Access Token for WhatsApp Business API

EnableX has implemented Bearer Token and HTTP Basic Authentication mechanism with WhatsApp Business API. This API is used to create one Bearer Token using which WhatsApp Business API can be used for a limited time period.

If you are looking to use WhatsApp Business API using Bearer Token, this API can be used to create a Token. The Token created can be used as Bearer Token in the Authorization Header for API requests.

Note that this is transactional Token, and gives access to APIs for next 60 minutes only. Any API call beyond the expiry time using the same Token will be denied. Therefore, you need to create another Token to continue using APIs..

Token API

This API call needs your WhatsApp Projects Access Credentials i.e. App-ID and App-Key.

  • API Route: https://api.enablex.io/whatsapp/v1/token
  • Method: POST
  • JSON Payload: Passed as Raw Body content
{
"app_id": "String",
"app_key": "String"
}

Request Payload Explanation

KeyData TypeConstraintsDescription
app_idStringRequiredApp ID of EnableX Project
app_keyStringRequiredApp Key of EnableX Project

Request Example

POST https://api.enablex.io/whatsapp/v1/token
Content-Type: application/json
{
"app_id": "String",
"app_key": "String"
}

Success Responsee

This is when a Token is received with expiry time

{
"token": "String",
"expiry": Number
}

Response Explanation

KeyData TypeDescription
tokenStringThis is the token to be used in subsequent request until it expires.
expiryNumberUnix Timestamp in UTC. This is the time when the Token expires.

Failure Response

This is when a Token request fails for invalid API Credentials

{
"message": "Authentication failed",
"status": "Unauthorized",
"reason": "invalid credentials or the account has been deactivated"
}

When Token expires?

You may manage it in 2 ways. You should implement both of the following while coding:

  1. Keep a note of the expiry key in the response of Token.
  2. All WhatsApp API call with an expired token will the error.

Expired Token Response: When API is called with expired Token

{
"message": "Authentication failed",
"status": "Unauthorized",
"reason": "invalid credentials or the account has been deactivated"
}

In either of the cases, its warranted that you re-generate a Token calling this API.