Skip to main content

What it is

Allows external systems and scripts to communicate with Symphony models programmatically, via the chat completions endpoint. Use this integration for automations, backends, tests (Postman), or integrations with other tools.

Prerequisites

  • Active account in AI Symphony.
  • An API key and/or JWT token.
  • The company ID (X-Enterprise-Id).

How to get your API key

1

Open AI Symphony

2

Click your username

In the bottom left corner.
3

Go to Settings

4

Access the Account (or Connections) tab

Under API Keys, depending on the version.
5

Create and copy the key

Click API Key and copy the generated key.
Paste the complete key, without extra spaces or unnecessary quotes.

API endpoint

  • Endpoint: POST https://symphony.fcamara.com/api/chat/completions
  • Authentication: Authorization: Bearer <token> (token obtained from Symphony).

Required headers

POST /api/chat/completions HTTP/1.1
Host: symphony.fcamara.com
Content-Type: application/json
Authorization: Bearer {JWT_TOKEN}
X-CSRF-Token: {CSRF_TOKEN}
X-Enterprise-Id: fcamara-0000-0000-0000-000000000001
HeaderDescription
AuthorizationUser’s JWT token (Bearer eyJhbGciOi...).
X-CSRF-TokenCSRF token for protection (required for POST/PUT/PATCH/DELETE).
X-Enterprise-IdCompany/tenant ID.
Content-Typeapplication/json.

Request body structure (JSON)

Required fields

FieldTypeDescription
idstring (UUID)Unique message ID (UUID v4).
chat_idstring (UUID)Conversation ID; all messages in the same conversation use the same value.
session_idstringUser session ID.
modelstringLLM model ID, in the format provider.model-name (e.g., azure.gpt-5-chat).
streambooleantrue = streaming response; false = complete response at once.
messagesarrayConversation messages; each item has role (user, assistant, or system) and content.
FieldTypeDescription
paramsobjectModel parameters: temperature (0.0–2.0), max_tokens, top_p (0.0–1.0).
tool_serversarrayTool servers; empty if not using tools.
featuresobjectEnabled features: image_generation, code_interpreter, web_search (true/false).
variablesobjectContext variables (e.g., {{USER_NAME}}, {{CURRENT_DATE}}, {{USER_LANGUAGE}}).
model_itemobjectModel details (id, name, owned_by, info).
stream_optionsobjectStreaming options, e.g.: include_usage (include usage statistics).

Complete example

{
  "id": "2e0aab0c-1202-48d4-8461-2a61f3f09a89",
  "chat_id": "ca49f9ae-c8fc-4a2c-807e-4ee1e73d4c01",
  "session_id": "mRiO2bEEkTnLsb8oAAPS",
  "model": "azure.gpt-5-chat",
  "stream": false,
  "messages": [
    { "role": "user", "content": "Hello chat." },
    { "role": "assistant", "content": "Hello! How can I help you?" },
    { "role": "user", "content": "Explain API" }
  ],
  "params": { "temperature": 0.7, "max_tokens": 2000 },
  "tool_servers": [],
  "features": {
    "image_generation": false,
    "code_interpreter": false,
    "web_search": false
  },
  "variables": {
    "{{USER_NAME}}": "Leonardo Pereira",
    "{{USER_LOCATION}}": "São Paulo, Brazil",
    "{{CURRENT_DATE}}": "2026-06-17",
    "{{USER_LANGUAGE}}": "en-US"
  },
  "model_item": {
    "id": "azure.gpt-5-chat",
    "name": "Azure gpt-5-chat",
    "owned_by": "openai"
  },
  "stream_options": { "include_usage": true }
}

Success response (200 OK)

{
  "id": "chatcmpl-DXttDwwlWkL6YkzARekAPP2cuFUX2",
  "object": "chat.completion",
  "choices": [
    {
      "index": 0,
      "message": { "role": "assistant", "content": "API stands for Application Programming Interface..." },
      "finish_reason": "stop"
    }
  ],
  "model": "gpt-5-chat-2025-08-07",
  "usage": { "completion_tokens": 293, "prompt_tokens": 42, "total_tokens": 335 }
}

Python example

import requests
import uuid
from datetime import datetime
import pytz

BASE_URL = "https://symphony.fcamara.com"
JWT_TOKEN = "your_jwt_token_here"
CSRF_TOKEN = "your_csrf_token_here"
ENTERPRISE_ID = "fcamara-0000-0000-0000-000000000001"

now = datetime.now(pytz.timezone('America/Sao_Paulo'))

payload = {
    "id": str(uuid.uuid4()),
    "chat_id": str(uuid.uuid4()),
    "session_id": str(uuid.uuid4()),
    "model": "azure.gpt-5-chat",
    "stream": False,
    "messages": [{"role": "user", "content": "Explain API"}],
    "params": {},
    "features": {"image_generation": False, "code_interpreter": False, "web_search": False},
    "variables": {"{{USER_LANGUAGE}}": "en-US"},
    "stream_options": {"include_usage": True}
}

headers = {
    "Content-Type": "application/json",
    "Authorization": f"Bearer {JWT_TOKEN}",
    "X-CSRF-Token": CSRF_TOKEN,
    "X-Enterprise-Id": ENTERPRISE_ID
}

response = requests.post(f"{BASE_URL}/api/chat/completions", json=payload, headers=headers)
if response.status_code == 200:
    data = response.json()
    print(data['choices'][0]['message']['content'])
    print(f"Tokens used: {data['usage']['total_tokens']}")
else:
    print(f"Error {response.status_code}:", response.json())

Authentication — getting tokens

JWT token

  1. Log in to the Symphony platform.
  2. The token is stored in localStorage with the key token.
  3. Use it in all authenticated requests (Authorization: Bearer <token>).

CSRF token

Required for POST/PUT/PATCH/DELETE. There are two ways:
If making requests via cURL/API, include the Authorization and X-CSRF-Token headers and use --cookie/withCredentials: true to send cookies.

Other useful endpoints

All require the Authorization: Bearer <key> header.
ActionMethod and endpoint
List available modelsGET /api/models
Server configurationGET /api/config
List user conversationsGET /api/v1/chats (query page, default 1)
Create new conversationPOST /api/v1/chats/new
Current user dataGET /api/v1/users/me
User permissionsGET /api/v1/users/permissions
List knowledge basesGET /api/v1/knowledge
Document uploadPOST /api/v1/knowledge/upload (multipart/form-data, field file)
List toolsGET /api/v1/tools
List promptsGET /api/v1/prompts

Common errors

CodeMeaningSolution
400Missing required fieldsInclude id, chat_id, session_id, model, stream, messages.
401Token missing/invalid/expiredCheck the Authorization header.
403No permission for the modelCheck user permissions for that model.
404Model not foundConfirm the model with GET /api/models.
429Request limit exceededWait; implement exponential backoff; reduce frequency.
500Server errorTry again and check logs.
Error structure:
{ "detail": "Descriptive error message" }

Streaming (Server-Sent Events)

For real-time responses, send "stream": true and read the body in chunks. Lines start with data: and the transmission ends in data: [DONE]; incremental content is in choices[0].delta.content.

Security best practices

Do

  • Store the key in environment variables.
  • Use HTTPS in all requests.
  • Implement retry with exponential backoff and timeouts (~30s).
  • Validate responses before processing.

Don't

  • Don’t expose the key in source code, URLs, or query parameters.
  • Don’t store the key in cookies or localStorage.
  • Don’t share the key or reuse the same one in multiple environments.

Limits and quotas

  • Rate limit: varies by plan (consult the administrator).
  • Timeout: ~30 seconds per request.
  • Maximum request size: 10 MB.
  • Maximum response size: no fixed limit (depends on the model).

Frequently asked questions

One of the id values returned by GET /api/models (e.g., azure.gpt-5-chat).
Confirm the Bearer prefix and, for POST methods, the X-CSRF-Token header.
Yes — it identifies the company/tenant of the request.

Known limitations

  • Access to each model depends on the account/company permissions.
  • JWT/CSRF tokens expire; renew them when necessary.
  • The model list changes according to administrator configuration — always check GET /api/models.