Use X-Api-Key as the primary credential for public API integration.
  • X-Api-Key: <api_key>

API key example

cURL
curl -X GET "https://api.wazapin.id/v1/messages" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Accept: application/json"

Optional: bearer token

Bearer token is still supported for session-based login flows.

Token management

  • Store credentials in server-side secret manager.
  • Never expose credentials in browser client code.
  • Rotate credentials if you suspect leakage.

Creating API keys

API keys are managed through:
  • POST /v1/api-keys
  • GET /v1/api-keys
  • DELETE /v1/api-keys/{keyID}
These endpoints require authenticated organization context.
Treat API keys like passwords. Revoke and replace compromised credentials immediately.

Authentication errors

If token is missing or invalid, API returns 401 Unauthorized. See Error handling for response schema.