Welcome to WhatsApp Business API
This API allows you to integrate WhatsApp Business with your systems to communicate with your customers in an automated, scalable, and secure way.
WhatsApp Business API is an enterprise solution that enables:
- Sending important notifications to your customers
- Providing 24/7 customer support
- Automating frequent responses
- Integrating WhatsApp with your CRM and ERP systems
Key Features
Text Messages
Send formatted text messages (bold, italic, strikethrough) and emojis.
Multimedia
Send images, videos, documents and audio files.
Lists & Buttons
Interact with users through quick reply buttons and list messages.
Ephemeral Messages
Send messages that disappear after a configurable time.
Technical Requirements
- Verified WhatsApp Business account
- Server with valid HTTPS
- Access token provided by WhatsApp
- Rate limits configured according to your plan
POST /send-message
Sends a text message to a WhatsApp number. Supports basic Markdown formatting for bold, italic and strikethrough text.
| Parameter | Type | Required | Description |
|---|---|---|---|
| phone_number | string | Yes | Phone number in international format (e.g. +14155552671) |
| message | string | Yes | Message content (up to 4096 characters). Supports *bold*, _italic_ and ~strikethrough~ |
| preview_url | boolean | No | If true, generates a preview for included links (default: false) |
| reply_to | string | No | ID of the message being replied to |
Success Response
{
"status": "success",
"message_id": "wamid.ABGS...",
"timestamp": "2025-04-27T12:00:00Z",
"recipient": "+14155552671"
}Error Response
{
"status": "error",
"code": 400,
"message": "Invalid phone number format",
"details": "Phone number must include country code"
}cURL Example
curl -X POST \
https://api.whatsapp.com/v2/send-message \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+14155552671",
"message": "Hello! This is an *important message*.",
"preview_url": true
}'JavaScript Example
const sendMessage = async () => {
const response = await fetch('https://api.whatsapp.com/v2/send-message', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN',
'Content-Type': 'application/json'
},
body: JSON.stringify({
phone_number: '+14155552671',
message: 'Hello! This is an *important message*.',
preview_url: true
})
});
const data = await response.json();
console.log(data);
};POST /send-media
Send multimedia messages (images, videos, documents, audio) via WhatsApp.
| Parameter | Type | Required | Description |
|---|---|---|---|
| phone_number | string | Yes | Phone number in international format |
| media_type | string | Yes | Media type (image, video, document, audio, sticker) |
| media_url | string | Yes | Public URL of the media file (HTTPS required) |
| caption | string | No | Description for images/videos/documents (up to 1024 characters) |
Supported Formats
| Type | Formats | Max Size | Notes |
|---|---|---|---|
| Image | JPEG, PNG | 5 MB | Recommended 1920x1080px |
| Video | MP4, 3GPP | 16 MB | Max 30 seconds for autoplay |
| Document | PDF, DOCX, XLSX, PPTX, TXT | 100 MB | Must include extension |
| Audio | MP3, OGG | 16 MB | Max 30 seconds for voice notes |
cURL Example
curl -X POST \
https://api.whatsapp.com/v2/send-media \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"phone_number": "+14155552671",
"media_type": "image",
"media_url": "https://example.com/image.jpg",
"caption": "This is our *new product*"
}'GET /message-status
Check the delivery status of a previously sent message.
| Parameter | Type | Required | Description |
|---|---|---|---|
| message_id | string | Yes | Message ID obtained in the send response |
Possible Statuses
| Status | Description |
|---|---|
| sent | Message sent to WhatsApp server |
| delivered | Message delivered to recipient's device |
| read | Message was read by recipient |
| failed | Error sending message (see error field) |
Success Response
{
"status": "delivered",
"message_id": "wamid.ABGS...",
"timestamp": "2025-04-27T12:05:00Z",
"recipient": "+14155552671"
}cURL Example
curl -X GET \
"https://api.whatsapp.com/v2/message-status?message_id=wamid.ABGS..." \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"Webhooks
Set up webhooks to receive real-time notifications about events in your WhatsApp Business account.
Setup Steps
- Create an HTTPS endpoint on your server that accepts POST requests
- Register the URL in the WhatsApp Developer Panel
- Verify the webhook by responding to the verification challenge
- Subscribe to the events you want to receive
Verification Example
WhatsApp will send a GET request with the following parameters:
GET /your-webhook-endpoint
?hub.mode=subscribe
&hub.verify_token=YOUR_VERIFY_TOKEN
&hub.challenge=RANDOM_STRINGYour server must respond with the hub.challenge value to complete verification.
Available Events
| Event | Description | Example Data |
|---|---|---|
| message | New message received | Contains ID, sender, message type and content |
| message_status | Change in status of sent message | Contains message ID, new status and timestamp |
| contact_update | Updated contact information | Contains number and new profile data |
Webhook Example
{
"object": "whatsapp_business_account",
"entry": [{
"id": "WHATSAPP_BUSINESS_ACCOUNT_ID",
"changes": [{
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "15555555555",
"phone_number_id": "PHONE_NUMBER_ID"
},
"contacts": [{
"profile": {
"name": "John Doe"
},
"wa_id": "15555551234"
}],
"messages": [{
"from": "15555551234",
"id": "wamid.ID",
"timestamp": "1520383572",
"text": {
"body": "Hello!"
},
"type": "text"
}]
},
"field": "messages"
}]
}]
}Security Best Practices
- Use HTTPS with valid certificates
- Implement signature verification to authenticate requests
- Use secure verification tokens
- Limit accepted request rate
- Log and monitor all incoming requests
Signature Verification
WhatsApp includes a X-Hub-Signature-256 header with SHA256 signature of the payload using your App Secret.
// Verification example in Node.js
const crypto = require('crypto');
function verifySignature(req, res, next) {
const signature = req.headers['x-hub-signature-256'];
const hmac = crypto.createHmac('sha256', process.env.APP_SECRET);
const digest = `sha256=${hmac.update(JSON.stringify(req.body)).digest('hex')}`;
if (signature !== digest) {
return res.status(401).send('Invalid signature');
}
next();
}Message Templates
Templates allow sending structured messages for notifications and customer service outside of an active conversation.
Template Types
| Type | Description | Components |
|---|---|---|
| Text | Text message with variables | Body, possibly with buttons |
| Media | Image, video or document with text | Header (media), body, buttons |
| Interactive | Lists or quick reply buttons | Body, buttons or option list |
Template Components
| Component | Description | Example |
|---|---|---|
| Header | First part of message (text or media) | Product image or title |
| Body | Main message content | Description with variables |
| Buttons | Call to action (up to 3) | "Buy now", "Talk to agent" |
Approval Process
All templates must be approved by WhatsApp before they can be used. The process typically takes 24-72 hours.
- Create the template in the WhatsApp Business Panel
- Wait for review and approval
- Receive email notification
- Use the approved template name in your API calls
Text Template Example
{
"name": "order_confirmation",
"language": "en",
"components": [
{
"type": "body",
"text": "Hello {{1}}, your order #{{2}} has been confirmed. It will be shipped on {{3}}."
},
{
"type": "button",
"sub_type": "quick_reply",
"index": 0,
"parameters": [
{
"type": "payload",
"payload": "track_order_12345"
}
]
}
]
}Usage Example
POST /v2/messages
{
"to": "15555551234",
"type": "template",
"template": {
"name": "order_confirmation",
"language": {
"code": "en"
},
"components": [
{
"type": "body",
"parameters": [
{"type": "text", "text": "John"},
{"type": "text", "text": "12345"},
{"type": "text", "text": "04/28/2025"}
]
}
]
}
}Common Errors
List of frequent errors and how to solve them when interacting with WhatsApp Business API.
| Code | Type | Description | Solution |
|---|---|---|---|
| 131030 | Authentication | Invalid or expired access token | Generate new token in developer panel |
| 132000 | Validation | Incorrect phone number format | Use international format (e.g. +14155552671) |
| 133000 | Limit | Rate limit exceeded | Wait or request limit increase |
| 134000 | Template | Template not approved or not found | Check name or wait for approval |
Troubleshooting Process
- Check the error code in the response
- Consult the official documentation
- Review your server logs
- Test with minimal data to isolate the problem
- If it persists, contact support with complete details
Error Logging
Implement a logging system that captures:
- Error timestamp
- Error code and message
- Request that generated the error
- Operation context
API Limits
| Resource | Limit | Notes |
|---|---|---|
| Messages per second | 50 | Varies by account level |
| Message size | 4096 characters | For text messages |
| Media files | 16MB (videos) | 5MB for images |
| Contacts per list | 256 | For interactive messages |
Frequently Asked Questions
Answers to common questions about WhatsApp Business API.
WhatsApp Business API is not directly available to everyone. You must work with an Official Solution Provider (BSP) like Twilio, MessageBird or 360dialog. These authorized partners can provide you access to the API after completing the business verification process.
WhatsApp has strict policies about promotional messages. You can only send promotional messages to users who have explicitly opted in to receive them, and you must use pre-approved templates. Transactional and customer service messages have fewer restrictions.
WhatsApp Business App is a mobile app designed for small businesses, with basic features like auto-replies and catalogs. WhatsApp Business API is an enterprise-grade scalable solution that allows integration with systems, advanced automation and high message volume, but requires an official provider and has no user interface of its own.
Yes, WhatsApp charges per conversation (24-hour session with a user). Fees vary by region and message type (transactional vs. promotional). Additionally, your Solution Provider (BSP) may charge additional service fees. Check with your BSP for specific details.
You must implement:
- Explicit consent to contact users
- Opt-out mechanisms (STOP, etc.)
- Clear privacy policy
- Secure data storage
- Processes to delete data when required
WhatsApp provides tools to help with compliance, but ultimate responsibility lies with your business.
Changelog
Version history and important changes in WhatsApp Business API.
Version 2.1 - April 2025
- New: Support for ephemeral messages (disappear after 24h)
- New: API for message reactions (👍, ❤️, etc.)
- Improvement: Increased character limit to 4096 for text messages
- Improvement: Webhooks for reaction and ephemeral message events
- Fixes: Synchronization issues with some BSP providers
Version 2.0 - January 2025
- New endpoint for survey messages
- Support for survey responses via webhook
- Template system improvements
Version 1.9 - October 2024
- Integration with WhatsApp Pay for payments
- Support for multiple currencies
- Authentication security improvements
Coming Soon (2025 Roadmap)
- Q3 2025: Support for AI-powered chatbots
- Q3 2025: Sentiment analysis on incoming messages
- Q4 2025: Integration with WhatsApp Communities
- Q4 2025: Support for advanced broadcast channels