Wati APIs use Bearer Token authentication. Every API request must include a valid API token in the HTTP Authorization header.
This guide explains how to generate your API token and include it in your API requests.
Please do not share the token with anyone, nor post it publicly.
Generate an API token
Before making API requests, you need to generate an API token from your Wati account.
Steps
-
Log in to your Wati account.
-
In the navigation menu, click API, or go to:
Connector → API → Create API Token

-
On the API Tokens page, click Generate new token.

-
Enter a token name and select the required scopes (permissions), such as:
contacts:readcontacts:writemessagetemplate:read
-
(Optional) Set an expiry date for the token. For security, rotating tokens every 6 months is recommended.
-
Copy and securely store the generated token.
The token will only be shown once. Make sure you save it securely.
Authentication header
All API requests must include the following HTTP headers.
| Header | Value |
|---|---|
Authorization | Bearer <your_api_token> |
Content-Type | application/json |
Example request
GET https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts
Authorization: Bearer eyJhbGciOiJIUzI1.......
Content-Type: application/jsonReplace eyJhbGciOiJIUzI1....... with your actual token copied from the API Docs page.
Example API Call (cURL)
```bash
curl --location 'https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts' \
--header 'Authorization: Bearer <your_api_token>' \
--header 'Content-Type: application/json'Using authentication in common tools
Postman
-
Open your API request.
-
Go to the Authorization tab.
-
Select Bearer Token as the type.
-
Paste your API token in the Token field.
-
Send the request.
Zapier, n8n, or any HTTP client
Add the following header to your request:
| Header Name | Value |
|---|---|
Authorization | Bearer <your_api_token> |
Using environment variables (recommended)
For security, store your API credentials as environment variables instead of hardcoding them in your source code.
Example:
WATI_API_ENDPOINT=https://live-mt-server.wati.io/xxxxxx/
WATI_API_TOKEN=eyJhbG1NiIsIn......Example usage:
Authorization: Bearer $WATI_API_TOKEN
Security best practices
Practice Description Rotate tokens regularly Regenerate API tokens every 6 months Use minimal scopes Only grant the permissions required for your integration Avoid exposing tokens Never commit tokens to Git repositories or public code Use environment variables Store tokens in environment variables or a secrets manager Separate environments Use different tokens for development, staging, and production
Troubleshooting
Issue Possible cause Solution 401 UnauthorizedToken missing, expired, or incorrect Generate a new token and ensure the Bearerprefix is includedNo Access Token providedMissing AuthorizationheaderAdd Authorization: Bearer <token>to the requestToken becomes invalid Account password was changed Generate a new token and update your integrations Request fails due to incorrect endpoint Wrong API base URL Use the API base URL shown in your Wati API documentation (for example: https://live-mt-server-XXXXX.wati.io)

