The ContextSMS Webex Bot API lets you connect phone numbers with Webex messaging. When people send SMS/MMS to a phone number, messages appear in Webex. When a Webex team replies, the reply is forwarded as an SMS/MMS to the customer.
- Customers: Companies that want Webex teams to receive and send text messages.
- CSPs (Communication Service Providers): Messaging providers who manage phone numbers and integrations for their business customers.
- Enterprise Management: Create and manage customer organizations (enterprises).
- Phone Number Mapping: Map phone numbers to Webex bot identities.
- Authentication: JWT Bearer tokens and refresh flow.
- Webhooks: Real-time inbound message event delivery.
- Environments: Distinct development and production environments.
- Authenticate → call
/auth/loginto obtainaccessToken+refreshToken. - Create Enterprise →
POST /enterprise/{cspId}to register the customer organization. - Add Mapping →
POST /mapping/add/{enterpriseId}to link a phone number to a Webex bot. - Receive Events → implement a webhook endpoint to receive inbound message events.
- Send Messages → call API endpoints or let the system forward messages from Webex to SMS.
Use these hosts consistently in examples and your client implementations. Replace {api_base} with the chosen environment.
- Production API Base:
https://context-webex.sabrhub.com/api/v1 - Development API Base:
https://webex-dev-frontend.sabrhub.com/api/v1 - Authentication (Auth Service):
https://usermanagement.sabrhub.com/v1
Tip: Use server variables in generated SDKs or documentation tooling so you only change one place when switching environments.
All protected endpoints require a valid Bearer token in the Authorization header.
Authorization: Bearer <accessToken>- Login — exchange username/password for
accessToken(JWT) andrefreshToken. - Refresh — call the refresh endpoint to exchange
refreshTokenfor a newaccessToken.
URL (Auth service): https://usermanagement.sabrhub.com/v1/auth/login
Request
{
"username": "your-email@company.com",
"password": "your-password"
}Success Response (200)
{
"username": "your-email@company.com",
"accessToken": "eyJhbGciOi...",
"refreshToken": "eyJhbGciOi...",
"expirationTimeInUTC": "2025-10-14T12:34:56Z",
"roles": ["CSP_ADMIN"],
"tenantId": "tenant123",
"services": ["context-webex"]
}cURL example
curl -X POST "https://usermanagement.sabrhub.com/v1/auth/login" \
-H "Content-Type: application/json" \
-d '{
"username": "your-email@company.com",
"password": "your-password"
}'URL (Auth service): https://usermanagement.sabrhub.com/v1/auth/getaccesstoken
Request
{
"username": "your-email@company.com",
"refreshToken": "<REFRESH_TOKEN>"
}Success Response (200) same schema as /auth/login.
Authorization: Bearer <accessToken>(required for protected endpoints)Content-Type: application/jsonAccept: application/json
Use these field names consistently across endpoints and examples.
Enterprise
enterpriseId(string)name(string)contact(string)phoneNumber(string, E.164)email(string)defaultMmsSelection(boolean)webexSettings(object | null)numberToMessageAppMaps(array | null)createdDate(integer, epoch ms)updateDate(integer, epoch ms)
Number Mapping
numberToMessageAppMapId(string)messagingAppId(string) — e.g., the Webex bot IDphoneNumber(string) — E.164messagingAppType(string) — e.g.,WebexmmsEnabled(boolean)
AuthResponse
accessToken(string)refreshToken(string)expirationTimeInUTC(date-time)
ErrorResponse
error(string)code(string | integer) optional error codedetails(object | null) optional additional info
All endpoints shown against the canonical API base:
https://context-webex.sabrhub.com/api/v1(swap with dev base as needed).
(Defined earlier auth service host https://usermanagement.sabrhub.com/v1)
(Defined earlier auth service host https://usermanagement.sabrhub.com/v1)
URL: POST https://context-webex.sabrhub.com/api/v1/enterprise/{cspId}
Path parameter
cspIdCSP identifier (e.g.,CSP001)
Request body
{
"name": "ABC Marketing Company",
"contact": "Sarah Johnson",
"phoneNumber": "+15551234567",
"email": "sarah@abcmarketing.com",
"defaultMmsSelection": true
}Success Response (201 Created)
{
"enterpriseId": "E0000123",
"name": "ABC Marketing Company",
"contact": "Sarah Johnson",
"phoneNumber": "+15551234567",
"email": "sarah@abcmarketing.com",
"deleted": false,
"createdDate": 1698446777442,
"updateDate": 1698446777443,
"webexSettings": null,
"numberToMessageAppMaps": null,
"defaultMmsSelection": true
}cURL
curl -X POST "https://context-webex.sabrhub.com/api/v1/enterprise/CSP001" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "ABC Marketing Company",
"contact": "Sarah Johnson",
"phoneNumber": "+15551234567",
"email": "sarah@abcmarketing.com",
"defaultMmsSelection": true
}'URL: GET https://context-webex.sabrhub.com/api/v1/enterprise/getenterprise/{enterpriseId}
Success (200) returns the Enterprise object shown above.
cURL
curl -X GET "https://context-webex.sabrhub.com/api/v1/enterprise/getenterprise/E0000123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"URL: DELETE https://context-webex.sabrhub.com/api/v1/enterprise/deleteenterprise/{enterpriseId}
Success (204 No Content) no body returned. If your API returns a message object, treat 200 as accepted but prefer 204.
cURL
curl -X DELETE "https://context-webex.sabrhub.com/api/v1/enterprise/deleteenterprise/E0000123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"** Mapping payload fields:**
messagingAppId,phoneNumber,messagingAppType, andmmsEnabled(optional).
URL: POST https://context-webex.sabrhub.com/api/v1/mapping/add/{enterpriseId}
Request body
{
"messagingAppId": "webex-bot-12345",
"phoneNumber": "+15551234567",
"messagingAppType": "Webex",
"mmsEnabled": true
}Success Response (201 Created)
{
"numberToMessageAppMapId": "NTMAP0000456",
"messagingAppId": "webex-bot-12345",
"phoneNumber": "+15551234567",
"messagingAppType": "Webex",
"mmsEnabled": true
}cURL
curl -X POST "https://context-webex.sabrhub.com/api/v1/mapping/add/E0000123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"messagingAppId": "webex-bot-12345",
"phoneNumber": "+15551234567",
"messagingAppType": "Webex",
"mmsEnabled": true
}'URL: GET https://context-webex.sabrhub.com/api/v1/mappings/enterprise/{enterpriseId}
Success Response (200) Array of Number Mapping objects.
cURL
curl -X GET "https://context-webex.sabrhub.com/api/v1/mappings/enterprise/E0000123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"URL: GET https://context-webex.sabrhub.com/api/v1/mappings/csp/{cspId}
Supports optional pagination and filters (page, size, status). Returns an array of Number Mapping objects.
URL: DELETE https://context-webex.sabrhub.com/api/v1/mapping/{mappingId}
Success (204 No Content) mapping removed. If the API returns a JSON message, treat 200 with a message as acceptable, but 204 is preferred.
curl -X DELETE "https://context-webex.sabrhub.com/api/v1/mapping/NTMAP0000456" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"Integrators must implement an HTTPS endpoint to receive inbound message events (SMS → Webex flow). The platform will POST events to your webhook when messages arrive.
Important: Use HTTPS endpoints with valid TLS certificates. The platform may perform a verification handshake (challenge) — if you support webhook registration, implement a verification step that responds to challenge tokens.
POST /webhooks/messages (customer webhook endpoint — this is the endpoint you implement to receive events):
{
"eventType": "message.received",
"timestamp": "2025-10-14T12:00:00Z",
"message": {
"messageId": "MSG123456",
"phoneNumber": "+15559871234",
"from": "+15551230001",
"to": "+15559871234",
"text": "Hello, I need help",
"media": [
{
"url": "https://.../mms/abcd.jpg",
"contentType": "image/jpeg"
}
]
},
"enterpriseId": "E0000123",
"mappingId": "NTMAP0000456"
}Response (200) return HTTP 200 quickly to acknowledge receipt. If your endpoint is unavailable, our platform will retry according to exponential backoff rules.
Standardize on a JSON ErrorResponse:
{
"error": "Invalid phone number format",
"code": "INVALID_PHONE",
"details": {
"field": "phoneNumber",
"message": "Phone number must be E.164 format"
}
}Common HTTP status codes
200 OK— successful GET or other operations that return a body.201 Created— resource created (POST /enterprise, POST /mapping/add).204 No Content— delete succeeded, no response body.400 Bad Request— invalid input/data.401 Unauthorized— missing or invalid token.403 Forbidden— user lacks permission.404 Not Found— resource not found (enterprise/mapping).429 Too Many Requests— rate limit exceeded.500+— server errors.
Development/Testing
- Use the development API base:
https://webex-dev-frontend.sabrhub.com/api/v1 - Use test phone numbers and test Webex bot identities.
- Configure a local/ngrok HTTPS webhook endpoint for receiving events during development.
- Use the development API base:
Production
- Use the production API base:
https://context-webex.sabrhub.com/api/v1 - Ensure secure storage for
accessTokenandrefreshToken. - Implement retries, logging, and monitoring for webhooks and API calls.
- Use the production API base:
Environment switching
Use server variables or an environment config file for API_BASE so users cannot accidentally call production while testing.
- Use E.164 format for phone numbers (e.g.,
+15551234567). - Implement token refresh using
/auth/getaccesstokenbeforeaccessTokenexpiry. - Handle retries and idempotency for POSTs where the client may accidentally retry (use client-generated idempotency keys if supported).
- Log incoming webhook payloads (temporarily in dev only) to aid debugging.
- Validate incoming messages for allowed content and size, and sanitize text before forwarding to Webex.
- Login (Auth):
curl -X POST "https://usermanagement.sabrhub.com/v1/auth/login" \
-H "Content-Type: application/json" \
-d '{"username":"admin@csp.com","password":"YourPass"}'- Create enterprise (API):
curl -X POST "https://context-webex.sabrhub.com/api/v1/enterprise/CSP001" \
-H "Authorization: Bearer <accessToken>" \
-H "Content-Type: application/json" \
-d '{"name":"BrightStar Marketing","contact":"Mike Chen","phoneNumber":"+15559871234","email":"mike@brightstar.com","defaultMmsSelection":true}'- Add mapping
curl -X POST "https://context-webex.sabrhub.com/api/v1/mapping/add/E0000124" \
-H "Authorization: Bearer <accessToken>" \
-H "Content-Type: application/json" \
-d '{"messagingAppId":"brightstar-webex-bot","phoneNumber":"+15559871234","messagingAppType":"Webex","mmsEnabled":true}'- Test message
- Send SMS to
+15559871234→ webhook or Webex will receive and forward it to the mapped Webex bot/team.
- Monitoring: set up alerting if webhook delivery fails (exceeding retry thresholds) or if API rate limits are reached.
- Security: rotate tokens periodically and do not store tokens in client-side code.
- Support: when contacting support, include
enterpriseIdandnumberToMessageAppMapIdin your message to support@sabrhub.com.
- 2025-10-14 Canonicalized hostnames, aligned mapping request/response fields, added webhook schema, standardized status codes, improved examples.
- Auth:
POST https://usermanagement.sabrhub.com/v1/auth/login - Refresh:
POST https://usermanagement.sabrhub.com/v1/auth/getaccesstoken - Create enterprise:
POST https://context-webex.sabrhub.com/api/v1/enterprise/{cspId} - Get enterprise:
GET https://context-webex.sabrhub.com/api/v1/enterprise/getenterprise/{enterpriseId} - Delete enterprise:
DELETE https://context-webex.sabrhub.com/api/v1/enterprise/deleteenterprise/{enterpriseId} - Add mapping:
POST https://context-webex.sabrhub.com/api/v1/mapping/add/{enterpriseId} - List mappings (enterprise):
GET https://context-webex.sabrhub.com/api/v1/mappings/enterprise/{enterpriseId} - List mappings (CSP):
GET https://context-webex.sabrhub.com/api/v1/mappings/csp/{cspId} - Delete mapping:
DELETE https://context-webex.sabrhub.com/api/v1/mapping/{mappingId}