Skip to main content
This page is the single source of truth for every field on every object you can see in the Xobito API and in outbound webhooks.

Conventions

TypeExampleNotes
integer25Database primary keys are positive integers.
string"John"UTF-8.
booleantrueBooleans are true/false JSON literals.
datetime"2026-04-08T14:30:25.000000Z"ISO-8601, UTC, microsecond precision.
array<T>[1, 2, 3]Homogeneous array.
object{ "key": "value" }Free-form JSON object.
nullable Tnull or TField may be omitted/null.

Response envelope

Every successful response is wrapped: 
{
  "status": "success",
  "data": { ... },
  "message": "Optional human-readable message"
}

Pagination envelope

List endpoints use Laravel’s paginator shape, nested inside data: 
{
  "status": "success",
  "data": {
    "current_page": 1,
    "data": [ /* the actual items */ ],
    "per_page": 15,
    "total": 100,
    "last_page": 7,
    "first_page_url": "https://dash.xobito.com/api/v1/acme/contacts?page=1",
    "next_page_url":  "https://dash.xobito.com/api/v1/acme/contacts?page=2",
    "prev_page_url":  null,
    "from": 1,
    "to": 15,
    "path": "https://dash.xobito.com/api/v1/acme/contacts",
    "links": [ { "url": "...", "label": "...", "active": false } ]
  }
}
FieldTypeNotes
current_pageinteger1-indexed.
dataarrayThe page’s items.
per_pageintegerDefault 15, max 100.
totalintegerTotal matching rows.
last_pageintegerFinal page number.
first_page_url / next_page_url / prev_page_urlnullable stringURLs for navigation.
from / tointeger1-indexed range of items on this page.

Contact

FieldTypeNotes
idintegerPrimary key.
tenant_idintegerYour workspace id.
firstnamestringNote: firstname, not first_name.
lastnamenullable stringNote: lastname.
companynullable string
typestringEnum: lead, customer, guest. The API only accepts lead or customer on writes.
descriptionnullable string
country_idnullable integerFK to the countries table.
zipnullable string
citynullable string
statenullable string
addressnullable string
assigned_idnullable integerUser id of the owner.
status_idintegerFK to a Status.
source_idintegerFK to a Source.
emailnullable stringUnique per tenant when present.
websitenullable string
phonestringRequired, unique per tenant.
is_enabledboolean
is_opted_outboolean
addedfromnullable integerUser id who added the contact.
dateassignednullable datetime
opted_out_datenullable datetime
last_status_changenullable datetime
default_languagenullable stringIANA language code.
group_idarray of integersJSON array of Group ids.
custom_fields_dataobjectFree-form key/value.
created_atdatetime
updated_atdatetime

Example

{
  "id": 25,
  "tenant_id": 13,
  "firstname": "John",
  "lastname": "Doe",
  "company": "Demo Co",
  "type": "lead",
  "email": "john@example.com",
  "phone": "+1234567890",
  "source_id": 2,
  "status_id": 1,
  "country_id": 101,
  "group_id": [1, 2],
  "is_enabled": 1,
  "is_opted_out": 0,
  "custom_fields_data": {},
  "created_at": "2026-04-08T14:30:25.000000Z",
  "updated_at": "2026-04-08T14:30:25.000000Z"
}

Status

A labeled state you can apply to contacts.
FieldTypeNotes
idinteger
tenant_idinteger
namestringUnique per tenant. 3–255 chars.
colornullable stringHex colour, max 7 chars (e.g. #FF0000).
isdefaultbooleanWhether new contacts default to this status.
created_atdatetime
updated_atdatetime

Source

Where a contact came from (e.g. “Website Form”).
FieldTypeNotes
idinteger
tenant_idinteger
namestringUnique per tenant. 1–255 chars.
created_atdatetime
updated_atdatetime
Sources have no color field.

Group

A grouping for contacts. A contact’s memberships are stored in its group_id array.
FieldTypeNotes
idinteger
tenant_idinteger
namestringUnique per tenant.
created_atdatetime
updated_atdatetime

WhatsApp Template

A Meta-approved message template.
FieldTypeNotes
idintegerXobito’s id.
tenant_idinteger
template_idstringMeta’s template id.
template_namestring
languagestringIANA tag (e.g. en_US).
statusstringDRAFT, PENDING, APPROVED, or REJECTED.
categorystringMARKETING or UTILITY.
header_data_formatnullable stringTEXT, IMAGE, VIDEO, DOCUMENT, or null.
header_data_textnullable string
header_params_countinteger
body_datastringTemplate body text (with {{n}} placeholders).
body_params_countinteger
footer_datanullable string
footer_params_countinteger
buttons_datanullable arrayJSON-encoded button definitions.
header_file_urlnullable string
header_variable_valuenullable string
body_variable_valuenullable string
template_typenullable string
cards_jsonnullable arrayFor carousel templates.
created_atdatetime
updated_atdatetime
Only templates with status: "APPROVED" can be sent through POST /messages/template.

API Token

The record behind the apitk_... tokens issued in Settings → API Management.
FieldTypeNotes
idinteger
tenant_idinteger
namestringHuman-readable label.
abilitiesarray of stringsSee Authentication.
rate_limitsnullable objectPer-token rate-limit overrides.
monthly_quotanullable integerOptional monthly call cap.
expires_atnullable datetimenull = never expires.
is_activebooleanRevoked tokens have this set to false.
created_atdatetime
updated_atdatetime
The plaintext token itself is never returned by the API after creation — only the record metadata. Store the plaintext from the dashboard the moment it is generated.

Webhook Configuration

Not exposed as an API resource — set in Settings → Webhook Settings. Shown here for reference.
FieldTypeNotes
webhook_enabledboolean
webhook_urlstringSingle URL that receives all configured events.
contacts_actionsarray of stringsSubset of ["create","update","delete"].
status_actionsarray of stringsSubset of ["create","update","delete"].
source_actionsarray of stringsSubset of ["create","update","delete"].

Webhook Payload

Every outbound webhook POST uses this shape.
FieldTypeNotes
eventstring"created", "updated", or "deleted".
modelstringFully qualified PHP class — e.g. App\Models\Tenant\Contact.
data.idintegerPrimary key of the subject record.
data.attributesobjectSnapshot of all attributes at the time of the event.
data.relationsobjectReserved for eager-loaded relations, usually {}.
originalnullable objectUsually null.
timestampdatetimeISO-8601 with offset.

Message send response

The shape returned by send-text / send-template / send-media endpoints.
FieldTypeNotes
message_idstringWhatsApp wamid.*.
contact_idintegerXobito contact id the message was sent to.
phonestringRecipient E.164 phone number.
messagenullable stringThe message body that was sent (text).
statusstringInitial WhatsApp status — typically sent.
sent_atdatetime
chat_idintegerInternal chat id.
contact_createdbooleantrue if the contact was auto-created from the send.

Message status response

Returned by GET /messages/{messageId}/status.
FieldTypeNotes
message_idstringThe WhatsApp wamid.*.
delivery_statusstringpending, sent, delivered, read, or failed.
error_messagenullable stringPopulated when delivery_status: "failed".
sourcestringWhere the status record came from (e.g. chat).
last_updateddatetimeLast time WhatsApp updated this status.
statusesobjectDictionary of every possible status with human descriptions.

Phone validation response

Returned by POST /phone/validate.
FieldTypeNotes
phonestringOriginal input, normalised with leading +.
phone_digitsstringDigits only.
format_validbooleanWhether the number is a valid E.164 format.
country_codenullable stringNumeric calling code, e.g. "91".
countrynullable stringEnglish country name.
national_numbernullable stringSubscriber number without country code.
e164nullable stringNormalised E.164 form.
reasonnullable stringFailure reason when format_valid: false.
notestringStatic note about the check’s scope.
Phone validation confirms format only. It does not check whether the number is registered on WhatsApp.