Documentation

    REST API (on premise)

    On-Premise REST API Overview

    The on-premise REST API functions similarly to the cloud version, with some differences detailed below.

    Enabling the API

    By default, the API is disabled. It will only be enabled when you add a REST_KEY environment variable.

    Authentication

    To authenticate your requests to the REST API, add an Authorization header set to the value you provided in the REST_KEY environment variable.

    The Visitor Object

    The Visitor object may differ slightly in the on-premise version, depending on your configuration. Most attributes will be present, and all Visitors will have the same properties.

    Endpoints

    On-premise, the REST API is mounted on the /api path of your base endpoint. For example, if your BASE_ENDPOINT is https://support.acmetech.com/cobrowsing, one of the endpoints will be https://support.acmetech.com/cobrowsing/api/visitors/list/latest.

    Listing the Latest Visitors

    Use this endpoint to list the latest online Visitors. This only works with MongoDB.

    GET /v1.4/visitors/list/latest
    
    ParameterTypeDescription
    max_resultsnumber, optionalThe max number of results to return.

    Response

    // HTTP 200
    {
      "status": "ok",
      "visitors": [
        {
          "short_id": "1234",
          // ...
        }
      ]
    }
    
    FieldTypeDescription
    visitorsVisitor[]List of Visitors matching the query.

    Searching for a Visitor

    Use this endpoint to search for Visitors.

    GET /v1.4/visitors/list/search
    
    ParameterTypeDescription
    qstring, optionalThe search query in this format. If left empty, the latest Visitors will be returned.
    max_resultsnumber, optionalThe max number of results to return.

    Response

    // HTTP 200
    {
      "status": "ok",
      "visitors": [
        {
          "short_id": "1234",
          // ...
        }
      ]
    }
    
    FieldTypeDescription
    visitorsVisitor[]List of Visitors matching the query.

    Retrieving a Visitor

    Use this endpoint to retrieve a specific Visitor.

    GET /v1.4/visitors/{visitor_id}
    
    ParameterTypeDescription
    {visitor_id}stringThe short id of the Visitor.
    includeHistoryboolean, optionalSet to true to include the Visitor's pageview history (MongoDB only).

    Response

    // HTTP 200
    {
      "status": "ok",
      "visitor": {
        "short_id": "1234",
        "history": [
          // Pageviews, if includeHistory was set to true
        ],
        // ...
      }
    }
    
    FieldTypeDescription
    visitorVisitorThe Visitor.
    visitor.historyPageview[], optionalThe Visitor's latest pageviews. Only present with includeHistory.

    Errors

    CodeDescription
    404The Visitor does not exist.

    Generating a Viewer Token to Embed Co-Browsing

    Use this endpoint to generate a viewer token instead of a watch link. The token lets you embed the co-browsing screen directly in your own application with the viewer SDK, instead of opening the hosted watch page. The Visitor's browser is asked to prepare for the Session right away, so only request a token when the viewer is about to connect.

    // POST /v1.4/visitors/{visitor_id}/viewer_token
    {
      "licenseToken": "token1234",
      "permissions": {},
      "viewer": {
        "id": "123",
        "name": "Joe Smith"
      }
    }
    
    ParameterTypeDescription
    {visitor_id}stringThe short id of the Visitor.
    licenseTokenstringThe token obtained from here. Reach out to our team if this is incompatible with your flow for alternative options.

    The endpoint also accepts the same viewer, permissions and session_properties parameters as the watch link endpoint above.

    Response

    // HTTP 200
    {
        "status": "ok",
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9....",
        "endpoint": "https://support.acmetech.com/cobrowsing",
        "region": "onpremise",
        "short_id": "1234",
        "expiration": "2026-01-11T18:01:49.700Z"
    }
    
    FieldTypeDescription
    tokenstringThe token to pass to the viewer SDK.
    endpointstringThe server the viewer should connect to (your on-premise instance).
    regionstringAlways onpremise.
    short_idstringThe short id of the Visitor.
    expirationDatetime (ISO 8601)Time at which the token is no longer valid. Use it right away.

    Errors

    CodeDescription
    400A required parameter is missing or invalid.
    402This viewer would put you over your subscription limits.
    404The Visitor does not exist.
    409The Visitor's browser is not supported.

    Preparing a Session

    Use this endpoint to ask the Visitor's browser to prepare for a Session ahead of time, so the Session starts faster. This is done automatically when you generate a watch link.

    POST /v1.4/visitors/{visitor_id}/session/prepare
    
    ParameterTypeDescription
    {visitor_id}stringThe short id of the Visitor.

    Response

    // HTTP 200
    {
      "status": "ok"
    }
    

    Errors

    CodeDescription
    404The Visitor does not exist.

    Stopping an Active Session

    Use this endpoint to stop the Visitor's active Session.

    DELETE /v1.4/visitors/{visitor_id}/session
    
    ParameterTypeDescription
    {visitor_id}stringThe short id of the Visitor.

    Response

    // HTTP 200
    {
      "status": "ok",
      "visitor": {
        "short_id": "1234",
        // ...
      }
    }
    
    FieldTypeDescription
    visitorVisitorThe Visitor.

    Errors

    CodeDescription
    404The Visitor does not exist.

    Deleting a Visitor

    Use this endpoint to delete a Visitor entirely, including their pageview history and Session recordings. You can only delete Visitors who are not currently online or in a Session.

    DELETE /v1.4/visitors/{visitor_id}
    
    ParameterTypeDescription
    {visitor_id}stringThe short id of the Visitor.

    Response

    // HTTP 200
    {
      "status": "ok"
    }
    

    Errors

    CodeDescription
    404The Visitor does not exist.
    409The Visitor is online or in a Session.

    Deleting All Visitors

    Use this endpoint to delete all Visitors, along with their pageview history and Session recordings.

    DELETE /v1.4/visitors
    

    Response

    // HTTP 200
    {
      "status": "ok"
    }