API Reference

Complete developer API documentation with official endpoints and request schemas

Authentication

All developer API requests require authentication. You must supply your API key in the request using either header format:

Authorization: Bearer YOUR_API_KEY X-API-Key: YOUR_API_KEY

Base URL

Open API endpoints are mapped to the main platform address under the open endpoint prefix:

https://app.wabus.in/api/open

Send Official Message

POST /official/messages/send

Send a text, media, template, or interactive message via the official Meta Cloud API.

Request Headers

Content-Type: application/json Authorization: Bearer YOUR_API_KEY

Request Body Parameters

  • from_number_id (String - UUID, Required) - The unique ID of the connected WhatsApp display number.
  • to (String, Required) - Recipient phone number in international E.164 format (e.g., "+919274158971").
  • message_type (String, Required) - Must be one of: "text", "image", "video", "audio", "document", "template", "interactive".
  • text (String, Optional) - Text content body. Required if message_type is "text".
  • template_name (String, Optional) - Name of the pre-approved template. Required if message_type is "template".
  • template_language (String, Optional) - Language code (e.g., "en", "hi"). Required if message_type is "template".
  • template_components (Array, Optional) - Array containing parameter mappings for body/header variables.

Example: Sending a Template Message

POST /api/open/official/messages/send HTTP/1.1
Host: app.wabus.in
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "from_number_id": "c0e640ba-c253-4318-b2a1-1234567890ab",
  "to": "+919274158971",
  "message_type": "template",
  "template_name": "welcome_alert",
  "template_language": "en",
  "template_components": [
    {
      "type": "body",
      "parameters": [
        {
          "type": "text",
          "text": "Valued Customer"
        }
      ]
    }
  ]
}

Success Response (201 Created)

{
  "success": true,
  "data": {
    "message_id": "m01b8a53-d1f5-4e78-98bc-23456789abcd",
    "wa_message_id": "wamid.HBgLOTE5Mjc0MTU4OTcxFQIAERg1NkM5ODMzNkM4RkUxRkMzOUEA",
    "direction": "outbound",
    "type": "template",
    "status": "sent",
    "timestamp": "2026-07-15T12:00:00.000Z",
    "meta_message_id": "wamid.HBgLOTE5Mjc0MTU4OTcxFQIAERg1NkM5ODMzNkM4RkUxRkMzOUEA"
  }
}

Webhook Signature Verification

When Meta dispatches events (replies, delivery tags, read status) to the platform, it includes an HMAC-SHA256 signature calculated with the Meta App Secret in the X-Hub-Signature-256 header. Verify incoming events to secure your webhook endpoint:

const crypto = require('crypto');
const signature = req.headers['x-hub-signature-256'];
const expectedSignature = 'sha256=' + crypto
    .createHmac('sha256', META_APP_SECRET)
    .update(req.rawBody)
    .digest('hex');

if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) {
    throw new Error('Invalid signature');
}

Error Response Schema

When an API request fails, the response returns the appropriate HTTP status code (e.g., 400 Bad Request, 401 Unauthorized, 429 Rate Limited, 500 Server Error) along with a JSON error payload:

{
  "success": false,
  "message": "Specific explanation of the failure (e.g., WhatsApp number not found or not connected)"
}

Rate Limits

To ensure system stability, API requests are subject to rate limiting of 100 requests per minute per API key. Exceeding this limit will result in an HTTP 429 Too Many Requests response.