The WeSeeDo Personal API enables you to make video calls, easily and safely. Thanks to this API you and your customers can see each other via a two-sided visual connection built on WebRTC technology. WeSeeDo is AVG/GDPR-proof and complies with the ISO 27001 and NEN 7510.

You can integrate the API with OAuth 2.0 stand-alone or within your current planning software and applications. White label is also an option. In addition, the WeSeeDo Personal API offers the possibility to create single sign-on links.

The API offers the following:

  • Call scheduling.
  • 2-way or 3-way video and audio calls.
  • Notifications (optional).
  • Digital waiting room for participants (optional).

API specification

Test the API on SwaggerHub

Base URL

Conceptual model

Conceptual model


  • Computer, laptop, tablet or smartphone with a camera, microphone and speakers.
  • Internet connection: broadband or mobile. Sufficient bandwidth with for video calling. Minimum speed: 3G.



A company in this API is an entity that has sites and user entities linked to it. For example, the roles agent, assistant, assistant_video and admin are linked to a company.


The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.


Information and communication technology.

ISO 27001

ISO/IEC 27001 is an international standard on how to manage information security.

NEN 7510

The Dutch standard NEN 7510 provides frameworks for information security for healthcare organizations and associated organizations, like providers of software and ICT services. Information processed and stored by care providers is almost always confidential.


The Netherlands Bar (Nederlandse orde van advocaten, NOvA) is the professional organisation of the legal profession.


Short Message Service (SMS), also called text message.

API workflow

Workflow diagram

Features and constraints


  • No need to download or install software for participants.
  • 2-way or 3-way conversations are both possible.
  • Complies with:
    • GDPR.
    • ICT guidelines of the NOvA.
    • NEN 7510 standard.
    • ISO 27001 standard.


  • There might be some country specific restrictions depending on the country you want to send a SMS to. If you need help, please contact our User support.

Getting started

Make sure you've read What's in it for you for more info on how to register and start testing APIs.


The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.

Go to the Authentication tab on top of this page to find out how to:

  • Authenticate to an API using cURL.
  • Authenticate to an API on Swaggerhub.
  • Import Open API Specifications (OAS), also called Swagger files into Postman.

How to...

Create new users

This endpoint creates a new user. A user can perform several roles, for example, the agent role. Agents can create meetings and start meetings.

To create a user, send a request to the endpoint POST ​/management​/users.

You will need this information:

  • First name.
  • Last name.
  • E-mail.
  • Locale: nl or en.
  • Role: agent, assistant, assistant_video.
  • Entity type and id. This is the company id that you received in the onboarding e-mail.

If you set a password, Sandbox users will be able to log in directly to WeSeeDo sandbox using the provided email and password. If you don't set a password, users will receive an e-mail at the specified email with an activation link to create a password themselves.

The password must have a:

  • Minimum of 8 characters.
  • Minimum of 1 lower case character.
  • Minimum of 1 uppercase character.
  • Minimum of 1 number.


^^Request body example^^

  "first_name": "Firstname of the agent",
  "last_name": "Lastname of the agent",
  "email": "",
  "photo": "iVBORw0KGgoAAAANSUhEUgAAARgAAAAqCAIAA.....",
  "password": "StrongPassword123!",
  "locale": "en",
  "role": "agent",
  "entity": {
    "type": "company",
    "id": "11h1aa1a0e11a1c11df11111"

User roles


The most common role for the user is the agent role. The agent can log in to WeSeeDo Personal. The agent can schedule appointments for himself and have WeSeeDo conversations.


The assistant role can log in to the WeSeeDo Personal. The assistant can schedule appointments for other user objects with the roles agent or assistant_video, which are linked to the same site. The assistant cannot make video calls itself, and therefore does not require a license.


The assistant_video role has the same options as the assistant, but can also make video calls. A license is therefore required for a user with the role assistant_video.

Retrieve users

You can retrieve all users or you can retrieve a specific user.

  • If you want to retrieve a list of all users, use the endpoint GET /management/users.
  • If you want to retrieve a specific user, use the endpoint GET /management/users/{id}. You need to provide a valid user id.

Update users

You can update all user details or you can update only parts of it. For example, the password:

  • If you want to update user details, use the endpoint PUT /management/users/{id}.
  • If you want to update only specific details of a user, use the endpoint Patch /management/users/{id}. You need to provide a valid user id.

You cannot change the assigned role.

Delete users

To delete users, send a request with the user id of the user you want to delete to the endpoint DELETE/ management/users/{id}.

Create new meetings

This endpoint creates meetings and sends the meeting invitation via e-mail or SMS or both to the participants:

POST ​/personal​/meetings

You will need this information:

  • The user id of the agent who is going to host the meeting. It is not required if the agent schedules the meeting.
  • The site id. You can find the site id in the response of a GET /management/users request.

Retrieve meetings

You can retrieve all meetings or you can retrieve a specific meeting:

  • If you want to retrieve meetings, use the endpoint GET /personal/meetings.
  • If you want to retrieve a list of a specific user, use the endpoint GET /personal/meetings/{id}. You need to provide a valid meeting id.

Update meetings

To update meetings, use the endpoint PATCH /personal/meetings/{id} and POST /personal/meetings/{id}.

At the moment it is only possible to change the time of a meeting.

Delete meetings

To delete meetings, send a request with the meeting id of the meeting you want to delete to the endpoint DELETE /personal/meetings/{id}.

Return codes

Code Description
200 Success.
201 Created.
202 Accepted.
302 Found. Link in location header.
400 Bad request.
401 Unauthorized.
403 Forbidden.
404 Not found.
405 Method not allowed.
412 Precondition failed.
429 Too many requests.
500 Internal server error.
502 Bad gateway.
503 Service unavailable.

HTTP response headers

The following tables display the standard response headers that are returned with each API response:

Standard response field name Description
sunset This field will be populated with the deprecation details. By default the value is n/a.
api-version Indicates the API version you have used.
quota-interval Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-limit Number of API calls an user can make within a given time period.
If this limit is exceeded, the user will be throttled and API requests will fail.
quota-reset-UTC All quota times are set to the Coordinated Universal Time (UTC) time zone.
quota-time-unit Used to specify the unit of time applicable to the quota.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-used Number of API calls made within the quota.
strict-transport-security The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload.
Access control field name Description
access-control-allow-credentials Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include.
When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean.
access-control-allow-origin Indicates whether the response can be shared with requesting code from the given origin.
access-control-allow-headers Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
access-control-max-age Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
access-control-allow-methods Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.
For example: GET, PUT, POST, DELETE.
content-length The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient.
content-type The Content-Type entity header the client what the content type of the returned content actually is.

Mopinion feedback