WhatsApp API Code Examples: Node.js, PHP & Python

5 min readUpdated 11 July 2026

Working snippets for sending a WhatsApp message via the App365 API from Node.js, PHP and Python. Same endpoint, same JSON body — pick your language and paste.

The request every snippet makes

All three examples POST the same JSON to the same endpoint. You need two values from your dashboard: an API key (API Integration page) and a device token (Device Management page). Recipient numbers use full international format, e.g. 60123456789.

Node.js (built-in fetch)

const res = await fetch('https://app365.my/api/external/send-message', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    device_token: 'your-device-token',
    recipient: '60123456789',
    message: 'Hello from Node.js!',
  }),
})
console.log(await res.json())

PHP (cURL)

$ch = curl_init('https://app365.my/api/external/send-message');
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => [
    'Authorization: Bearer YOUR_API_KEY',
    'Content-Type: application/json',
  ],
  CURLOPT_POSTFIELDS => json_encode([
    'device_token' => 'your-device-token',
    'recipient'    => '60123456789',
    'message'      => 'Hello from PHP!',
  ]),
]);
echo curl_exec($ch);

Python (requests)

import requests

r = requests.post(
    'https://app365.my/api/external/send-message',
    headers={'Authorization': 'Bearer YOUR_API_KEY'},
    json={
        'device_token': 'your-device-token',
        'recipient': '60123456789',
        'message': 'Hello from Python!',
    },
)
print(r.json())

Sending an image

Add an image_url field (a public URL) to any of the bodies above and the message is delivered as an image with your text as the caption.

"image_url": "https://example.com/promo.jpg"

Production tips

  • Store the API key in an environment variable, never in source code
  • Check the JSON response and log failures — repeated failed calls are rate-limited per IP
  • Loop with a small delay for multi-recipient sends, or use the dashboard’s paced bulk campaigns instead
  • Pair with a per-device webhook to receive replies in your own system

FAQ

Do I need an SDK or library?

No. It is a plain REST endpoint — the standard HTTP client in your language (fetch, cURL, requests) is all you need.

Why am I getting 401 Unauthorized?

The Authorization header must be exactly "Bearer YOUR_API_KEY" with a valid key from the API Integration page. Also confirm the device belongs to the same account as the key.

Can I use this from Laravel, Express or Django?

Yes — the snippets drop straight into any framework. It is just an authenticated POST with a JSON body.

Ready to put this into action?

App365 handles the blasting, warmup, auto-replies and opt-outs for you — built for Malaysian businesses.