The Weavy backend application exposes a REST API with endpoints for manipulating objects such as Apps, Users, Messages, Files etc. It is also used by the frontend libraries to fetch data when rendering the Weavy user interface.


The API is based on the following guiding principles:

  • Only available over HTTPS.
  • Utilizes standard HTTP methods and error codes.
  • Uses Bearer authentication with access token in the Authorization header.
  • Parameters should be sent as JSON unless stated otherwise.
  • Always returns JSON (properties with null values will be omitted from the response).


In order to make authorized calls your application must first request an access token by passing a client_id and client_secret to the /api/auth token endpoint.

Making requests

Once you have an access token, you can issue authorized requests to the API by sending your token in the Authorization header. In the example below we show how you can call the API endpoint that returns information about a user. Replace {token} with your access token, and supply a {userid}, for instance -1, for the built-in anonymous user.


$ curl -h 'Accept: application/json' -h 'Authorization: Bearer {token}' https://{your-weavy-url}/api/users/{userid}


    "id": -1,
    "type": "user",
    "username": "anonymous",
    "name": "Anonymous",
    "created_at": "2022-03-17T14:59:31.1680759Z",
    "modified_at": "2022-03-17T14:59:31.1680759Z",
    "is_suspended": false,
    "presence": "away",
    "is_trashed": false
Weavy Docs