Skip to main content
The Bondify REST API gives you direct, low-level access to every capability of the platform — from creating Telegram auth sessions and verifying proofs to managing projects and querying analytics. All requests are made over HTTPS to a single base URL, and all request and response bodies use JSON.

Base URL

Every API request targets the following base URL: 
https://api.bondify.dev

Endpoint types

Bondify exposes two categories of endpoints, each with different authentication requirements.

Public session endpoints

The two session endpoints — POST /api/v1/generate/public and POST /api/v1/verify/public — are designed to be called from your frontend or mobile app. They do not require an Authorization header. You only need to supply a valid project_id in the request body.
EndpointPurpose
POST /api/v1/generate/publicCreate a new auth session and receive a Telegram deeplink
POST /api/v1/verify/publicPoll a session for its current status

Developer endpoints

All endpoints under /api/v1/dev/* are authenticated and intended for server-side use. You must include a valid Bearer token on every request. 
Authorization: Bearer <token>
You obtain the token by signing in to your Bondify developer account. The token is tied to your developer identity, so keep it out of client-side code and version control. The following developer endpoints are available:
EndpointPurpose
GET /api/v1/dev/meRetrieve the authenticated developer’s account details
GET /api/v1/dev/projectsList all projects
POST /api/v1/dev/projectsCreate a new project
PATCH /api/v1/dev/projects/:idUpdate a project
DELETE /api/v1/dev/projects/:idDelete a project
POST /api/v1/dev/projects/:id/regenerateRotate a project’s secret key
GET /api/v1/dev/sessionsList all sessions across your projects
GET /api/v1/dev/analyticsFetch aggregated analytics
GET /api/v1/dev/me returns your developer account object: { id, email, created_at }. Use it to confirm that your Bearer token is valid and to retrieve your account email programmatically.

Request format

Send all request bodies as JSON and include the Content-Type header on every request that has a body: 
Content-Type: application/json

Error format

When a request fails, the API returns a JSON object with a single error field describing what went wrong: 
{
  "error": "Description of what went wrong"
}

HTTP status codes

CodeMeaning
200Success
400Bad request — missing or invalid parameters
401Unauthorized — missing or invalid Bearer token
404Not found — the resource does not exist
500Server error — something went wrong on Bondify’s side
The Bondify SDK handles session creation, polling, and error handling automatically. Use the REST API directly only if you need a custom integration or are working in an environment where the SDK is not available.

Explore the API

Generate Session

Create an auth session and receive a Telegram deeplink to open on the user’s device.

Verify Session

Poll a session for its current status and retrieve the user’s Telegram identity on confirmation.

Projects API

List, create, update, and delete projects, and rotate secret keys.

Analytics API

Fetch session totals, conversion rates, daily breakdowns, and funnel data.