mlc / developers / v1

Build with REST, ship with webhooks.

Token-authenticated REST API. HMAC-signed outbound events with retry queue. JavaScript Visitor SDK for identify / update / track. Built for the engineer who wants to see headers, response shapes, and rate limits before signing anything.

Get an API token Read the v1 docs cat quickstart.sh
curl-quickstart.sh 
# Identify a visitor + track an event in 2 calls
curl -X POST "$API/v1/api.ashx?resource=visitors" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"key":"u_42","email":"[email protected]","name":"Jay"}'

curl -X POST "$API/v1/api.ashx?resource=track" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"key":"u_42","name":"viewed_pricing"}'
Quickstart

Go from token to first API call in 60 seconds.

Same shape across languages. Pick your stack.

bash list-tags.sh 
# 1. Generate a token at /dashboard/config_api_tokens.ascx
# 2. Export it as $TOKEN, then:

curl "https://www.mylivechat.com/v1/api.ashx?resource=tags" \
  -H "Authorization: Bearer $TOKEN"

# Response:
# {
#   "ok": true,
#   "data": [{ "id": 1, "name": "billing", "color": "#2563eb" }, ...],
#   "request_id": "a3f...c91"
# }
node list-tags.js 
const API   = "https://www.mylivechat.com/v1/api.ashx";
const TOKEN = process.env.MLC_TOKEN;

const r = await fetch(`${API}?resource=tags`, {
  headers: { "Authorization": `Bearer ${TOKEN}` }
});
const { ok, data, request_id } = await r.json();

if (!ok) throw new Error(`API error (req ${request_id})`);
console.log(`Got ${data.length} tags`);
python list_tags.py 
import os, requests

API   = "https://www.mylivechat.com/v1/api.ashx"
TOKEN = os.environ["MLC_TOKEN"]

r = requests.get(API, params={"resource": "tags"},
                 headers={"Authorization": f"Bearer {TOKEN}"})
body = r.json()

if not body["ok"]:
    raise RuntimeError(f"API error: {body['error']['message']}")

print(f"Got {len(body['data'])} tags")
REST API v1

Every resource. Read + write.

Token auth, scope-gated writes, rate-limited per token. Every response carries X-MLC-Request-Id for support correlation.

GET /v1/api.ashx?resource=tags

List conversation tags for the calling site. POST/PATCH/DELETE for write scope.

GET /v1/api.ashx?resource=conversation_starters

List configured AI conversation starter prompts.

GET /v1/api.ashx?resource=handoffs&since=&limit=

AI-to-human handoff log. Filter by date, paginate.

GET /v1/api.ashx?resource=transcripts&sessionId=

Full chat transcript for a single session. Includes AI + human messages.

GET /v1/api.ashx?resource=usage

AI replies served + bot tokens consumed this billing cycle.

GET /v1/api.ashx?resource=feedback

Visitor satisfaction ratings + comments from post-chat surveys.

GETPOSTDEL /v1/api.ashx?resource=visitors

Upsert visitor identity by stable key. Cross-references to event log + segments.

POST /v1/api.ashx?resource=track

Record a tracked event for a visitor. Powers segment evaluation.

GETPOSTPATCHDEL /v1/api.ashx?resource=webhook_subscriptions

Full CRUD over your webhook subscriptions, plus secret rotation.

GET /v1/api.ashx?resource=whoami

Token introspection: site_id, scopes, request_count. No auth probing required.

Need an endpoint we don't have? Open a ticket — the API is actively expanding.

Support workflow API

The action layer behind chat, AI, and follow-up.

The public website used to make MyLiveChat look like a widget plus a bot. The API surface is already wider: tickets, replies, macros, saved views, snooze, portal links, and visitor events are all available to automate the work after the first message.

Ticket lifecycle

Create, assign, reply to, merge, tag, and snooze tickets through the same REST layer that powers the dashboard.

  • tickets create + list
  • ticket_reply for public replies or internal notes
  • ticket_snooze and tickets_bulk for queue control

Agent assist

Standardize what happens after AI handoff so humans do not start from scratch on every escalation.

  • Shared macros for common follow-up replies
  • Shared saved_views for triage queues
  • handoffs + transcripts for full context

Visitor + automation bridge

Keep the support workflow connected to your app, CRM, and alerting stack using signed events and stable visitor identity.

  • visitors + track for identity and behavior signals
  • webhook_subscriptions for outbound events
  • portal_token for customer follow-up links
flow ai-handoff-to-ticket.txt 
1. Receive the handoff webhook after the bot escalates.
2. Load the transcript + handoff reason for triage context.
GET  /v1/api.ashx?resource=handoffs&since=...
GET  /v1/api.ashx?resource=transcripts&sessionId=...

3. Create or update the human follow-up workflow.
POST /v1/api.ashx?resource=tickets
POST /v1/api.ashx?resource=ticket_reply
POST /v1/api.ashx?resource=ticket_snooze

4. Push the outcome back into your stack.
POST /v1/api.ashx?resource=track
GET  /v1/api.ashx?resource=feedback
What developers should validate

Strong workflow surface, narrower public channel breadth.

Intercom, Crisp, Zendesk, LiveChat, and tawk.to now market broader inbox coverage more explicitly. The engineering question is not whether MyLiveChat has an API, but whether its current workflow surface matches the channels your support stack must own right now.

Best current fit

MyLiveChat is ready when your main automation target is website support plus post-chat workflow, not a full service-suite replacement.

  • Tickets, replies, tags, macros, views, handoff logs, and visitor events already support real operational automation.
  • AI-to-human handoff keeps transcript context intact, which is the highest-friction migration point for many teams.
  • The Visitor SDK ports cleanly from Intercom, Drift, and Crisp identify/track patterns.

Real current gap

Broader same-inbox channel operations are still the key limitation versus the suite vendors.

  • The public API story is strongest for web chat, tickets, email follow-up, and AI workflow.
  • If your build depends on WhatsApp, Instagram, SMS, or voice being first-class in the same queue immediately, validate that requirement before committing.
  • Use the Shared Inbox page as the canonical product-positioning view for current channel sequencing.

Recommended rollout order

The practical path is to automate the queue that already exists, then extend channels on top of the same model.

  • Start with web chat, ticket creation, email follow-up, and signed webhooks into your CRM or internal tools.
  • Add AI actions such as tagging, routing, form collection, and external webhook calls around handoff events.
  • Treat WhatsApp or the next channel as an incremental inbox extension, not a separate operating model.
Outbound webhooks

HMAC-signed events. Retry queue. Delivery log.

Subscribe per-event. Failed deliveries auto-retry with exponential backoff (30s → 2m → 10m → 1h → 6h, 5 attempts then dead-letter).

handoff EVENT

Fires when the AI bot hands off a chat to a human agent.

  • session_id · string
  • visitor · { name, email, ... }
  • handoff_reason · string
  • summary · string (AI-generated)
  • created_utc · ISO-8601

feedback EVENT

Fires when a visitor submits a post-chat satisfaction survey.

  • session_id · string
  • visitor · { name, email }
  • rating · 1..5
  • comment · string?
  • created_utc · ISO-8601

Verify the HMAC signature

node verify-webhook.js 
const crypto = require("crypto");

// MyLiveChat sends X-MLC-Signature: sha256=<hex digest>
// Compute HMAC of raw body using your subscription's secret.
function verify(rawBody, headerSig, secret) {
  const expected = "sha256=" +
    crypto.createHmac("sha256", secret)
          .update(rawBody)
          .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(headerSig),
    Buffer.from(expected)
  );
}
Visitor SDK

Identify, track, and segment from the browser.

9 KB minified. Drop-in script tag. Same shape as Intercom / Drift / Crisp identify calls so your existing instrumentation ports directly.

html install-sdk.html 
<!-- Load the SDK once in your global page template -->
<script src="https://www.mylivechat.com/assets/js/mlc-visitor-sdk.js"></script>

<script>
  // Boot once; SDK auto-buffers calls before MyLiveChat widget loads
  mylivechat("boot", {
    apiToken: "mlc_...",        // optional — enables backend bridge
    apiUrl:   "https://www.mylivechat.com/v1/api.ashx"
  });

  // Identify the logged-in user (debounced 800ms)
  mylivechat("identify", {
    user_id: currentUser.id,
    email:   currentUser.email,
    plan:    currentUser.plan
  });

  // Fire a tracked event (immediate)
  mylivechat("track", "viewed_pricing", { tier: "growth" });
</script>
boot()One-time init. Configures backend bridge if apiToken supplied.
identify()Set / merge visitor attributes. Debounced.
update()Alias of identify() — same partial-merge semantics.
track()Record an event. Fires immediately, fire-and-forget.
show() / hide()Toggle widget visibility on the page.
open() / close()Programmatically expand or collapse the chat panel.
reset()Wipe identity + attrs (for logout flows).
q queueCalls before SDK loads buffer to window.mylivechat.q.
localStorageIdentity + last 50 events persisted client-side.
The fine print

Auth, limits, and error handling.

Boring but necessary. Predictable behaviour you can plan around.

Auth

Bearer token in the Authorization header, OR ?token= query param. Tokens are SHA-256 hashed at rest; raw token shown once at creation.

  • Per-token scopes: read / read,write
  • Per-token request counter + daily-rollup
  • Revoke or rotate from dashboard

Rate limits

Per-token leaky-bucket: 60 / 200 / 600 req/min on Free / Starter / Growth. Exceeding returns 429 with a Retry-After header.

  • Buckets reset every 60 sec
  • Token-keyed (not IP-keyed)
  • Webhook deliveries don't count

Errors

JSON envelope: { ok:false, error: { code, message, request_id } }. The request_id matches a server log line for support escalation.

  • 400 = bad input, 401 = auth, 403 = scope
  • 404 = unknown resource, 429 = rate-limited
  • 500 = log line written under matching request_id
All in one platform

The API powers the same products.

Live Chat Platform

Real-time messaging, agent console, smart triggers.

Learn more →

AI Chatbot

Grounded in YOUR knowledge base. Smart handoff to humans.

Learn more →

Knowledge Base

Public help center + AI training data, in one editor.

Learn more →

Get an API token. Start building.

$ curl -X POST $API/v1/api.ashx -H "Authorization: Bearer mlc_..."

Free forever for 1 agent

Give every visitor an instant way to reach you.

Launch live chat, connect your knowledge base, and add AI answers when you are ready. No credit card, no trial clock.

Get Started Free View Demo