API Reference
Complete developer API documentation with official endpoints and request schemas
Authentication
All developer API requests require authentication. You must supply your API key in the request using either header format:
Authorization: Bearer YOUR_API_KEY X-API-Key: YOUR_API_KEYBase URL
Open API endpoints are mapped to the main platform address under the open endpoint prefix:
https://app.wabus.in/api/openSend Official Message
POST /official/messages/send
Send a text, media, template, or interactive message via the official Meta Cloud API.
Request Headers
Content-Type: application/json Authorization: Bearer YOUR_API_KEYRequest Body Parameters
- from_number_id (String - UUID, Required) - The unique ID of the connected WhatsApp display number.
- to (String, Required) - Recipient phone number in international E.164 format (e.g., "+919274158971").
- message_type (String, Required) - Must be one of:
"text","image","video","audio","document","template","interactive". - text (String, Optional) - Text content body. Required if
message_typeis"text". - template_name (String, Optional) - Name of the pre-approved template. Required if
message_typeis"template". - template_language (String, Optional) - Language code (e.g.,
"en","hi"). Required ifmessage_typeis"template". - template_components (Array, Optional) - Array containing parameter mappings for body/header variables.
Example: Sending a Template Message
POST /api/open/official/messages/send HTTP/1.1
Host: app.wabus.in
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
{
"from_number_id": "c0e640ba-c253-4318-b2a1-1234567890ab",
"to": "+919274158971",
"message_type": "template",
"template_name": "welcome_alert",
"template_language": "en",
"template_components": [
{
"type": "body",
"parameters": [
{
"type": "text",
"text": "Valued Customer"
}
]
}
]
}Success Response (201 Created)
{
"success": true,
"data": {
"message_id": "m01b8a53-d1f5-4e78-98bc-23456789abcd",
"wa_message_id": "wamid.HBgLOTE5Mjc0MTU4OTcxFQIAERg1NkM5ODMzNkM4RkUxRkMzOUEA",
"direction": "outbound",
"type": "template",
"status": "sent",
"timestamp": "2026-07-15T12:00:00.000Z",
"meta_message_id": "wamid.HBgLOTE5Mjc0MTU4OTcxFQIAERg1NkM5ODMzNkM4RkUxRkMzOUEA"
}
}Webhook Signature Verification
When Meta dispatches events (replies, delivery tags, read status) to the platform, it includes an HMAC-SHA256 signature calculated with the Meta App Secret in the X-Hub-Signature-256 header. Verify incoming events to secure your webhook endpoint:
const crypto = require('crypto');
const signature = req.headers['x-hub-signature-256'];
const expectedSignature = 'sha256=' + crypto
.createHmac('sha256', META_APP_SECRET)
.update(req.rawBody)
.digest('hex');
if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) {
throw new Error('Invalid signature');
}Error Response Schema
When an API request fails, the response returns the appropriate HTTP status code (e.g., 400 Bad Request, 401 Unauthorized, 429 Rate Limited, 500 Server Error) along with a JSON error payload:
{
"success": false,
"message": "Specific explanation of the failure (e.g., WhatsApp number not found or not connected)"
}Rate Limits
To ensure system stability, API requests are subject to rate limiting of 100 requests per minute per API key. Exceeding this limit will result in an HTTP 429 Too Many Requests response.