Wati APIs use Bearer Token authentication. Every API request must include a valid API token in the HTTP Authorization header.

This guide explains how to generate your API token and include it in your API requests.

❗️
Please do not share the token with anyone, nor post it publicly.

Generate an API token

Before making API requests, you need to generate an API token from your Wati account.

Steps

Log in to your Wati account.
In the navigation menu, click API, or go to:

Connector → API → Create API Token
On the API Tokens page, click Generate new token.
Enter a token name and select the required scopes (permissions), such as:
- contacts:read
- contacts:write
- messagetemplate:read
(Optional) Set an expiry date for the token. For security, rotating tokens every 6 months is recommended.
Copy and securely store the generated token.

❗️
The token will only be shown once. Make sure you save it securely.

Authentication header

All API requests must include the following HTTP headers.

Header	Value
`Authorization`	`Bearer <your_api_token>`
`Content-Type`	`application/json`

Example request

GET https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts

	Authorization: Bearer eyJhbGciOiJIUzI1.......
	Content-Type: application/json

❗️
Replace eyJhbGciOiJIUzI1....... with your actual token copied from the API Docs page.

Example API Call (cURL)

```bash
curl --location 'https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts' \
	--header 'Authorization: Bearer <your_api_token>' \
	--header 'Content-Type: application/json'

Using authentication in common tools

Postman

Open your API request.
Go to the Authorization tab.
Select Bearer Token as the type.
Paste your API token in the Token field.
Send the request.

Zapier, n8n, or any HTTP client

Add the following header to your request:

Header Name	Value
`Authorization`	`Bearer <your_api_token>`

Using environment variables (recommended)

For security, store your API credentials as environment variables instead of hardcoding them in your source code.

Example:

WATI_API_ENDPOINT=https://live-mt-server.wati.io/xxxxxx/
WATI_API_TOKEN=eyJhbG1NiIsIn......

Example usage:

Authorization: Bearer $WATI_API_TOKEN

📘
Security best practices
Practice Description
Rotate tokens regularly Regenerate API tokens every 6 months
Use minimal scopes Only grant the permissions required for your integration
Avoid exposing tokens Never commit tokens to Git repositories or public code
Use environment variables Store tokens in environment variables or a secrets manager
Separate environments Use different tokens for development, staging, and production

❗️
Troubleshooting
Issue Possible cause Solution
401 Unauthorized Token missing, expired, or incorrect Generate a new token and ensure the Bearer prefix is included
No Access Token provided Missing Authorization header Add Authorization: Bearer <token> to the request
Token becomes invalid Account password was changed Generate a new token and update your integrations
Request fails due to incorrect endpoint Wrong API base URL Use the API base URL shown in your Wati API documentation (for example: https://live-mt-server-XXXXX.wati.io)