The WhatsApp Bot now includes a RESTful API server that allows you to send messages programmatically via HTTP requests.
The API server runs on port 3000 by default. You can change this by setting the API_PORT environment variable.
All API endpoints (except /health and /api/token/info) require authentication using a UUID token.
- On first startup, a unique token is automatically generated and saved to
data/api-token.json - Check the console logs when the bot starts - the token is displayed
- Check the file:
cat data/api-token.json
Include the token in your requests using one of these methods:
- Authorization Header (Recommended):
Authorization: Bearer YOUR_TOKEN_HERE- Request Body:
{
"token": "YOUR_TOKEN_HERE",
"message": "Hello"
}- Query Parameter:
POST /api/send?token=YOUR_TOKEN_HERE
GET /health
No authentication required. Check if the API server is online.
Response:
{
"success": true,
"status": "online",
"timestamp": "2025-11-13T10:30:00.000Z"
}GET /api/token/info
No authentication required. Get information about the token (but not the token itself).
Response:
{
"success": true,
"exists": true,
"createdAt": "2025-11-13T10:00:00.000Z",
"message": "Token exists. Check your data/api-token.json file or server logs for the actual token."
}POST /api/send
Authentication: Required
Send a WhatsApp message to a number or chat ID.
Request Body:
{
"message": "Hello from the API!",
"number": "YOUR_NUMBER"
}OR
{
"message": "Hello from the API!",
"chatId": "YOUR_NUMBER@c.us"
}Parameters:
message(required): The text message to sendnumber(optional): Phone number (will be formatted automatically)chatId(optional): WhatsApp chat ID (e.g.,YOUR_NUMBER@c.usfor direct message orYOUR_GROUP@g.usfor groups)
Response:
{
"success": true,
"message": "Message sent successfully",
"targetChatId": "YOUR_NUMBER@c.us",
"timestamp": "2025-11-13T10:30:00.000Z"
}GET /api/info
Authentication: Required
Get information about the WhatsApp client.
Response:
{
"success": true,
"client": {
"name": "Bot Name",
"number": "5516991234567",
"platform": "android",
"state": "CONNECTED"
},
"timestamp": "2025-11-13T10:30:00.000Z"
}1. Send message to a phone number:
curl -X POST http://localhost:3000/api/send \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{
"message": "Hello from API!",
"number": "YOUR_NUMBER"
}'2. Send message to a chat ID:
curl -X POST http://localhost:3000/api/send \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{
"message": "Hello group!",
"chatId": "YOUR_GROUP@g.us"
}'3. Check health:
curl http://localhost:3000/health4. Get client info:
curl http://localhost:3000/api/info \
-H "Authorization: Bearer YOUR_TOKEN_HERE"const axios = require('axios');
const API_URL = 'http://localhost:3000';
const API_TOKEN = 'YOUR_TOKEN_HERE';
async function sendMessage(number, message) {
try {
const response = await axios.post(`${API_URL}/api/send`, {
message: message,
number: number
}, {
headers: {
'Authorization': `Bearer ${API_TOKEN}`,
'Content-Type': 'application/json'
}
});
console.log('Message sent:', response.data);
return response.data;
} catch (error) {
console.error('Error:', error.response?.data || error.message);
throw error;
}
}
// Usage
sendMessage('YOUR_NUMBER', 'Hello from Node.js!');import requests
API_URL = 'http://localhost:3000'
API_TOKEN = 'YOUR_TOKEN_HERE'
def send_message(number, message):
headers = {
'Authorization': f'Bearer {API_TOKEN}',
'Content-Type': 'application/json'
}
data = {
'message': message,
'number': number
}
response = requests.post(f'{API_URL}/api/send', json=data, headers=headers)
if response.status_code == 200:
print('Message sent:', response.json())
else:
print('Error:', response.json())
return response.json()
# Usage
send_message('YOUR_NUMBER', 'Hello from Python!')401 Unauthorized - No token provided:
{
"success": false,
"error": "No token provided. Please include token in Authorization header, request body, or query parameter."
}403 Forbidden - Invalid token:
{
"success": false,
"error": "Invalid token"
}400 Bad Request - Missing required fields:
{
"success": false,
"error": "Message is required"
}503 Service Unavailable - WhatsApp client not ready:
{
"success": false,
"error": "WhatsApp client not initialized"
}500 Internal Server Error:
{
"success": false,
"error": "Failed to send message",
"details": "Error details here"
}- Keep your token secret - Never commit it to version control
- Use HTTPS in production with a reverse proxy (nginx, Apache, etc.)
- Firewall - Restrict access to the API port if needed
- Rate limiting - Consider adding rate limiting for production use
- Token rotation - You can regenerate the token by deleting
data/api-token.jsonand restarting the bot
The API server starts automatically when you run npm run pm2.
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}export API_PORT=3000 # Change API portAPI not responding:
- Check if the bot is running and connected
- Check the logs for any errors
- Verify the port is not blocked by a firewall
Authentication failing:
- Verify you're using the correct token from
data/api-token.json - Check the Authorization header format:
Bearer TOKEN
Messages not sending:
- Ensure the WhatsApp client is connected (check with
/api/info) - Verify the phone number format (numbers only, with country code)
- Check bot logs for detailed error messages