your API Secret ID and API Secret Key, then pass the signed JWT as a bearer token in the Authorization header.

API Secret credentials are available in the Heymarket app under Settings > Integrations > API. The Secret Key is shown only when it is generated, so copy and store it securely before closing the dialog.

Use the following JWT values:

{
  "alg": "HS256",
  "typ": "JWT"
}
{
  "iss": "YOUR_API_SECRET_ID",
  "iat": CURRENT_UNIX_TIMESTAMP
}

Replace CURRENT_UNIX_TIMESTAMP with the current Unix timestamp in seconds when generating the token.

Sign the JWT with HMAC-SHA256 using this signing secret:

YOUR_API_SECRET_ID||YOUR_API_SECRET_KEY

Send the signed JWT as a bearer token:

Authorization: Bearer YOUR_SIGNED_JWT

Tokens expire 5 minutes after the iat timestamp. Generate a new JWT per request, or cache it briefly for less than 5 minutes. Generate JWTs only from trusted server-side code; do not expose the API Secret Key in browser, mobile, or other client-side code.

Response

Inboxes in a team

allowed_domains
string[]
auto_assignable
boolean
bco_chats
boolean
forward_number
string
id
integer
invited
string[]
members
integer[]
name
string
op
string
phone
string
phones
string[]
rev
integer
team
integer
widget_code
string
widget_settings
object