WATI API uses OAuth2 as an authorization layer. As such, every API request must contain an Authorize HTTP header with a token. Access tokens are app and user specific.
Please do not share the token with anyone, nor post it publicly.

curl --request GET \
  --url https://app-server.wati.io/api/v1/getContacts \
  --header 'Authorization: Bearer $TOKEN'

$TOKEN is your instance token, which can be found under API docs in the WATI UI.