Use webhooks to receive events instead of polling.

Inbound provider webhooks

Wazapin receives provider callbacks on these routes:
  • POST /webhook/meta for Meta WhatsApp callbacks
  • POST /webhook/wago and POST /webhook/evolution for unofficial gateway callbacks
  • GET /webhook/meta for Meta challenge verification

Meta signature verification

Incoming Meta requests include X-Hub-Signature-256 and are verified against your app secret before processing. 
X-Hub-Signature-256: sha256=8f2b...a9c1

Outbound webhooks to your systems

You can configure public webhooks from API settings endpoints:
  • GET /v1/settings/developer/webhooks
  • POST /v1/settings/developer/webhooks/endpoints
  • PUT /v1/settings/developer/webhooks/endpoints/{endpointID}
  • DELETE /v1/settings/developer/webhooks/endpoints/{endpointID}
  • POST /v1/settings/developer/webhooks/endpoints/{endpointID}/rotate-secret
  • POST /v1/settings/developer/webhooks/endpoints/{endpointID}/test

Example event payload

message.new
{
  "event_type": "message.new",
  "organization_id": "org_123",
  "channel_id": "wzp_abc123",
  "data": {
    "message_id": "9f1fd66d-c37a-4b50-a8c2-b4dca523f9c8",
    "conversation_id": "0f89b0f9-74b4-44f9-b9b6-48f6d4de57aa",
    "direction": "inbound",
    "from_phone": "6281234567890",
    "msg_type": "text"
  }
}

Delivery and retries

  • Webhook deliveries are asynchronous.
  • Failed deliveries can be retried through webhook delivery endpoints.
  • Store and deduplicate by event/message ID in your consumer.
Always verify webhook signatures and reject payloads that fail verification.