API Documentation

Everything you need to integrate with Mediavox APIs.

Authentication

Server-to-server authentication via API Key header.

API Key

curl -H "X-API-Key: vxk_your_key_here" https://mediavox.co/mvvixo/api/v1/clients

Generate API keys from the Developer Portal dashboard. Keys don't expire; rotate manually when needed.

Base URLs

ProductURL
Vixo APIhttps://mediavox.co/mvvixo/api/v1/
mediaAPIhttps://mediavox.co/mvapi/api/v1/
Turing AIhttps://mediavox.co/mvai/api/v1/
HealthPowerhttps://mediavox.co/mvai/api/v1/health/

Rate Limiting & Quotas

Vixo API

PlanRequests/monthRate limit
Trial5030/min
Starter ($69)50060/min
Business ($149)5K120/min
Enterprise20K300/min

mediaAPI

PlanAPI calls/monthRecognition includedRate limit
Free1002020/min
Developer ($49)5K1K60/min
Growth ($99)15K090/min
Scale ($199)50K10K120/min

Turing AI

PlanMessages/monthRate limit
Agent ($49)2K30/min
Expert ($149)15K60/min
Pro ($299)30K120/min
Empire ($499)50K120/min

Exceeding rate limit returns 429 Too Many Requests. Exceeding monthly quota returns 429 Monthly quota exceeded. Plans without overage have a hard cap.

Scopes

API keys have scopes that control access. Format: entity.action

ScopeDescription
*Full access to all entities and actions
clients.*All actions on clients
clients.readRead-only access to clients
budgets.writeCreate/update budgets

Pagination

GET /api/v1/clients?page=1&pageSize=20

Response:

{ "data": [...], "pagination": { "page": 1, "pageSize": 20, "totalCount": 142, "totalPages": 8 } }

Read Endpoints (GET)

Sales

EndpointDescription
GET /clientsSearch clients
GET /clients/{id}Get client by ID
GET /contractsSearch contracts
GET /contracts/{id}Get contract by ID
GET /contracts/{id}/projectsProjects for a contract
GET /projectsSearch projects
GET /projects/{id}Get project by ID
GET /projects/{id}/budgetsBudgets for a project
GET /opportunitiesSearch opportunities
GET /opportunities/{id}Get opportunity by ID
GET /requestsSearch requests

Operations

EndpointDescription
GET /budgetsSearch budgets
GET /budgets/{id}Get budget by ID
GET /budgets/{id}/itemsBudget line items
GET /purchase-ordersSearch purchase orders
GET /production-ordersSearch production orders
GET /advancesSearch advances
GET /legalizationsSearch legalizations

People

EndpointDescription
GET /employeesSearch employees
GET /employees/{id}Get employee by ID
GET /payrollSearch payroll periods
GET /noveltiesSearch novelties

Other

EndpointDescription
GET /tasksSearch tasks
GET /tasks/{id}Get task by ID
GET /productsSearch products
GET /products/{id}Get product by ID
GET /suppliersSearch suppliers
GET /invoicesSearch invoices
GET /invoices/{id}Get invoice by ID
GET /invoices/{id}/linesInvoice line items
GET /credit-notesSearch credit notes
GET /companiesList companies
GET /statesList states by type

Write Endpoints (POST/PUT/DELETE)

MethodEndpointDescription
POST/clientsCreate client
PUT/clients/{id}Update client
DELETE/clients/{id}Delete client
POST/contractsCreate contract
POST/projectsCreate project
POST/opportunitiesCreate opportunity
POST/requestsCreate request
PUT/requests/{id}Update request
POST/budgetsCreate budget
PUT/budgets/{id}Update budget
POST/purchase-ordersCreate purchase order
POST/production-ordersCreate production order
POST/advancesCreate advance
POST/legalizationsCreate legalization
POST/tasksCreate task
PUT/tasks/{id}Update task
PUT/products/{id}Update product
PUT/suppliers/{id}Update supplier

Write response:

{ "success": true, "message": "Client created", "id": 123 }

State Changes

Change the state of an entity (e.g., approve, reject, close):

POST /api/v1/clients/{id}/change-state Content-Type: application/json { "newStateId": 5, "comments": "Approved" }

Available for: clients, contracts, projects, opportunities, requests, budgets, purchase-orders, production-orders, advances, legalizations, tasks

Error Responses

{ "error": { "code": "VALIDATION_ERROR", "message": "...", "correlationId": "abc-123" } }
StatusCodeDescription
400VALIDATION_ERRORInvalid request body or parameters
401MISSING_API_KEYX-API-Key header not provided
401INVALID_API_KEYKey invalid or expired
403SCOPE_NOT_AUTHORIZEDKey doesn't have required scope
403MODULE_NOT_ENABLEDModule not enabled for this company
404NOT_FOUNDResource not found
429RATE_LIMITEDToo many requests per minute
429QUOTA_EXCEEDEDMonthly quota exceeded
500INTERNAL_ERRORServer error (check correlationId)

All inputs are automatically sanitized server-side: extra spaces, control characters, and repeated characters are normalized before processing. You don't need to pre-clean your data. Send it as-is and the API handles it.

SDK & Code Examples

Quick start examples for popular languages.

curl

curl -X GET \ -H "X-API-Key: YOUR_KEY" \ "https://mediavox.co/mvvixo/api/v1/clients?page=1&pageSize=5"

C# / .NET

// Install: dotnet add package System.Net.Http.Json using var client = new HttpClient(); client.DefaultRequestHeaders.Add("X-API-Key", "YOUR_KEY"); // GET var clients = await client.GetFromJsonAsync<JsonElement>( "https://mediavox.co/mvvixo/api/v1/clients?page=1&pageSize=5"); // POST (mediaAPI) var response = await client.PostAsJsonAsync( "https://mediavox.co/mvapi/api/v1/datatools/names/standardize", new { text = "carlos alberto", country = "CO" }); var result = await response.Content.ReadFromJsonAsync<JsonElement>();

Python

# Install: pip install requests import requests headers = {"X-API-Key": "YOUR_KEY"} # GET clients = requests.get( "https://mediavox.co/mvvixo/api/v1/clients?page=1&pageSize=5", headers=headers).json() # POST (mediaAPI) result = requests.post( "https://mediavox.co/mvapi/api/v1/datatools/names/standardize", headers=headers, json={"text": "carlos alberto", "country": "CO"}).json()

JavaScript / Node.js

// Install: npm install node-fetch (Node.js) or use native fetch (browser) const headers = { "X-API-Key": "YOUR_KEY" }; // GET const clients = await fetch( "https://mediavox.co/mvvixo/api/v1/clients?page=1&pageSize=5", { headers }).then(r => r.json()); // POST (mediaAPI) const result = await fetch( "https://mediavox.co/mvapi/api/v1/datatools/names/standardize", { method: "POST", headers: { ...headers, "Content-Type": "application/json" }, body: JSON.stringify({ text: "carlos alberto", country: "CO" }) }).then(r => r.json());

Turing AI Endpoints

Embeddable AI assistant API. Base URL: https://mediavox.co/mvai/api/v1/

EndpointDescription
POST /api/v1/chatSend a question. Requires key (Turing API key). Optional: user_context, geo (lat/lng), mobile_token, file (base64) + file_name (attach document for analysis). Supports PDF, Excel, Word, CSV, images. Enables 110+ dynamic ERP tools. Multi-provider AI with automatic fallback.
POST /api/v1/transcribeVoice-to-text. Send audio file (multipart), get transcript. Triple fallback across multiple AI providers. Rate limit: 5/min. Header: X-Turing-Key.
POST /api/v1/extract-entitiesNER extraction from document (PDF, Excel, CSV, Word, TXT) or plain text. Supports is_base64 + file_name for binary files. Returns structured entities + integrity field with: score (0-100), level (high/medium/low), and alerts. Multi-layer analysis (file structure + visual for images). Multi-provider fallback.
POST /api/v1/feedbackSubmit feedback on a response. Requires key, id_conversation, feedback (1 or -1).
POST /api/v1/clearClear chat history for a session. Requires key, sessionId.
POST /api/v1/indexIndex content into RAG. Supports type: text, url, file (PDF/Excel/CSV/TXT/MD).
GET /api/v1/brandingGet widget branding (name, color) for a tenant. Query param: key.
GET /healthHealth check.
GET /openapi/v1.jsonOpenAPI 3.x specification (machine-readable).

WhatsApp Integration

Connect your WhatsApp Business account to Turing AI. Your customers chat via WhatsApp, Turing responds with full context (tools, RAG, history). Multi-tenant: each company configures its own WhatsApp number.

EndpointDescription
GET /api/v1/whatsappMeta webhook verification (challenge-response). Configure this URL in your Meta WhatsApp Business dashboard. Query params: hub.mode, hub.verify_token, hub.challenge.
POST /api/v1/whatsappReceives incoming WhatsApp messages from Meta Cloud API. Resolves tenant by phone_number_id, processes text/audio messages through Turing AI, and responds automatically via Meta Send API. Supports: text messages, audio transcription (coming soon). Always returns 200 to Meta.

Setup: Configure $.whatsapp in your Turing tenant: enabled, verifyToken, metaToken, phoneNumberId. Then set webhook URL in Meta Business: https://mediavox.co/mvai/api/v1/whatsapp.

Embed in your site

<script src="https://mediavox.co/mvai/mediavox-turing.js?v=2.5" data-key="tk_your_key" data-theme="light"></script>

Attributes: data-key (required), data-theme (light/dark), data-position (bottom-right/bottom-left), data-lang (es/en).

DocumentPower (Document Analysis + La Bóveda)

Upload any document. AI extracts structured data, detects type, verifies integrity, and persists in La Bóveda for cross-document search. Deduplication by SHA256. Storage per plan quota.

EndpointDescription
POST /api/v1/documents/analyzeFull analysis: type detection + integrity score + template NER + entities. Persists in La Bóveda by default (persist: false for stateless). Returns vault.document_id. Supports PDF, Word, Excel, CSV, images.
POST /api/v1/documents/askFollow-up question about a previously analyzed document. Requires session_id from /analyze response.
GET /api/v1/documents/typesList 18+ supported document types. Pass as tipo hint to skip auto-classification.

La Bóveda (Document Vault)

Every document analyzed is automatically stored with full-text search (FTS Spanish). Search across thousands of documents by keyword, entity, or type — months later. Deduplication prevents re-analysis of the same file ($0 if duplicate).

EndpointDescription
GET /api/v1/documents/vault/browsePaginated list of all documents. Params: page, page_size (max 100), type (filter by document_type). Returns: file_name, type, summary, entity_count, integrity_score, date.
GET /api/v1/documents/vault/searchFull-text search across all documents. Params: q (search query), type (optional filter), limit (max 50). Spanish stemming + metadata JSONB search. Returns relevance-ranked results.
GET /api/v1/documents/vault/{id}Get full document details + all extracted entities. Returns: text_extracted, metadata (template NER fields), integrity_score, entity list.
DELETE /api/v1/documents/vault/{id}Soft-delete a document (removes from browse/search, frees storage quota).

Turing Personal (User Auth)

EndpointDescription
POST /personal/api/signupRegister a personal user. Body: email, password, optional nombre, pais.
POST /personal/api/loginAuthenticate. Returns id_user, email, nombre.

HealthPower (Clinical Data Intelligence)

Process medical service records (RIPS), extract clinical data from PDFs, detect anomalies, and score patient risk. Base URL: https://mediavox.co/mvai/api/v1/health/. Requires X-API-Key header.

EndpointDescription
POST /rips/uploadUpload RIPS CSV file (Colombia AC/AP/AH/AU pipe-separated). Multipart form: file (CSV), api_key. Returns: records processed, duplicates skipped, errors. Batch 10K with binary COPY protocol.
GET /patients/{tipoId}/{id}/timelinePatient clinical timeline. All services ordered by date. Params: tipoId (document type: CC, TI, CE, PA), id (document number). Returns: procedures, diagnoses, providers, dates.
GET /patients/{tipoId}/{id}/risk-scorePatient risk score (0-100). Weighs: chronic diagnoses, service frequency, cost history, care gaps. High score = high projected cost.
GET /analytics/dashboardAggregated KPIs: total services, unique patients, top diagnoses (ICD-10), top providers, services by type. Query: period (YYYY-MM, default current month).
GET /catalogs/{country}Procedure code catalog by country. Supported: CO (CUPS), MX (CAUSES), PE (CPT-PE), CL (Fonasa), EC (IESS). Returns: code, description, group.
GET /analytics/anomaliesDetected anomalies: duplicate procedures (same patient+code in configurable window), overbilling (provider charges >2x average). Returns: type, patient, provider, amount, evidence.
GET /appointmentsList appointments with filters (date, specialist, status, patient). PII masked server-side. Paginated.
POST /appointmentsCreate appointment. Requires: id_especialista, fecha, paciente_tipo_id, paciente_id.
PUT /appointments/{id}Reschedule appointment (change date, specialist, or reason).
PUT /appointments/{id}/statusChange status: confirmada, cancelada, completada, pendiente.
GET /specialistsMedical specialist directory. Filters: specialty, location, active. Paginated.
POST /specialistsRegister specialist (nombre, especialidad, documento_id, registro_medico, sede, telefono).
PUT /specialists/{id}Update specialist information.
DELETE /specialists/{id}Deactivate specialist (soft delete).
GET /patientsPatient list with risk scores. PII masked. Filters: exact ID, min_score. Paginated.
GET /servicesSearch clinical services. Filters: date range, provider, diagnosis, patient, catalog. Paginated.
POST /patients/syncBulk sync affiliate/patient master data from insurer systems.
POST /consent/grantRegister Habeas Data patient consent (Ley 1581). Required before exposing data to third-party portals.
GET /consent/statusCheck if patient has active consent for data sharing.
GET /reconciliationCross-reference services vs invoices. Identifies orphan items in both directions. Query: period (YYYY-MM).
GET/PUT /alerts/configGet or update alert thresholds (chronic gap days, anomaly threshold, channels).
POST /documents/ingestUpload clinical PDF → auto-classify → NER → persist in salud tables. Dedup by file hash. Confidence threshold configurable per empresa. Optional tipo parameter skips classification (see GET /documents/types).
GET /patients/templateDownload Excel import template (Patients + Specialists + Instructions bilingual). Upload to POST /patients/sync.
GET /documents/typesList all available document types (18+). Use as tipo hint in /documents/analyze or /health/documents/ingest to skip auto-classification and save latency.
POST /treatmentsRegister treatment/prescription for adherence monitoring. Params: paciente_id, medicamento, frecuencia_horas, cuidador_telefono.
GET /treatmentsList active treatments for empresa with pagination.
GET /adherence/statusAdherence compliance: cumplidas, incumplidas, pendientes, total, compliance_percent. Optional patient filter.
POST /adherence/markMark a dose as taken (cumplido) or missed (incumplido). Params: id_adherencia, estado.
POST /authorizeValidate service against local authorization rules. Returns: decision (auto_approve/manual_review/rejected), copago, cuota_max_mes.
GET /authorization/rulesList configured authorization rules per empresa (categoria, decision, copago, cuota).
GET /audit/rulesList configured audit rules (7 active + 3 roadmap). Returns: codigo, nombre, tipo, parametros, activo.
POST /audit/rulesCreate or update audit rule. Body: codigo, nombre, tipo, activo, parametros (JSONB thresholds).
GET /audit/findingsList audit findings with filters. Params: estado, severidad, tipo, page, pageSize. Returns: findings with total count.
PUT /audit/findings/{id}Change finding status. Body: estado (confirmado/descartado/respondido). Ownership validated server-side.
GET /audit/summaryAudit KPIs: pendientes, confirmados, descartados, monto_pendiente, monto_confirmado, nuevos_semana, tasa_confirmacion.

Example: Upload RIPS

curl -X POST https://mediavox.co/mvai/api/v1/health/rips/upload \ -H "X-API-Key: vxk_your_key" \ -F "file=@rips_consultas.csv" \ -F "api_key=vxk_your_key"

Response: {"processed": 8542, "duplicates": 23, "errors": 0}

Example: Patient Risk Score

curl https://mediavox.co/mvai/api/v1/health/patients/CC/1032456789/risk-score \ -H "X-API-Key: vxk_your_key"

Response: {"score": 73, "risk_level": "high", "factors": ["diabetes_type_2", "hypertension", "gap_90_days"]}

Example: Anomalies

curl https://mediavox.co/mvai/api/v1/health/analytics/anomalies \ -H "X-API-Key: vxk_your_key"

Response: {"anomalies": [{"type": "duplicate", "patient": "CC-***6789", "code": "890302", "count": 3, "amount": 450000}]}

Interactive Docs (Swagger)

Full interactive API documentation with try-it-out:

Vixo API: mediavox.co/mvvixo/swagger

mediaAPI: mediavox.co/mvapi/swagger

Turing AI: mediavox.co/mvai/swagger

mediaAPI Endpoints

REST API across 5 domains. Base URL: https://mediavox.co/mvapi/api/v1/

DataTools: Data Quality

EndpointDescription
POST /datatools/names/standardizeStandardize person or company name. 3-layer matching: exact → phonetic fingerprint + trigram similarity → AI. Accent-insensitive, firstName/lastName split (LATAM convention 2+2), gender detection, person vs company classification. extensive canonical name database.
POST /datatools/names/batchBatch name standardization (up to 1K names per request)
POST /datatools/addresses/standardizeParse and standardize addresses. Typo dictionary (56+ variants), accuracy score (high/medium/low), Google cache. Multi-country: CO, MX, PE, CL, EC. Returns accuracy + confidence.
POST /datatools/addresses/batchBatch address standardization (up to 1K per request)
POST /datatools/addresses/resolveResolve colloquial references to formal addresses using POIs. "al lado del Ara" → lat/lng + address. Requires text, optional lat/lng for proximity. Returns best match + alternatives.
POST /datatools/geocode/reverseConvert GPS coordinates to human-readable address. Cached permanently (same coordinates = instant response). Params: lat, lng. Returns address, city, department, country.
POST /datatools/emails/validateValidate email: RFC 5322 syntax, disposable detection (118+ providers), typo correction (6K+ known typos from BD), MX record verification, domain brand identification, role account detection, free provider flagging. Returns suggested_correction and domain_brand.
POST /datatools/emails/validate/batchBatch validate up to 1K emails in a single request. Same checks as single validation. Request: {"emails":["[email protected]",...]}
POST /datatools/domains/validateValidate domain: DNS resolution, SSL certificate (issuer, expiry, days remaining), IPv6 support, overall scoring.

Recognition: Document Processing (AI Vision)

EndpointDescription
POST /recognition/documents/classifyClassify document type from image (ID card, invoice, receipt, driver license). Powered by AI Vision.
POST /recognition/id-documents/extractExtract structured data from ID documents: cédula CO, INE MX, DNI PE, CI CL. Returns name, ID number, dates, photo region.
POST /recognition/invoices/extractExtract data from electronic invoices. Multi-country electronic invoice formats.
POST /recognition/receipts/extractExtract data from purchase receipts: merchant, items with SKU, quantities, prices, totals, payment method.
POST /recognition/uploadUpload document via multipart/form-data (max 10MB). Stores in GCP, optional AI extraction. TTL: 30 days ID docs, 90 days invoices/receipts.

Finance: LATAM Financial Tools

EndpointDescription
POST /finance/tax-id/validateValidate tax ID with check digit: NIT CO (módulo 11), CC CO, RUT CL, RFC MX, CURP MX, RUC PE, DNI PE. 7 document types.
POST /finance/tax/calculateCalculate taxes: retención en la fuente CO (with UVT), IVA, ICA (CO), ISR (MX), IGV (PE). Country-specific rules and brackets.
POST /finance/invoice/formatFormat electronic invoice: Multi-country electronic invoice formatting.
POST /finance/bank-account/validateValidate bank account: 50+ LATAM banks with SWIFT codes, account format validation by country.
POST /finance/categorize-transactionAI-powered transaction categorization from bank statement descriptions. Returns category, subcategory, merchant, confidence.
GET /finance/dian/validate/{nit}Look up Colombian NIT in business registry. Returns company name, tax regime, city.
GET /finance/rues/search/{query}Search Colombian business registry by company name. Returns matching companies with NIT.

Security: Threat Intelligence

EndpointDescription
POST /security/threats/analyzeAnalyze any message (SMS, WhatsApp, email) for phishing, scam, or fraud: resolves ALL shortened URLs in cascade, compares final domain vs brand trusted domains, homoglyph detection, phishing pattern analysis, weighted scoring.
POST /security/urls/analyzeAnalyze URL: follows up to 10 redirects, homoglyph detection, domain age check, SSL verification, threat database lookup.
GET /security/threats/feedShared threat intelligence feed. Paginated. Every analysis contributes to the database (network effect).
POST /security/pin/generateGenerate secure PIN/OTP: SHA-256 hashed, configurable length (4-8 digits), configurable expiration.
POST /security/pin/validateValidate PIN: attempt tracking (max 5), automatic expiration, secure hash comparison.
POST /security/breach/checkCheck if email/domain appears in known data breaches.
POST /security/password/strengthAnalyze password strength: entropy, common patterns, dictionary check, scoring.
POST /security/sanctions/checkSanctions list screening against 4 official lists: OFAC SDN (US Treasury, 18K+), UN Security Council (1K+), EU Financial Sanctions (6K+), PEP OpenSanctions (39K+). Fuzzy name matching + ID lookup. 65K+ total entries. Updated weekly. Note: this is a screening tool; it does not replace a full compliance program (KYC, due diligence, transaction monitoring).

Brand Intelligence: Enterprise Brand Protection

Real-time monitoring of brand impersonation across SMS, WhatsApp, email, and web. Proactive detection via Certificate Transparency 24/7 + domain scanner (3,000+ variants). Content Forensics analyzes HTML for credential harvesting and exfiltration. Interactive Threat Graph reveals organized campaigns. Average detection: under 5 minutes.

EndpointDescription
POST /security/brands/registerRegister a brand for protection. Provide brand name, trusted domains, alert email. Returns brand ID and verification instructions.
POST /security/brands/verifyVerify domain ownership via DNS TXT record or meta tag. Required before monitoring activates.
GET /security/brandsList all registered brands for this developer with verification status.
PUT /security/brands/{id}/channelsConfigure monitoring channels (SMS, WhatsApp, email, web), countries, alert delivery (email, webhook, Slack), escalation rules, keywords, and trusted assets.
GET /security/brands/{id}/channelsRetrieve current channel and alert configuration.
GET /security/brands/{id}/alertsList impersonation alerts with severity, channel, country, domain, indicators, and campaign info. Paginated, filterable by severity and status.
POST /security/brands/{id}/alerts/{alertId}/actionTake action: confirm_threat, dismiss, escalate, request_takedown, block_sender. Improves ML accuracy.
GET /security/brands/{id}/dashboardReal-time dashboard: risk score, KPIs, threats by channel/country, active campaigns, top fraudulent domains, activity timeline.
GET /security/brand-reportComprehensive intelligence report: threats detected, domain analysis, trend analysis, risk score, geographic distribution.
GET /security/bi/summaryCISO Dashboard KPIs. Returns: threats (30d), active threats, takedowns sent/success, avg detection time, source breakdown (scanner/ct_logs/mfd), top attack techniques. Params: brand (optional), days (default 30). Multi-tenant: only shows threats for your brands.
GET /security/bi/timelineThreats per day chart data. Returns array of {date, threats, takedowns} for the last N days. Params: brand (optional), days (default 30, max 90).
GET /security/bi/graphThreat Graph (vis.js-ready). Returns nodes (brands, domains, IPs, registrars, IOCs) and edges (impersonates, hosted_on, registered_at). Max 200 nodes. Params: brand (optional). Use for interactive force-directed visualization of campaigns.

Compliance: KYC & Batch Intelligence (NEW)

EndpointDescription
POST /compliance/kycKYC Bundle 4 validations in 1 call: sanctions screening (OFAC/EU/UN/PEP, 65K+ entities), identity validation (NIT/RUT/RFC check digit), name standardization (AI + phonetic matching), risk score (0-100). Returns: PROCEED, REVIEW_RECOMMENDED, MANUAL_REVIEW_REQUIRED, or BLOCK. Params: name, documentType (NIT/CC/RUT/RFC), documentNumber, country (CO/CL/MX/PE).
GET /statsUsage Intelligence Real-time analytics: dictionary hit rate, unique names resolved, AI calls saved, estimated savings vs competition. Shows flywheel effect: API improves with usage.
POST /batch/uploadBatch Processing Upload CSV/Excel (up to 10MB, 50K rows) with operations: standardize_name, validate_tax_id, sanctions_check, validate_email, kyc. Returns batch_id for async results. Max 3 concurrent batches.
GET /batch/results/{batchId}Poll batch processing status and retrieve results when complete. Returns progress percentage and partial results.
POST /executeRPC Gateway Execute any registered method by name. Generic gateway for custom operations. Requires specific scope per method.
GET /methodsList all methods available for your API key based on assigned scopes.

Verify: Content Verification

EndpointDescription
POST /verify/checkAI content verification: detect phishing, fraud, spam, manipulated content. Returns verdict (legitimate/suspicious/fraudulent) with confidence and analysis.
GET /verify/webhookWebhook challenge verification for WhatsApp/Twilio integration.
POST /verify/webhookIncoming message processing: receives WhatsApp/Twilio messages, processes with AI, auto-replies.

AI: AI Services

EndpointDescription
POST /ai/chat/completionsChat completions. Multi-provider ready (swap AI providers without API changes).
POST /ai/text/analyzeText analysis optimized for LATAM Spanish: sentiment, entities, intent detection. Understands regional slang.
POST /ai/text/summarizeText summarization via AI.

Sales Copilot Integration API

Synchronize your ERP/CRM with Sales Copilot. Auth: X-API-Key header with scope salescopilot.write.

POST /api/v1/sc/clientsBulk upsert clients. Body: {"records": [{"codigo","nombre","telefono","zona","segment"}]}. Max 1000/request.
POST /api/v1/sc/productsBulk upsert products. Body: {"records": [{"codigo","nombre","precio","unidad","categoria"}]}. Max 1000/request.
POST /api/v1/sc/assignmentsBulk upsert client-rep assignments. Body: {"records": [{"codigo_cliente","codigo_rep"}]}. Max 5000/request.
GET /api/v1/sc/orders?since=YYYY-MM-DDGet orders created since date. Returns vendor, client, items, total, status.
GET /api/v1/sc/sync-statusLast 20 sync operations with status, timing, and error details.

Webhook Validation (HMAC-SHA256)

When MV sends webhooks to your endpoint, validate the X-MV-Signature header to ensure authenticity.

C#

using System.Security.Cryptography;
using System.Text;

bool ValidateWebhook(string body, string signature, string secret)
{
    var key = Encoding.UTF8.GetBytes(secret);
    var hash = HMACSHA256.HashData(key, Encoding.UTF8.GetBytes(body));
    var expected = "sha256=" + Convert.ToHexStringLower(hash);
    return signature == expected;
}
// Usage: ValidateWebhook(requestBody, Request.Headers["X-MV-Signature"], yourSecret);

Python

import hmac, hashlib

def validate_webhook(body: bytes, signature: str, secret: str) -> bool:
    expected = "sha256=" + hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(signature, expected)
# Usage: validate_webhook(request.body, request.headers["X-MV-Signature"], your_secret)

Node.js

const crypto = require('crypto');

function validateWebhook(body, signature, secret) {
    const expected = 'sha256=' + crypto.createHmac('sha256', secret).update(body).digest('hex');
    return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
// Usage: validateWebhook(req.body, req.headers['x-mv-signature'], yourSecret);