REST-API - Overview

Base URL

https://rest.willio.ai/

All requests use HTTPS and require authentication unless otherwise noted.

Authentication

All endpoints (except /status) require an Organization API Key.

Include your key in the request header:

Authorization: Bearer <ORG_API_KEY>

Each API key is unique per organization and scoped to that organization’s data.

Keys can be rotated or revoked at any time from the Willio dashboard.

Endpoint: Get Agent Prompt

Retrieve a full prompt configuration by Agent ID.

Method: GET

Endpoint: /p/{agent_id}

Example Request:

curl -X GET "https://rest.willio.ai/p/agt_jbe8c9l" \
 -H "Authorization: Bearer wk_live_0xuack0z.3em366vpoumqf9ioh2yrgybyksk56ekq"

Optional Query Parameters:

NameTypeDescriptionparam1, param2, etc.stringOptional user-defined parameters. These are encoded into the call_vars field for internal processing.

Example Response (200):

{
 "agentId": "agt_jbe8c9l",
 "agent_name": "Test Agent",
 "system_prompt": "You are an intelligent workflow assistant that helps automate business processes using Zapier, Make, and n8n. \nYour goal is to:\n- Understand the user’s business process or request.\n- Suggest clear automation flows.\n- When possible, outline the logic step-by-step (trigger → actions → outputs).\n- Respond concisely and clearly, in natural human language.\n- Ask clarifying questions only when strictly necessary.\n- You can also send {variables} through the URL parameters.",
 "status": "draft",
 "departments": [],
 "tags": [],
 "agent_vars": [
   "agent_id",
   "organization_no",
   "Authorization",
   "city",
   "Param1",
   "api_key"
 ],
 "updatedAt": "2025-10-18T08:00:09.564962+00:00",
 "event_id": "c4d04828-9b80-4ff7-86fd-2b1f263736df",
 "willio_tag_id": "23c65896-b814-4b86-9f82-b21138d95634",
 "willio_tag_enabled": false
}

Error Responses:

CodeMessageDescription401unauthorizedInvalid or missing API key404not_foundAgent not found429too_many_requestsRate limit exceeded500proxy_failedInternal server or timeout

🔹 Endpoint: Get Organization Info

Used by Zapier and other integrations to verify API key authentication.

Method: GET
Endpoint: /me
Authentication required: ✅ Yes

Example Request:

curl -X GET "https://rest.willio.ai/me" \
 -H "Authorization: Bearer wk_live_0xuack0z.3em366vpoumqf9ioh2yrgybyksk56ekq"

Example Response (200):

{
 "success": true,
 "message": "Authenticated",
 "organization": {
   "id": "2f58b614-759e-4164-b85c-19d4e426bae2",
   "name": "Willio"
 }
}

Error Responses:

CodeMessageDescription400invalid_parametersMissing or malformed API key401unauthorizedInvalid API key500internal_errorServer or configuration error.

Endpoint: API Status Check

Used for system monitoring and Zapier connection testing.
No authentication required.

Method: GET
Endpoint: /status

Example Request:

curl -X GET "https://rest.willio.ai/status"

Example Response (200):

{
 "service": "Willio REST API",
 "status": "ok",
 "timestamp": "2025-10-18T08:00:00Z"
}

Rate Limits & Usage

All API calls are monitored per organization for stability.
Exceeding rate limits returns 429 Too Many Requests.

Metadata (status, latency, and agent ID) may be logged for performance tracking,
but no content or sensitive data is ever stored in logs.

Security & Privacy

• All communications occur over HTTPS to ensure data integrity and confidentiality.

• The Willio API does not store or transmit personal user data.

• All requests are organization-scoped and authenticated via a secure API key.

• Request logs store only metadata (such as agent ID, status, and latency) — never the content or payload of your prompts.

• No credentials or sensitive data are ever logged or exposed.

• Each organization has isolated API keys, ensuring strict data separation and access control.

• All API keys are securely hashed and salted, following SOC 2–aligned security practices.

• All requests are authenticated, scoped, and fully auditable through Willio’s internal monitoring and audit logging systems.