Authentication

Wati APIs use Bearer Token authentication. Every API request must include a valid API token in the HTTP Authorization header.

This guide explains how to generate your API token and include it in your API requests.

❗️

Please do not share the token with anyone, nor post it publicly.

Generate an API token

Before making API requests, you need to generate an API token from your Wati account.

Steps

  1. Log in to your Wati account.

  2. In the navigation menu, click API, or go to:

    Connector → API → Create API Token

  3. On the API Tokens page, click Generate new token.

  4. Enter a token name and select the required scopes (permissions), such as:

    • contacts:read
    • contacts:write
    • messagetemplate:read
  5. (Optional) Set an expiry date for the token. For security, rotating tokens every 6 months is recommended.

  6. Copy and securely store the generated token.

❗️

The token will only be shown once. Make sure you save it securely.

Authentication header

All API requests must include the following HTTP headers.

HeaderValue
AuthorizationBearer <your_api_token>
Content-Typeapplication/json

Example request

GET https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts

	Authorization: Bearer eyJhbGciOiJIUzI1.......
	Content-Type: application/json
❗️

Replace eyJhbGciOiJIUzI1....... with your actual token copied from the API Docs page.

Example API Call (cURL)

```bash
curl --location 'https://live-mt-server.wati.io/xxxxxx/api/v1/getContacts' \
	--header 'Authorization: Bearer <your_api_token>' \
	--header 'Content-Type: application/json'

Using authentication in common tools

Postman

  1. Open your API request.

  2. Go to the Authorization tab.

  3. Select Bearer Token as the type.

  4. Paste your API token in the Token field.

  5. Send the request.

Zapier, n8n, or any HTTP client

Add the following header to your request:

Header NameValue
AuthorizationBearer <your_api_token>

Using environment variables (recommended)

For security, store your API credentials as environment variables instead of hardcoding them in your source code.

Example:

WATI_API_ENDPOINT=https://live-mt-server.wati.io/xxxxxx/
WATI_API_TOKEN=eyJhbG1NiIsIn......

Example usage:

Authorization: Bearer $WATI_API_TOKEN
📘

Security best practices

PracticeDescription
Rotate tokens regularlyRegenerate API tokens every 6 months
Use minimal scopesOnly grant the permissions required for your integration
Avoid exposing tokensNever commit tokens to Git repositories or public code
Use environment variablesStore tokens in environment variables or a secrets manager
Separate environmentsUse different tokens for development, staging, and production
❗️

Troubleshooting

IssuePossible causeSolution
401 UnauthorizedToken missing, expired, or incorrectGenerate a new token and ensure the Bearer prefix is included
No Access Token providedMissing Authorization headerAdd Authorization: Bearer <token> to the request
Token becomes invalidAccount password was changedGenerate a new token and update your integrations
Request fails due to incorrect endpointWrong API base URLUse the API base URL shown in your Wati API documentation (for example: https://live-mt-server-XXXXX.wati.io)