WhatsApp Business API Authentication

WhatsApp Business API are always used for Server to Server Call. EnableX provides 2 different type of authentication mechanism for API Calls, they are:

  • HTTP Basic Authentication
  • Bearer Token

Either of these mechanism can be used to access WhatsApp Business API as per your application requirement.

HTTP Basic Authentication

The WhatsApp Business API uses HTTP Basic Authentication mechanism to authenticate API calls. Each API call is validated via the authentication header.

Each EnableX WhatsApp Project is assigned with Access Credentials in the form of APP ID and APP Key. These are to be used for HTTP Basic Authentication as explained below:

Authorization Header

  • APP ID: It is used as username.
  • APP KEY: It is used as password.
  • Create base64 encoding for String APP ID:APP KEY. This encoded string is used in the Authorization header. Note that there is a colon (:) to separate APP ID and APP KEY in the string to encode

Sample API Call Example: Using HTTP Basic Authentication

POST https://api.enablex.io/whatsapp/v1/messages
Authorization: Basic XXXXXX
Content-Type: application/json

In the above example:

  • The Authorization header contains a value XXXXX which is a base64 encoded string of the APP ID: APP KEY

Sample JSON for Error: Authentication failed.

{
"message": "Authentication failed",
"status": "Unauthorized",
"reason": "invalid credentials or the account has been deactivated"
}

Bearer Token

WhatsApp API works on a Bearer Token with a validity of 60 minutes. Using the Token, any number of API call can be made before it expires.

Using the Token API, a token can be created or re-created if the previous one has expired. The Token API returns an Expiry Time too. This helps you to re-create another token before it expires. If API call is made using an expired token, error is returned.

Sample API Call Example: Using Bearer Token

GET https://api.enablex.io/whatsapp/v1/templates
Authorization: Bearer TTTTTTT
Content-Type: application/json

In the above example:

  • The Authorization header contains a value TTTTTTTTT which is a Token received from Token API.

Sample JSON for Error: Authentication failed.

{
"message": "Authenticationnfailed",
"status": "Unauthorized",
"reason": "invalid credentials or the account has been deactivated"
}