2026-05-28 — API-key auth for third-party access
Added
- API-key authentication for backend integrations. Manage keys at
POST/GET/PATCH/DELETE /api/auth/api-keys/. Send viaX-API-Key: sk_<hex>header. New API Keys reference page covers create / list / revoke / rotate. X-API-Keynow accepted on session history (GET /api/billing/usage/), chat history (GET /api/billing/sessions/<id>/), and form responses (GET /api/agents/<slug>/form-responses/). All three remain JWT-compatible — pick whichever fits your caller.
Changed
- Session-history and chat-history endpoints are no longer staff-only. Non-staff callers (JWT or API key) see only sessions for AI characters they created (
AICharacter.created_by). Staff still see everything. - A 403 on session-history with a
character_slugyou don’t own is now a silent empty200instead — the queryset filters at the data layer, no leak of which slugs exist.
2026-05-28 — Session history & restructured docs
Added
- Session History API — list past sessions for a character with usage totals, costs, and inline transcripts.
GET /api/billing/usage/?character_slug={slug}(docs). - Chat History API — retrieve a single session’s full transcript, recording URL, and per-turn timing.
GET /api/billing/sessions/{session_id}/(docs). - Dedicated API Integration section in the docs covering:
- Starting sessions from your backend
- Noise cancellation — Krisp + DeepFilterNet3 configuration and self-hosting
- Form handling — define forms, receive submissions, fetch from managed storage
- Voice-driven form control — agent opens, watches, and submits forms in real time over the data channel
- Pre-filling forms via API — four methods covering defaults, session metadata, agent tool args, and direct injection
- Connecting your APIs as agent tools
Changed
- Top-level navigation reorganised into Widget Integration, API Integration, API Reference, and Changelog. Internal admin docs (knowledge base, video rendering, agent dev tools) are no longer in the public nav.
- Introduction rewritten to lead with the two integration paths (widget vs API).
- Authentication docs simplified — removed internal X-API-Key section; only JWT bearer is documented now.
Fixed
- All cross-doc links now resolve to pages within the public nav.
How this changelog works
Entries are dated, newest first. Each release lists changes under Added / Changed / Fixed / Removed as applicable. For breaking changes, look for a ⚠ Breaking call-out at the top of the entry. The widget script is served fromhttps://api.oshara.ai/widget.js and is auto-updated — no version pin needed. The REST API is versionless; backwards-incompatible changes will be announced here at least 30 days before they ship.
Subscribe to updates by watching the docs repo — or check this page after each release notice.