Authentication
Learn how to authenticate API requests using Bearer tokens and API keys.
All WAStack API requests require authentication via Bearer tokens in the Authorization header. This ensures that only authorized applications can access your sessions and send messages.
API keys are generated from your dashboard under Settings > API Keys. Each key is scoped to specific sessions and has configurable permissions: read (view sessions and messages), write (send messages and manage webhooks), or admin (full access including team and billing management).
Include your API key in every request: Authorization: Bearer wa_live_your_key. The key validates against your workspace and session permissions.
For security, rotate API keys regularly. Generate a new key, update your application, then revoke the old key. Both keys work simultaneously during the transition, ensuring zero downtime.
Never expose API keys in client-side code, public repositories, or logs. Use environment variables and server-side request proxies for production applications.
Bearer Token Authentication
Include your API key in the Authorization header of every request: 'Authorization: Bearer wa_live_your_api_key'. The server validates the key and grants access based on its permissions.
API Key Scopes
Keys can be scoped to read, write, or admin permissions. Read-only keys can view sessions and messages. Write keys can send messages and manage webhooks. Admin keys have full workspace access.
Key Rotation
Generate a new key, update your application, then revoke the old key. Both keys work simultaneously during transition for zero downtime.
Security Best Practices
Never expose keys in client-side code or repositories. Use environment variables, server-side proxies, and scoped keys with minimum required permissions.
Code Examples
curl https://api.wastack.in/api/v1/devices \
-H "X-App-Key: your_app_key" \
-H "Authorization: Bearer your_auth_key"const response = await fetch("https://api.wastack.in/api/v1/devices", {
headers: {
"X-App-Key": "your_app_key",
"Authorization": "Bearer your_auth_key"
}
});
const devices = await response.json();Ready to implement?
Start building with WAStack APIs. Connect your WhatsApp in under 5 minutes.
Start FreeFrequently asked questions
Common questions about authentication.
Browse all documentation
From getting started to advanced API patterns, find everything you need to build WhatsApp automation.