Ravi

API Endpoints

Authentication

Method Endpoint Description
POST /api/auth/device/ Request a device code for CLI login
POST /api/auth/device/token/ Poll for access token (device-code flow)
POST /api/auth/token/refresh/ Refresh an expired access token
POST /api/auth/login/ Login with credentials
POST /api/auth/logout/ Invalidate tokens
GET /api/auth/user/ Get current user info

Identities

All Identity endpoints require Bearer authentication.

Method Endpoint Description
GET /api/identities/ List all Identities for the authenticated user
POST /api/identities/ Create a new Identity
GET /api/identities/<uuid>/ Get a specific Identity
PUT /api/identities/<uuid>/ Update an Identity
DELETE /api/identities/<uuid>/ Delete an Identity

Create Identity request

{
  "name": "my-agent"
}

Identity response

{
  "uuid": "abc-123",
  "name": "my-agent",
  "inbox": "my-agent@in.ravi.app",
  "phone": "+15551234567",
  "created_dt": "2026-02-25T10:30:00Z"
}

Email inbox

Requires X-Ravi-Identity header.

Method Endpoint Description
GET /api/email-inbox/ List email threads
GET /api/email-inbox/<thread-id>/ Get a specific thread with messages

Query parameters: unread=true

Email messages

Method Endpoint Description
GET /api/email-messages/ List all email messages
GET /api/email-messages/<id>/ Get a specific email message
POST /api/email-messages/compose/ Compose and send a new email
POST /api/email-messages/<id>/reply/ Reply to an email
POST /api/email-messages/<id>/reply-all/ Reply to all recipients

Compose request

{
  "to": "recipient@example.com",
  "subject": "Hello",
  "body": "<p>HTML content</p>",
  "cc": "",
  "bcc": "",
  "attachment_uuids": []
}

Email attachments

Method Endpoint Description
POST /api/email-attachments/presign/ Get a presigned upload URL

The client uploads the file directly to cloud storage using the presigned URL, then includes the returned attachment UUID in the compose request.

SMS inbox

Requires X-Ravi-Identity header.

Method Endpoint Description
GET /api/sms-inbox/ List SMS conversations
GET /api/sms-inbox/<conversation-id>/ Get a specific conversation

Query parameters: unread=true

SMS messages

Method Endpoint Description
GET /api/messages/ List all SMS messages
GET /api/messages/<id>/ Get a specific SMS message

Passwords

Requires X-Ravi-Identity header. All password fields are E2E-encrypted ("e2e::<base64>").

Method Endpoint Description
GET /api/passwords/ List all password entries
POST /api/passwords/ Create a new password entry
GET /api/passwords/<uuid>/ Get a specific entry (with ciphertext)
PUT /api/passwords/<uuid>/ Update a password entry
DELETE /api/passwords/<uuid>/ Delete a password entry
GET /api/passwords/generate_password/ Generate a random password

Create request (with encrypted fields)

{
  "domain": "example.com",
  "username": "e2e::<base64>",
  "password": "e2e::<base64>",
  "notes": "e2e::<base64>"
}

Vault secrets

Requires X-Ravi-Identity header. Secret values are E2E-encrypted.

Method Endpoint Description
GET /api/vault/ List all secrets (values redacted)
POST /api/vault/ Create or update a secret
GET /api/vault/<uuid>/ Get a specific secret
DELETE /api/vault/<uuid>/ Delete a secret

Encryption

Method Endpoint Description
GET /api/encryption/ Get encryption metadata (salt, public key, verifier)
POST /api/encryption/ Upload public key and verifier after first-time PIN setup

Phone

Method Endpoint Description
GET /api/phone/ Get phone numbers for the active Identity

Events (SSE)

Method Endpoint Description
GET /api/events/stream/ Server-Sent Events stream for real-time email and SMS

Supports Last-Event-ID header for resuming after disconnection. The server sends keepalive events every 30 seconds.

Billing

Method Endpoint Description
GET /api/subscription/ Get current subscription status

Returns 402 on endpoints that require an active subscription.