App secrets are used to authenticate requests to the API. They are unique to each app and can be generated by the app developer from the app settings page.

App secrets should never be exposed to the public. You should only make calls to the API from your backend.


Every API request must include the Authorization header with the value Basic <base64 encoded app id:app secret>. In addition, all requests must include X-Organization-Id and X-Agent-Id headers with the values of the organization and agent IDs respectively for the agent where the app is installed.

API calls will fail if the app is not installed in the agent.

Serverless apps will have this authorization appended automatically.


$curl -X GET \
> -u "<app id>:<app secret>" \
> -H "X-Organization-Id: <organization id>" \
> -H "X-Agent-Id: <agent id>" \
> https://www.mavenagi-apis.com/v1/conversations/[conversationId]