Resources/The Agent API Atlas/Support/HappyFox

Everything an AI agent can do with the HappyFox API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints24

API version1.1

Last updated23 June 2026

Orientation

How the HappyFox API works.

The HappyFox API is how an app or AI agent works with a helpdesk: listing and reading tickets, replying to a customer or adding a private note, moving a ticket or changing its status and assignee, and looking up contacts and staff. Access is granted through an API key paired with an auth code, which act together as the credential, and a call reaches whatever the staff member behind that key can reach, since the API has no per-method permissions of its own. The helpdesk can also push a ticket to a webhook when it is created or updated.

24Endpoints

4Capability groups

10Read

14Write

0Permissions

Authentication

Every call is authenticated with an API key and its auth code, sent together as the username and password of HTTP Basic authentication. Both are created in the admin pages under Apps, Goodies, API, and the auth code is revealed per key. The pair carries the access of the staff member it belongs to.

Permissions

The HappyFox API has no per-endpoint scopes. A key reaches whatever the staff member behind it can reach in the helpdesk, decided by that person's role and the categories they can see. The API does not narrow this further, so an agent given a key can call any method that staff member could, across tickets, contacts, and the directory. Narrowing access per agent is exactly what a gateway in front of the API adds.

Versioning

HappyFox serves a single API version, 1.1, under the account's own subdomain, with no dated version header to pin. There is no published per-version changelog for the API, so the live 1.1 paths are the current contract.

Data model

The API is resource-oriented JSON over HTTPS under the account subdomain at /api/1.1/json/. Tickets are the centre: a ticket carries replies, private notes, tags, and custom fields, and its status, priority, and assignee are changed through one staff update call rather than separate endpoints. Contacts are called users in the path, and read-only directory methods expose the staff, categories, statuses, and custom field definitions that ticket calls reference by ID.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to HappyFox decides what it can reach. There is one route, a request signed with an API key and its auth code, and that pair carries the access of the staff member it belongs to.

Ways to connect

REST API

The REST API answers under the account's own subdomain at /api/1.1/json/, for example https://acme.happyfox.com/api/1.1/json/. EU-hosted accounts use the happyfox.net domain instead. Requests and responses are JSON, and writes also accept form-encoded and multipart form data.

Best forConnecting an app or AI agent to HappyFox.

Governed byThe API key and auth code, carrying the staff member's access.

Docs ↗

Webhooks

A webhook posts the ticket as JSON to a chosen URL when a ticket is created or updated, or when a smart rule fires. It is configured in the admin pages under Apps, Goodies, Webhooks, not through the API, and HappyFox signs each payload with HMAC-SHA1 in the X-Happyfox-Webhook-Signature header.

Best forBeing notified of ticket changes without polling.

Governed byThe webhook configured in the admin pages and its signing key.

Docs ↗

Authentication

API key and auth code

Every call is signed with an API key and its auth code, sent together as the username and password of HTTP Basic authentication. The pair is created in the admin pages and carries the access of the staff member it belongs to, so it reaches whatever that staff member can reach. There are no per-endpoint scopes to narrow it.

TokenAPI key plus auth code (HTTP Basic)

Best forServer-side access to a HappyFox account

Docs ↗

Capability map

What an AI agent can do in HappyFox.

The HappyFox API is split into areas an agent can act on, such as tickets, the replies and notes on them, contacts, and the directory of staff, categories, and statuses. Each area has its own methods, and writes here change real helpdesk data that customers and agents see.

Tickets

7 endpoints

List and search tickets, read a single ticket, create one or many, and move, forward, or delete a ticket.

Writes here change real tickets that customers and agents see.

View endpoints →

Replies & updates

5 endpoints

Add a staff reply that changes ticket properties, add a private note, post a reply as the contact, update tags, and update custom field values.

Writes here add visible messages and change ticket state.

View endpoints →

Contacts & groups

7 endpoints

List and search contacts, read one by ID or email, create or edit a contact, and read or manage contact groups.

Writes here change real customer records.

View endpoints →

Staff & settings

5 endpoints

Read the staff list, the ticket categories, the statuses, and the ticket and contact custom field definitions.

These are read-only references to how the helpdesk is configured.

View endpoints →

Endpoint reference

Every HappyFox API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Tickets List and search tickets, read a single ticket, create one or many, and move, forward, or delete a ticket.7
GET	`/api/1.1/json/tickets/`	List tickets, with paging through the size and page parameters and filtering by status, category, or a search query.	read	—	Current
The API key has no per-method permission. A call returns whatever the staff member behind the key can see, so a key tied to a limited agent lists only that agent's visible categories. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/ticket//`	Get a single ticket's full details by its ticket number.	read	—	Current
Returns the ticket only if the staff member behind the key can access its category. Attachment URLs in the response expire 5 minutes after the call. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/tickets/`	Create a ticket, or up to 100 tickets in one batch by sending a list of ticket payloads.	write	—	Current
Tickets can be created in public categories and in categories the contact can see. Attachments are sent as multipart form data, up to 25 MB per request. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-created` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//move/`	Move a ticket to a different category.	write	—	Current
No per-method permission applies; the call succeeds if the key's staff member can act on the ticket. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//forward/`	Forward a ticket to an external email address.	write	—	Current
Sends the ticket contents outside the helpdesk to the address given. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//delete/`	Delete a ticket.	write	—	Current
Removes the ticket. No per-method permission applies; the call succeeds if the key's staff member is allowed to delete tickets in that category. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//subscribe/`	Subscribe a staff member to a ticket so they are notified of updates.	write	—	Current
No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
Replies & updates Add a staff reply that changes ticket properties, add a private note, post a reply as the contact, update tags, and update custom field values.5
POST	`/api/1.1/json/ticket//staff_update/`	Add a staff reply and change ticket properties in the same call, including status, priority, and assignee.	write	—	Current
There is no separate endpoint for changing status or assignee; both are set through fields on this call, such as status and assignee. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//staff_pvtnote/`	Add a private staff note that the contact cannot see.	write	—	Current
The note is internal to staff. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//user_reply/`	Post a reply on a ticket as the contact rather than as staff.	write	—	Current
The reply is attributed to the contact whose user ID is sent. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//update_tags/`	Add or remove tags on a ticket.	write	—	Current
No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/ticket//update_custom_fields/`	Update the custom field values on a ticket.	write	—	Current
Field IDs come from the ticket custom fields method. No per-method permission applies; access follows the key's staff member. Acts onticket Permission (capability)None required VersionAvailable since the API’s base version Webhook event`ticket-updated` Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
Contacts & groups List and search contacts, read one by ID or email, create or edit a contact, and read or manage contact groups.7
GET	`/api/1.1/json/users/`	List contacts, with paging through the size and page parameters, or search with a query.	read	—	Current
Contacts are called users in the API path. Returns names, emails, and phone numbers. No per-method permission applies; access follows the key's staff member. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/user//`	Get a single contact by ID, or by email address in place of the ID.	read	—	Current
Returns the contact's email, phone numbers, and custom fields. No per-method permission applies; access follows the key's staff member. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/users/`	Create a new contact, or edit an existing one, with name, email, phone numbers, and custom fields.	write	—	Current
The same path posts a new contact or updates a matched one. No per-method permission applies; access follows the key's staff member. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/user//`	Update a specific contact by ID, including enabling or disabling their login.	write	—	Current
Login is toggled with the is_login_enabled field. No per-method permission applies; access follows the key's staff member. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/contact_groups/`	List all contact groups.	read	—	Current
No per-method permission applies; access follows the key's staff member. Acts oncontact group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/contact_groups/`	Create a contact group with a name, description, and domains.	write	—	Current
No per-method permission applies; access follows the key's staff member. Acts oncontact group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
POST	`/api/1.1/json/contact_group//update_contacts/`	Add or edit the contacts in a contact group, up to 100 per request.	write	—	Current
No per-method permission applies; access follows the key's staff member. Acts oncontact group Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 300 POST requests per minute cap. SourceOfficial documentation ↗
Staff & settings Read the staff list, the ticket categories, the statuses, and the ticket and contact custom field definitions.5
GET	`/api/1.1/json/staff/`	List the staff members in the account, with their roles and permissions.	read	—	Current
Used to resolve the staff and assignee IDs that ticket calls reference. No per-method permission applies; access follows the key's staff member. Acts onstaff Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/categories/`	List the ticket categories configured in the account.	read	—	Current
Used to resolve the category IDs that ticket create and move calls reference. No per-method permission applies; access follows the key's staff member. Acts oncategory Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/statuses/`	List the ticket statuses configured in the account.	read	—	Current
Used to resolve the status IDs that the staff update call references. No per-method permission applies; access follows the key's staff member. Acts onstatus Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/ticket_custom_fields/`	List the ticket custom field definitions and their IDs.	read	—	Current
Field IDs from here are needed to update a ticket's custom fields. No per-method permission applies; access follows the key's staff member. Acts oncustom field Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗
GET	`/api/1.1/json/user_custom_fields/`	List the contact custom field definitions and their IDs.	read	—	Current
Contact custom fields are called user custom fields in the API path. No per-method permission applies; access follows the key's staff member. Acts oncustom field Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitCounts against the 500 GET requests per minute cap. SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

HappyFox can notify an app or AI agent when a ticket is created or updated, instead of the app repeatedly asking. The webhook is set up in the admin pages, not through the API, and it posts the ticket as JSON to a chosen URL.

Event	What it signals	Triggered by
`Ticket created`	Fires when a ticket is created in HappyFox, posting the ticket as JSON with an event type marking it a creation.	`/api/1.1/json/tickets/`
`Ticket updated`	Fires when a ticket is edited in HappyFox, posting the ticket as JSON with an event type marking it an update. A smart rule firing on a ticket can also trigger this.	`/api/1.1/json/ticket//staff_update/` `/api/1.1/json/ticket//staff_pvtnote/` `/api/1.1/json/ticket//user_reply/` `/api/1.1/json/ticket//update_tags/` `/api/1.1/json/ticket//update_custom_fields/` `/api/1.1/json/ticket//move/`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

HappyFox limits how fast an app or AI agent can call, through a per-minute cap on requests that counts reads and writes separately. Going over returns an error and holds for a fixed window before calls are accepted again.

Request rate

HappyFox applies a global per-minute cap, counting reads and writes separately: 500 GET requests per minute and 300 POST requests per minute. These account-wide limits take precedence over any limit set on an individual API key. Going over returns HTTP 429, and the API keeps returning 429 for the next 10 minutes before accepting calls again.

Pagination

List endpoints such as tickets and contacts page through the size and page parameters. The default page size is 10 and the maximum is 50, so larger result sets are walked one page at a time by increasing page.

Request size

Requests and responses are JSON. A single request can carry up to 25 MB of attachments, a batch can create up to 100 tickets at once, and a contact group update can change up to 100 contacts at once. Attachment URLs in a ticket response expire 5 minutes after the call.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
200	`Success`	The call succeeded. Read calls return the requested data, and write calls return the created or updated record.	Read the JSON body for the result.
400	`Bad Request`	Validation failed, such as a missing required field or an invalid custom field value. The body explains which field was rejected.	Read the body, correct the named field, and resend.
429	`Too Many Requests`	The per-minute request cap was exceeded. HappyFox returns 429 and keeps returning it for the next 10 minutes.	Stop calling and wait out the 10 minute window before retrying, then stay under the per-minute caps.

Versioning & freshness

Version history.

HappyFox serves a single API version, 1.1, addressed under the account's own subdomain. There is no dated version header to pin, so the current behaviour is whatever the live API returns.

Version history

What changed, and when

Latest version1.1

1.1Current version

Current API version

HappyFox serves a single API version, 1.1, under each account's own subdomain at /api/1.1/json/. It accepts JSON, form-encoded, and multipart form data, and there is no dated version header to pin or migrate. HappyFox does not publish a per-version API changelog, so the live 1.1 paths are the current contract.

What changed

Single versioned API at /api/1.1/json/ served under the account subdomain
HTTP Basic authentication with an API key and auth code pair
Global per-minute rate caps of 500 GET and 300 POST requests

An integration calls the 1.1 paths directly; there is no version header to set or migrate.

HappyFox release notes ↗

Questions

HappyFox API, answered.

How does an agent authenticate to the HappyFox API?+

With an API key and its auth code, sent together as the username and password of HTTP Basic authentication. Both are generated in the admin pages under Apps, Goodies, API. The key and code are a single credential: the API does not issue separate tokens or scopes, so whatever staff member the key belongs to is who the call acts as.

Can API access be scoped to just some endpoints or some data?+

Not within HappyFox itself. The API has no per-endpoint permissions. A key inherits the access of the staff member it belongs to, decided by that person's role and the categories they can see, and any call that staff member could make is available to anything holding the key. To limit an AI agent to, say, reading tickets but never deleting them, that boundary has to come from a gateway in front of the API.

What are the rate limits?+

HappyFox applies a global per-minute cap that counts reads and writes separately: 500 GET requests per minute and 300 POST requests per minute. These account-wide limits override any limit set on a single API key. Exceeding a cap returns HTTP 429, and the API keeps returning 429 for the next 10 minutes before it accepts calls again.

How do I change a ticket's status or assignee?+

Through the staff update call, /api/1.1/json/ticket//staff_update/. There is no separate endpoint for status or assignee; both are set as fields on that call, alongside a staff reply if one is included. Priority is changed the same way.

How do I get notified when a ticket changes instead of polling?+

Set up a webhook in the admin pages under Apps, Goodies, Webhooks. It posts the ticket as JSON to a chosen URL when a ticket is created or updated, or when a smart rule fires. HappyFox signs each payload with HMAC-SHA1 and puts the signature in the X-Happyfox-Webhook-Signature header, which the receiver checks against its signing key. Webhooks are configured in the admin pages, not through the API.

Why are contacts called users in the API?+

The API path for contacts is /api/1.1/json/users/ and a single contact is /api/1.1/json/user//. The customer-facing word in HappyFox is contact, but the API kept the older name user in its paths, including the contact custom fields method, /api/1.1/json/user_custom_fields/.

What is Bollard AI?

Control what every AI agent can do in HappyFox.

Bollard AI sits between a team's AI agents and HappyFox. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared HappyFox API key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control HappyFox access in Bollard Browse all APIs →

HappyFox

Support Agent

Read tickets ResourceOffReadFull use

Reply to tickets ActionOffReadFull use

Delete tickets ActionOffReadFull use

Read contacts ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in HappyFox

How the HappyFox API works.

Connection & authentication methods.

REST API

Webhooks

API key and auth code

What an AI agent can do in HappyFox.

Tickets

Replies & updates

Contacts & groups

Staff & settings

Every HappyFox API method.

Tickets

Replies & updates

Contacts & groups

Staff & settings

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

HappyFox API, answered.

More support API guides for agents

Gorgias

Dixa

Zendesk

LiveChat

Freshdesk

Crisp

Control what every AI agent can do in HappyFox.