Use webhooks so your app receives events in real-time without polling.

What you do as an integrator

  1. Add your webhook URL in Wazapin dashboard.
  2. Save your webhook secret in your backend.
  3. Verify signatures on every incoming request.
  4. Process events idempotently (deduplicate by event ID).

Common events

  • message.new: New inbound or outbound message recorded.
  • message.status.updated: Delivery status changes (queued, sent, delivered, read, failed).
  • conversation.updated: Conversation state changes.

Example payload

message.status.updated
{
  "event_id": "evt_9f1fd66d",
  "event_type": "message.status.updated",
  "occurred_at": "2026-03-04T06:21:22Z",
  "data": {
    "message_id": "9f1fd66d-c37a-4b50-a8c2-b4dca523f9c8",
    "channel_id": "wzp_wu8f3k2p",
    "status": "delivered",
    "to": "6281234567890"
  }
}

Signature verification

Always verify webhook signatures before processing payload.
  • Reject invalid signatures with 403.
  • Use raw request body bytes when calculating HMAC.
  • Compare signatures using constant-time comparison.

Delivery and retry behavior

  • Webhooks are asynchronous.
  • Your endpoint should return 2xx quickly.
  • If your endpoint fails, Wazapin retries delivery.

Best practices

  • Store processed event_id to prevent duplicate processing.
  • Queue heavy work (DB updates, notifications) in background jobs.
  • Log event IDs for support and incident tracing.