Create a topic
Create a new topic with specified members. Your API key bot will automatically be added as a member.
Limits:
- topic name is limited to 64 characters
- topic description is limited to 10000 characters
- maximum 100 members per topic
- you can only add members that are already in your organization
- topic externalId is limited to 100 characters
- externalId must be unique per bot - you cannot create multiple topics with the same externalId
Authorizations
Bearer token for the request. Two flavors:
- Static API key — pass your API key (the value returned as
apiKeywhen the bot was created). Must be paired withX-Signature+X-Timestamp(thehmacSignaturescheme). - OAuth access token — pass the JWT returned by
POST /oauth/token. No signature headers are required.
HMAC-SHA256 signature for request verification. Required only when authenticating with a static API key. Omit when using an OAuth access token.
Headers
HMAC signature of the request for authentication and replay protection.
Required only when authenticating with a static API key. If you are using an OAuth access token (issued by POST /oauth/token), omit this header — the JWT carries all the authentication and integrity guarantees.
Replay Protection: The signature includes a timestamp to prevent replay attacks. Requests with timestamps older than 5 minutes are rejected.
The signature payload differs by HTTP method:
- POST/PUT/PATCH/DELETE: HMAC-SHA256 of
{timestamp}.{body} - GET: HMAC-SHA256 of
{timestamp}.{uri}
The signature is calculated as:
- Get the current Unix timestamp in milliseconds
- Determine the payload:
- For POST/PUT/PATCH/DELETE: Use
{timestamp}.{body}where body is the request body - For GET: Use
{timestamp}.{uri}where uri is the full request URI (e.g.,/v2/members?limit=10)
- For POST/PUT/PATCH/DELETE: Use
- Calculate HMAC-SHA256 of the combined payload using your API secret
- Hex-encode the output
- Include the timestamp in the
X-Timestampheader
Example for GET request to /v2/members?limit=10:
timestamp = 1699564800000
payload = "1699564800000./v2/members?limit=10"
signature = HMAC-SHA256(secret, payload)
X-Signature: hex(signature)
X-Timestamp: 1699564800000
Example for POST request with body {"topicId":"123","text":"Hello"}:
timestamp = 1699564800000
payload = '1699564800000.{"topicId":"123","text":"Hello"}'
signature = HMAC-SHA256(secret, payload)
X-Signature: hex(signature)
X-Timestamp: 1699564800000
For multipart/form-data requests, sign the exact raw request body bytes
(including boundaries and file bytes) as transmitted.
^[a-f0-9]{64}$"a3d5f8e7c2b1d4f6a8e9c7b5d3f1a2e4b6c8d0f2e4a6b8c0d2e4f6a8b0c2d4e6"
Unix timestamp in milliseconds when the request was created. Used for replay protection — requests older than 5 minutes are rejected.
Required only when authenticating with a static API key. Omit when using an OAuth access token.
1699564800000
Body
The topic name
64"Project Updates"
Array of user IDs to add as topic members (max 100). Your bot will automatically be added as a member.
100[
"550e8400-e29b-41d4-a716-446655440001",
"550e8400-e29b-41d4-a716-446655440002"
]
Optional topic description
10000"Discussion for project milestones"
Optional external identifier for tracking purposes. Must be unique per bot - you cannot reuse the same external ID for multiple topics.
100"project-alpha"
Response
Topic created successfully
The created topic ID
The topic name
Array of member IDs in the topic (including the bot)
[
"550e8400-e29b-41d4-a716-446655440001",
"b@660e8400-e29b-41d4-a716-446655440003"
]
The fully qualified external ID (bot_id:your_external_id). Only present if externalId was provided in the request.
"b@660e8400-e29b-41d4-a716-446655440003:project-alpha"
Unix timestamp in milliseconds