WhatsGate API

Appearance

Authentication

All API requests to the WhatsGate API require authentication using an API token. This page explains how to authenticate your requests.

API Tokens

API tokens are used to authenticate your requests to the WhatsGate API. Each token is associated with your account and has access to all the devices linked to that account.

Creating an API Token

To create an API token, follow these steps:

  1. Log in to your WhatsGate dashboard
  2. Navigate to the "API Tokens" section in the sidebar
  3. Click the "Create Token" button
  4. Enter a name for your token (e.g., "Production API", "Testing", etc.)
  5. Click "Create" to generate your token

For more detailed instructions, see the Creating an API Token guide.

Using Your Token

To authenticate your API requests, include your token in the Access-Token header:

Access-Token: your_api_token_here

Example Request

bash
curl -X POST \
  https://{subdomain}.whatsgate.net/api/send/text \
  -H 'Access-Token: your_api_token_here' \
  -H 'Content-Type: application/json' \
  -d '{
    "sender_device": "123456789",
    "phone": "987654321",
    "message": "Hello, this is a test message"
}'

Authentication Errors

If your authentication fails, you'll receive a 403 Forbidden response with an error message:

json
{
  "message": "an Access-Token is required"
}

or

json
{
  "message": "invalid Access-Token"
}

Security Best Practices

To keep your API tokens secure:

  1. Never share your tokens: Keep your API tokens confidential and never share them publicly
  2. Use environment variables: Store tokens in environment variables, not in your code
  3. Create separate tokens: Use different tokens for different applications or environments
  4. Regenerate tokens periodically: Regularly regenerate your tokens for enhanced security
  5. Delete unused tokens: Remove tokens you no longer need to minimize security risks

Token Permissions

Currently, all API tokens have full access to all API endpoints and devices associated with your account. More granular permissions may be added in future updates.

Token Expiration

API tokens do not expire automatically. They remain valid until you delete them or regenerate them.

Next Steps

Now that you understand how to authenticate your API requests, you can:

Released under the MIT License.

Copyright © 2025 WhatsGate