WhatsApp Business API Authentication
WhatsApp Business API are always used for Server to Server Call. EnableX provides 2 different type of authentication mechanism for API Calls, they are:
- HTTP Basic Authentication
- Bearer Token
Either of these mechanism can be used to access WhatsApp Business API as per your application requirement.
HTTP Basic Authentication
The WhatsApp Business API uses HTTP Basic Authentication mechanism to authenticate API calls. Each API call is validated via the authentication header.
Each EnableX WhatsApp Project is assigned with Access Credentials in the form of APP ID and APP Key. These are to be used for HTTP Basic Authentication as explained below:
Authorization Header
- APP ID: It is used as username.
- APP KEY: It is used as password.
- Create base64 encoding for String APP ID:APP KEY. This encoded string is used in the Authorization header. Note that there is a colon (:) to separate APP ID and APP KEY in the string to encode
Sample API Call Example: Using HTTP Basic Authentication
POST https://api.enablex.io/whatsapp/v1/messagesAuthorization: Basic XXXXXXContent-Type: application/json
In the above example:
- The
Authorization
header contains a value XXXXX which is a base64 encoded string of the APP ID: APP KEY
Sample JSON for Error: Authentication failed.
{"message": "Authentication failed","status": "Unauthorized","reason": "invalid credentials or the account has been deactivated"}
Bearer Token
WhatsApp API works on a Bearer Token with a validity of 60 minutes. Using the Token, any number of API call can be made before it expires.
Using the Token API, a token can be created or re-created if the previous one has expired. The Token API returns an Expiry Time too. This helps you to re-create another token before it expires. If API call is made using an expired token, error is returned.
Sample API Call Example: Using Bearer Token
GET https://api.enablex.io/whatsapp/v1/templatesAuthorization: Bearer TTTTTTTContent-Type: application/json
In the above example:
- The
Authorization
header contains a value TTTTTTTTT which is a Token received from Token API.
Sample JSON for Error: Authentication failed.
{"message": "Authenticationnfailed","status": "Unauthorized","reason": "invalid credentials or the account has been deactivated"}