Topolo Messaging

Authority

Service IDs:

Repos: PlatformApplications/TopoloMessaging

Hosts:

Dependencies: topolo-auth, topolo-bugfix, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloMessaging/functions/api/messaging/[[path]].ts

Source exists: yes

Topolo Messaging is a Worker-with-assets application using shared Topolo UI Kit shell, launcher, Auth, command-palette, loading, and BugFix surfaces. Browser login and callback-code redemption are owned by the shared Topolo Auth client, with embedded password-login success completed through Messaging app navigation after shared Auth token persistence. Messaging owns a D1 schema for workspaces, WhatsApp numbers, inboxes, contacts, conversations, messages, campaign drafts, automation definitions, outbound jobs, and webhook events. The app exposes /api/messaging/* for signed workspace operations, /api/auth/* as the same-origin Auth gateway, and /api/messaging/whatsapp/webhook for Meta webhook verification and signed event ingestion. Provider dispatch is queued through Cloudflare Queues; live WhatsApp Cloud API credentials must be provisioned as Worker secrets before outbound jobs move from provider_unconfigured to provider-sent states. Auth API-key scopes for `srv_topolo_messaging` mirror all seven Messaging permissions and are synced to production D1.

API key scopes in Auth catalog: 7

Auth Requirements

No global OpenAPI security scheme is declared.

• automations.manage (workspace/{workspace_id}/automation/{automation_id})
• campaigns.manage (workspace/{workspace_id}/campaign/{campaign_id})
• context.read
• inbox.read
• inbox.write
• messages.send (workspace/{workspace_id}/number/{number_id})
• numbers.manage (workspace/{workspace_id}/number/{number_id})

Runtime and Deployment

Wrangler surfaces: PlatformApplications/TopoloMessaging/wrangler.toml

Environment variables: AUTH_API_URL

Routes: workers.dev or Pages-only delivery

Observability enabled: yes