How to reverse engineer the Botpress API

Botpress is backed by a complete JSON API and Plain/Text API. Anything you can do on the site you can also do using the JSON API or Plain/Text API (Mostly JSON).

Many of the endpoints can be found in the code. The API is still in heavy development and the documentation will change often. The first API documentation (OPEN API) will arrive in a couple of releases. The status of some APIs is close to being stable.

Inspector Console

The first thing to do to reverse engineering an API is the Open the Inspector Console.

Right Click > Inspect > Network > Filter By XHR

Search for API calls that you are interested in.

If you are interested to learn more about HTTP. Julia Evans is doing an amazing job to make Bite size information on complex Sujet. I will not convert HTTP anatomy in this post. This is why I put a link on Julie Evans website :slight_smile: (She’s better than me to explain HTTP anatomy)

With that information in hand, you can start building your our Call in your favorite language or API tool (Postman,Rest CLIENT,insomnia)

Get your Bearer Token

The first query to do is the authentication query. All the APIs need a Bearer Token

HTTP Client

POST {{baseUrl}}/api/v1/auth/login/basic/default
Content-Type: application/x-www-form-urlencoded


@authToken = {{login.response.body.payload.jwt}}


curl --request POST \
  --url http://localhost:3001/api/v1/auth/login/basic/default \
  --header 'content-type: application/x-www-form-urlencoded' \
  --header 'user-agent: vscode-restclient' \
  --data password=YOURSUPERPASSWORD

Great howto, looking forward to OpenAPI swagger docs :slight_smile:
Did you know that those schemas can be introspected to create client libs and GraphQL interfaces?

For now we’ve been using postman collections and curl call series to automate (for tests) against the API, explored through the inspector like suggested here and in the Converse API.


I didn’t know that. It’s gonna be really useful.