WhatsApp HTTP API for Developers: Quick Start & Documentation
One REST endpoint, a Bearer token, and you are sending WhatsApp messages from your own code. The full quick start — request format, parameters, responses and webhooks.
The API in one sentence
App365 exposes a single authenticated HTTP endpoint that sends a WhatsApp message (text, or text + image) from one of your connected numbers to any recipient — callable from any language or tool that can make a POST request, with no official Business API onboarding, template approvals or per-message fees.
Authentication
Generate an API key on the API Integration page of your dashboard, then pass it as a Bearer token on every request. You will also need a device token — each connected WhatsApp number has one, shown on the Device Management page.
Authorization: Bearer YOUR_API_KEY
Send a message
POST to the send-message endpoint with the device token, recipient (full international format, e.g. 60123456789) and message text. Add image_url to attach an image.
curl -X POST https://app365.my/api/external/send-message \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"device_token": "your-device-token",
"recipient": "60123456789",
"message": "Hello from the API!",
"image_url": "https://example.com/promo.jpg"
}'Parameters
- device_token (string, required) — identifies which connected number sends the message; from Device Management
- recipient (string, required) — phone number in international format without +, e.g. 60123456789
- message (string, required) — the text content
- image_url (string, optional) — public URL of an image to attach; the message becomes an image + caption
Responses and errors
- Success returns JSON confirming the message was queued and sent
- 401 — missing or invalid API key
- 400 — validation error (missing device_token, recipient or message)
- Trial devices cannot call the API — a paid plan is required
- Repeated failed requests are rate-limited per IP, so handle errors rather than retrying blindly
Receiving replies: webhooks
Sending is half the loop. Set a webhook URL per device and App365 POSTs every incoming message to your server in real time — sender, text and media download link included — so your app can react to replies. See our webhook guide for the payload format.
What developers build with it
- Order confirmations and shipping updates from an e-commerce backend
- OTP and verification codes delivered to WhatsApp
- CRM follow-ups triggered by pipeline stage changes
- Internal alerts (server down, new lead, payment received) to a team number
FAQ
Is this the official WhatsApp Business API?
No — it is a direct API on your own connected number, so there is no Meta onboarding, template approval or per-message fee. You pay a flat plan (from RM1,200/year per device) and send via simple REST calls.
What languages can I use?
Any language that can make an HTTP POST — Node.js, PHP, Python, Go, Java, or even no-code tools that support webhooks/HTTP requests. See our code-examples article for ready snippets.
Is there a sandbox or trial for the API?
API access requires a paid plan (trial devices are excluded), but you can create an account, explore the dashboard and docs, and contact us to help you run a first test.
How do I send to multiple recipients?
The endpoint sends one message per call — loop your list, or use the dashboard’s bulk campaign features (with pacing and scheduling) for large sends.
Ready to put this into action?
App365 handles the blasting, warmup, auto-replies and opt-outs for you — built for Malaysian businesses.