Public config endpoint
The widget fetches its own configuration from this endpoint on first load. It is CORS-unrestricted (any origin can call it) and requires no authentication — the bot's publicId is the only credential needed. Only the publicly-visible fields from widgetConfig are returned; secrets and internal ids are never exposed.
GET /v1/public/bots/{publicId}/config
Path parameters:
publicId— the bot's public identifier, shapebot_<10 chars>
Request
curl https://api.mimicbot.app/v1/public/bots/bot_a1b2c3d4e5/config
No Authorization header needed. The server always responds with Access-Control-Allow-Origin: * so the browser can read it from any page.
Response 200
{
"publicId": "bot_a1b2c3d4e5",
"assistantName": "Assistant",
"primaryColor": "#2563EB",
"logoUrl": null,
"welcomeMessage": "Hi! How can I help?",
"position": "bottom-right",
"poweredByEnabled": true,
"suggestedQuestions": [],
"privacyPolicyUrl": null
}
| Field | Type | Description |
|---|---|---|
publicId | string | Matches the {publicId} path parameter. Round-tripped so callers can assert the response is for the expected bot. |
assistantName | string | Header name shown in the chat panel. |
primaryColor | string (hex #rrggbb) | Theme color used for the user bubble background and send icon. |
logoUrl | string | null | Optional square logo shown next to assistantName. |
welcomeMessage | string | First assistant bubble rendered before the visitor sends anything. |
position | "bottom-right" | "bottom-left" | Which corner the launcher bubble docks to. |
poweredByEnabled | boolean | Whether to render the "Powered by MimicBot" footer. |
suggestedQuestions | string[] | Quick-reply chips shown on an empty conversation. |
privacyPolicyUrl | string | null | Optional link rendered under the input as a privacy disclosure. |
Caching
The endpoint responds with Cache-Control: public, max-age=3600, so the browser and any intermediate CDN will cache the config for one hour. Manual config changes in the dashboard take up to an hour to propagate to already-loaded widgets. Hard-refresh the page to pick up changes immediately during testing.
Errors
404 NOT_FOUND— no bot with thatpublicIdexists (or it was soft-deleted)429 RATE_LIMITED— see Rate limits
Public endpoint errors return a slimmed shape — just { "error": { "code": "..." } }. See Errors for the canonical shape and the full code table.