Business API Design Specification -
Create Conversationthread
A Business API is a set of logical actions centered around a main data object. These actions can range from simple CRUD operations to complex workflows that implement intricate business logic.
While the term “API” traditionally refers to an interface that allows software systems to interact, in Mindbricks a Business API represents a broader concept. It encapsulates a business workflow around a data object, going beyond basic CRUD operations to include rich, internally coordinated actions that can be fully designed and customized.
This document provides an in-depth explanation of the architectural
design of the createConversationThread Business API. It
is intended to guide backend architects and developers in maintaining
the current design. Additionally, frontend developers and frontend AI
agents can use this document to understand how to properly consume
this API on the client side.
Main Data Object and CRUD Operation
The createConversationThread Business API is designed to
handle a create operation on the
ConversationThread data object. This operation is
performed under the specified conditions and may include additional,
coordinated actions as part of the workflow.
API Description
Starts a new conversation thread between two users for a specific listing. Prevents duplicate threads for the same user pair/listing.
API Frontend Description By The Backend Architect
Invoked when user contacts seller about a listing. If an existing thread exists for this user pair/listing (any order), it is reused. Only listing owner or buyers can start a thread.
API Options
-
Auto Params :
trueDetermines whether input parameters should be auto-generated from the schema of the associated data object. Set tofalseif you want to define all input parameters manually. -
Raise Api Event :
trueIndicates whether the Business API should emit an API-level event after successful execution. This is typically used for audit trails, analytics, or external integrations. The event will be emitted to theconversationthread-createdKafka Topic Note that the DB-Level events forcreate,updateanddeleteoperations will always be raised for internal reasons. -
Active Check : `` Controls how the system checks if a record is active (not soft-deleted or inactive). Uses the
ApiCheckOptionto determine whether this is checked during the query or after fetching the instance. -
Read From Entity Cache :
falseIf enabled, the API will attempt to read the target object from the Redis entity cache before querying the database. This can improve performance for frequently accessed records.
API Controllers
A Mindbricks Business API can be accessed through multiple interfaces, including REST, gRPC, WebSocket, Kafka, or Cron. The controllers listed below map the business workflow to a specific interface, enabling consistent interaction regardless of the communication channel.
REST Controller
The createConversationThread Business API includes a REST
controller that can be triggered via the following route:
/v1/conversationthreads
By sending a request to this route using the service API address, you can execute this Business API. Parameters can be provided in multiple HTTP locations, including the URL path, URL query, request body, and request headers. Detailed information about these parameters is provided in the Parameters section.
MCP Tool
REST controllers also expose the Business API as a tool in the MCP,
making it accessible to AI agents. This
createConversationThread Business API will be registered
as a tool on the MCP server within the service binding.
API Parameters
The createConversationThread Business API has 5
parameters that must be sent from the controller. Note that all
parameters, except session and Redis parameters, should be provided by
the client.
Business API parameters can be:
-
Auto-generated by Mindbricks — inferred from the
CRUD type and the property definitions of the main data object when
the
autoParametersoption is enabled. - Custom parameters added by the architect — these can supplement or override the auto-generated parameters.
Regular Parameters
| Name | Type | Required | Default | Location | Data Path |
|---|---|---|---|---|---|
conversationThreadId |
ID |
No |
- |
body |
conversationThreadId |
| Description: | This id paremeter is used to create the data object with a given specific id. Leave null for automatic id. | ||||
lastMessageAt |
Date |
Yes |
- |
body |
lastMessageAt |
| Description: | Date/time of the latest message in the thread (for sorting inbox). | ||||
listingId |
ID |
Yes |
- |
body |
listingId |
| Description: | ID of the listing being discussed. | ||||
receiverId |
ID |
Yes |
- |
body |
receiverId |
| Description: | User B in the conversation (order-invariant with senderId). | ||||
senderId |
ID |
Yes |
- |
body |
senderId |
| Description: | User A in the conversation (order-invariant with receiverId). | ||||
Parameter Transformations
Some parameters are post-processed using
transform scripts after being read from the request
but before validation or workflow execution. Only parameters with a
transform script are listed below.
No parameters are transformed in this API.
AUTH Configuration
The
authentication and authorization configuration
defines the core access rules for the
createConversationThread Business API. These checks are
applied after parameter validation and before
executing the main business logic.
While these settings cover the most common scenarios, more
fine-grained or conditional access control—such as
permissions based on object context, nested memberships, or custom
workflows—should be implemented using explicit actions like
PermissionCheckAction,
MembershipCheckAction, or
ObjectPermissionCheckAction.
Login Requirement
This API requires login (loginRequired = true). Requests from non-logged-in users will return a
401 Unauthorized error. Login is necessary
but not sufficient, as additional role, permission,
or other authorization checks may still apply.
Ownership Checks
Role and Permission Settings
-
Absolute roles (bypass all auth checks):
Users with any of the following roles will bypass all authentication and authorization checks, including ownership, membership, and standard role/permission checks:
[superAdmin]
Data Clause
Defines custom field-value assignments used to modify or augment the
default payload for create and
update operations. These settings override values derived
from the session or parameters if explicitly provided.", Note
that a default data clause is always prepared by Mindbricks using data
property settings, however any property in the data clause can be
override by Data Clause Settings.
Custom Data Clause Override No custom data clause override configured
Actual Data Clause
The business api will use the following data clause. Note that any calculated value will be added to the data clause in the api manager.
{
id: this.conversationThreadId,
lastMessageAt: this.lastMessageAt,
listingId: this.listingId,
receiverId: this.receiverId,
senderId: this.senderId,
isActive: true,
_archivedAt: null,
}
Business Logic Workflow
[1] Step : startBusinessApi
Manager initializes context, populates session and request objects, prepares internal structures for parameter handling and workflow execution.
You can use the following settings to change some behavior of this
step. apiOptions, restSettings,
grpcSettings, kafkaSettings,
socketSettings, cronSettings
[2] Action : fetchListing
Action Type: FetchObjectAction
Fetch related listing.
class Api {
async fetchListing() {
// Fetch Object on childObject listing
const userQuery = {
$and: [{ id: this.listingId }, { isActive: true }],
};
const { convertUserQueryToElasticQuery } = require("common");
const scriptQuery = convertUserQueryToElasticQuery(userQuery);
const elasticIndex = new ElasticIndexer("listing");
const data = await elasticIndex.getOne(scriptQuery);
if (!data) {
throw new NotFoundError("errMsg_FethcedObjectNotFound:listing");
}
return data;
}
}
[3] Step : readParameters
Manager reads input parameters, normalizes missing values, applies default type casting, and stores them in the API context.
You can use the following settings to change some behavior of this
step. customParameters, redisParameters
[4] Step : transposeParameters
Manager transforms parameters, computes derived values, flattens or remaps arrays/objects, and adjusts formats for downstream processing.
[5] Step : checkParameters
Manager executes built-in validations: required field checks, type enforcement, and basic business rules. Prevents operation if validation fails.
[6] Action : validateParticipants
Action Type: ValidationAction
Validate that neither participant is trying to chat with self, both are not listing owner, and IDs are valid.
class Api {
async validateParticipants() {
const isValid =
this.senderId !== this.receiverId &&
(this.senderId === this.session.userId ||
this.receiverId === this.session.userId) &&
this.listing.userId !== this.session.userId
? true
: true;
if (!isValid) {
throw new BadRequestError(
"Sender and receiver must be distinct and participate, only listing owner or buyers can start thread.",
);
}
return isValid;
}
}
[7] Step : checkBasicAuth
Manager performs authentication and authorization checks: verifies session, user roles, permissions, and tenant restrictions.
You can use the following settings to change some behavior of this
step. authOptions
[8] Step : buildDataClause
Manager constructs the final data object for creation, fills auto-generated fields (IDs, timestamps, owner fields), and ensures schema consistency.
You can use the following settings to change some behavior of this
step. dataClause
[9] Action : checkDuplicateThread
Action Type: SearchObjectAction
Check for existing thread for listing and user pair (order-independent).
class Api {
// Code for Search Object Action
async checkDuplicateThread() {
// Search objects from conversationThread
const scriptQuery = {
multi_match: {
query: null,
fields: [],
fuzziness: "AUTO",
},
};
console.log("SearchObject Query", scriptQuery);
const elasticIndex = new ElasticIndexer("conversationThread");
const searchResult = await elasticIndex.getDataByPage(0, 500, scriptQuery);
console.log("SearchObject Result", searchResult);
if (!searchResult) return [];
return searchResult.map((item) => item.id);
}
}
[10] Step : mainCreateOperation
Manager executes the database insert operation, updates indexes/caches, and triggers internal post-processing like linked default records.
[11] Step : buildOutput
Manager shapes the response: masks sensitive fields, resolves linked references, and formats output according to API contract.
[12] Step : sendResponse
Manager sends the response to the client and finalizes internal tasks like flushing logs or updating session state.
[13] Step : raiseApiEvent
Manager triggers API-level events (Kafka, WebSocket, async workflows) as the final internal step.
Rest Usage
Rest Client Parameters
Client parameters are the api parameters that are visible to client and will be populated by the client. Note that some api parameters are not visible to client because they are populated by internal system, session, calculation or joint sources.
The createConversationThread api has got 4 regular client
parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| lastMessageAt | Date | true | request.body?.[“lastMessageAt”] |
| listingId | ID | true | request.body?.[“listingId”] |
| receiverId | ID | true | request.body?.[“receiverId”] |
| senderId | ID | true | request.body?.[“senderId”] |
REST Request
To access the api you can use the REST controller with the path POST /v1/conversationthreads
axios({
method: 'POST',
url: '/v1/conversationthreads',
data: {
lastMessageAt:"Date",
listingId:"ID",
receiverId:"ID",
senderId:"ID",
},
params: {
}
});
REST Response
The API response is encapsulated within a JSON envelope. Successful
operations return an HTTP status code of 200 for get, list, update, or
delete requests, and 201 for create requests. Each successful response
includes a "status": "OK" property.
For error handling, refer to the “Error Response” section.
Following JSON represents the most comprehensive form of the
conversationThread object in the
respones. However, some properties may be omitted based on the
object’s internal logic.
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "conversationThread",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"conversationThread": {
"id": "ID",
"lastMessageAt": "Date",
"listingId": "ID",
"receiverId": "ID",
"senderId": "ID",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}