Portfolio Docs

Appearance

API Endpoints

All endpoints are served by the chat worker at chat.anshulbisen.com.

Health Check

GET /health

Returns worker health status.

Response 200:

json
{ "status": "ok" }

Session Management

POST /session

Create a new chat session. Rate limited to 3 per IP per hour.

Headers:

  • X-Bypass-Rate-Limit: <token> (optional, for E2E tests)

Body:

json
{
  "name": "Visitor Name",
  "email": "visitor@example.com",
  "page": "/about",
  "turnstileToken": "<cloudflare-turnstile-token>"
}

Response 200:

json
{
  "sessionId": "uuid-string",
  "wsUrl": "wss://chat.anshulbisen.com/ws/uuid-string"
}

Errors:

  • 400 — Missing required fields or invalid email
  • 403 — Turnstile verification failed or blocked IP/email
  • 429 — Rate limit exceeded
  • 502 — Failed to create Slack thread or initialize session

GET /ws/:sessionId

WebSocket upgrade endpoint. See WebSocket Protocol for message types.

Authentication

POST /auth/bypass

Set the rate limit bypass cookie (owner only).

Body:

json
{ "token": "<RATE_LIMIT_BYPASS_TOKEN>" }

Response 200:

json
{ "ok": true }

Sets __bypass=1 HttpOnly cookie with 30-day expiry.

Errors:

  • 403 — Invalid token

POST /auth/bypass/clear

Clear the bypass cookie.

Response 200:

json
{ "ok": true }

Sets cookie with Max-Age=0.

Slack Webhook

POST /slack/events

Receives Slack Events API webhooks. Handles:

  1. URL verification — responds to Slack's challenge request
  2. Message events — relays threaded replies back to the chat visitor

Headers (verified):

  • x-slack-request-timestamp
  • x-slack-signature

All requests are verified with HMAC-SHA256 signature before processing.

Response: 200 on success, 401 on invalid signature.

Internal Endpoints (Durable Object)

These endpoints are called internally by the worker, not exposed to the public:

POST /initialize

Initialize a new chat session in the Durable Object.

Body:

json
{
  "name": "Visitor Name",
  "email": "visitor@example.com",
  "page": "/about",
  "threadTs": "slack-thread-timestamp",
  "channelId": "slack-channel-id"
}

POST /initialize-bot

Initialize a bot-mode session (no Slack thread).

GET /state

Get current session state.

POST /relay

Relay a message from Slack to the visitor.

Body:

json
{
  "text": "Message text",
  "sender": "anshul"
}

CORS

All endpoints use CORS middleware:

  • Origin: ALLOWED_ORIGIN env var (https://anshulbisen.com in production)
  • Methods: GET, POST, OPTIONS
  • Headers: Content-Type
  • Credentials: true (for bypass cookie)