Use X-Api-Key as the primary credential for server-to-server integration.
GET /v1/health HTTP/1.1
Host: api.wazapin.com
X-Api-Key: YOUR_API_KEY
Accept: application/json

Get your API key

  1. Sign in to app.wazapin.com.
  2. Open organization Settings → API keys (or Developer settings).
  3. Create a key with the permissions your integration needs.
  4. Store the secret once; it is not shown again in full.
Programmatic key management (requires an authenticated session or org context):
  • POST /v1/api-keys
  • GET /v1/api-keys
  • DELETE /v1/api-keys/{keyID}

Verify your key

Use a read-only call that does not change data. Health does not require authentication; List channels confirms your key works.
curl -sS "https://api.wazapin.com/v1/health"

Success response

200 OK
{
  "data": [
    {
      "id": "wzp_abc123",
      "platform": "whatsapp_official",
      "status": "connected"
    }
  ]
}
Field names in list responses follow the live API schema; use this call to confirm auth during setup.

Invalid key (401)

401 Unauthorized
{
  "title": "Unauthorized",
  "status": 401,
  "detail": "invalid or missing API key"
}
See Error handling and Error codes for other statuses.

Optional: bearer token

Bearer token is supported for session-based login flows (for example dashboard or POST /v1/auth/login). Prefer X-Api-Key for integrations.

Security

  • Store keys in a secret manager, not in client-side code.
  • Rotate keys if you suspect leakage.
  • Scope keys to minimum required permissions.
Treat API keys like passwords. Revoke and replace compromised credentials immediately.

Next steps