Prerequisites
Before you start, you need:
- A Disqua account — sign up free
- A workspace (created during onboarding)
curlor any HTTP client (Postman, Insomnia, etc.)
All API calls require HTTPS. HTTP requests will be redirected with a 301 to the HTTPS equivalent.
Step 1 — Create an API token
Disqua uses Bearer token authentication. Tokens are scoped to a workspace and carry the permissions of the user who created them.
- Log in to console.disqua.com
- Go to Workspace Settings → Integrations
- Click New API Token, give it a name (e.g. "My first app"), choose scopes
- Copy the token — it will only be shown once
Treat your token like a password. Never commit it to version control. Use environment variables or a secrets manager.
Token scopes
| Scope | Access |
|---|---|
| messages:read | Read messages in channels the user is a member of |
| messages:write | Send and edit messages |
| channels:read | List and read channel metadata |
| channels:write | Create, update, archive channels |
| users:read | Read user profiles within the workspace |
| files:read | Download files |
| files:write | Upload files |
| webhooks:write | Register and manage webhook endpoints |
Step 2 — Make your first request
Verify your token by fetching your own user profile:
curl https://api.disqua.com/v1/users/me \
-H "Authorization: Bearer YOUR_TOKEN_HERE"A successful response looks like:
{
"ok": true,
"data": {
"id": "01HQ7Z2B3X4C5D6E7F8G9H0J1K",
"username": "janedoe",
"displayName": "Jane Doe",
"email": "jane@example.com",
"avatarUrl": "https://cdn.disqua.com/avatars/janedoe.jpg",
"status": "online",
"createdAt": "2026-01-15T10:30:00.000Z"
}
}List channels in a workspace
You need your workspaceId. Find it in Workspace Settings → General, or from the list endpoint:
curl "https://api.disqua.com/v1/workspaces/WORKSPACE_ID/channels?limit=20" \
-H "Authorization: Bearer YOUR_TOKEN_HERE"{
"ok": true,
"data": [
{
"id": "01HQ7Z...",
"name": "general",
"slug": "general",
"type": "public",
"memberCount": 12,
"lastMessageAt": "2026-03-18T09:44:11.000Z"
}
],
"pagination": {
"hasMore": true,
"nextCursor": "01HQ8A..."
}
}Send a message
curl -X POST "https://api.disqua.com/v1/channels/CHANNEL_ID/messages" \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{
"content": "Hello from the Disqua API!"
}'{
"ok": true,
"data": {
"id": "01HQ8B...",
"channelId": "CHANNEL_ID",
"authorId": "01HQ7Z...",
"content": "Hello from the Disqua API!",
"contentHtml": "<p>Hello from the Disqua API!</p>",
"createdAt": "2026-03-18T09:45:00.000Z"
}
}Authentication flow
Disqua's API supports two authentication strategies:
API Token (recommended for bots & scripts)
Long-lived token scoped to a workspace. Created in Workspace Settings. Attach as Authorization: Bearer <token>.
OAuth 2.0 (recommended for third-party apps)
Standard Authorization Code flow with PKCE. Short-lived access tokens (15 min) + refresh tokens (7 days). Install flow for apps distributed to other workspaces.
OAuth 2.0 Authorization Code flow
GET https://api.disqua.com/oauth/authorize
?client_id=YOUR_CLIENT_ID
&redirect_uri=https://yourapp.com/callback
&response_type=code
&scope=messages:read+channels:read
&state=random_csrf_string
&code_challenge=BASE64URL(SHA256(code_verifier))
&code_challenge_method=S256POST https://api.disqua.com/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=AUTH_CODE_FROM_REDIRECT
&redirect_uri=https://yourapp.com/callback
&client_id=YOUR_CLIENT_ID
&code_verifier=YOUR_CODE_VERIFIER{
"access_token": "dqt_...",
"token_type": "Bearer",
"expires_in": 900,
"refresh_token": "dqr_...",
"scope": "messages:read channels:read"
}Error codes
All errors follow the same envelope format:
{
"ok": false,
"error": {
"code": "E_AUTHZ_NOT_MEMBER",
"message": "You are not a member of this channel.",
"requestId": "req_01HQ8C..."
}
}| HTTP | Error code | Description |
|---|---|---|
| 400 | E_VALIDATION | Request body/params failed schema validation |
| 401 | E_AUTHN_INVALID_TOKEN | Missing or invalid Bearer token |
| 401 | E_AUTHN_TOKEN_EXPIRED | Access token has expired — refresh it |
| 403 | E_AUTHZ_NOT_MEMBER | You are not a member of this workspace/channel |
| 403 | E_AUTHZ_INSUFFICIENT_SCOPE | Token lacks required scope for this operation |
| 403 | E_PLAN_LIMIT | Action blocked by your current plan limits |
| 404 | E_NOT_FOUND | Resource does not exist or is not accessible |
| 409 | E_CONFLICT | Unique constraint violation (e.g. slug already taken) |
| 410 | E_CHANNEL_ARCHIVED | Channel is archived — messages cannot be sent |
| 429 | E_RATE_LIMIT | Too many requests — check Retry-After header |
| 500 | E_INTERNAL | Unexpected server error — contact support with requestId |