WhatsApp HTTP API for Developers: Quick Start & Documentation

6 min readUpdated 11 July 2026

One REST endpoint, a Bearer token, and you are sending WhatsApp messages from your own code. The full quick start — request format, parameters, responses and webhooks.

The API in one sentence

App365 exposes a single authenticated HTTP endpoint that sends a WhatsApp message (text, or text + image) from one of your connected numbers to any recipient — callable from any language or tool that can make a POST request, with no official Business API onboarding, template approvals or per-message fees.

Authentication

Generate an API key on the API Integration page of your dashboard, then pass it as a Bearer token on every request. You will also need a device token — each connected WhatsApp number has one, shown on the Device Management page.

Authorization: Bearer YOUR_API_KEY

Send a message

POST to the send-message endpoint with the device token, recipient (full international format, e.g. 60123456789) and message text. Add image_url to attach an image.

curl -X POST https://app365.my/api/external/send-message \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "device_token": "your-device-token",
    "recipient": "60123456789",
    "message": "Hello from the API!",
    "image_url": "https://example.com/promo.jpg"
  }'

Parameters

  • device_token (string, required) — identifies which connected number sends the message; from Device Management
  • recipient (string, required) — phone number in international format without +, e.g. 60123456789
  • message (string, required) — the text content
  • image_url (string, optional) — public URL of an image to attach; the message becomes an image + caption

Responses and errors

  • Success returns JSON confirming the message was queued and sent
  • 401 — missing or invalid API key
  • 400 — validation error (missing device_token, recipient or message)
  • Trial devices cannot call the API — a paid plan is required
  • Repeated failed requests are rate-limited per IP, so handle errors rather than retrying blindly

Receiving replies: webhooks

Sending is half the loop. Set a webhook URL per device and App365 POSTs every incoming message to your server in real time — sender, text and media download link included — so your app can react to replies. See our webhook guide for the payload format.

What developers build with it

  • Order confirmations and shipping updates from an e-commerce backend
  • OTP and verification codes delivered to WhatsApp
  • CRM follow-ups triggered by pipeline stage changes
  • Internal alerts (server down, new lead, payment received) to a team number

FAQ

Is this the official WhatsApp Business API?

No — it is a direct API on your own connected number, so there is no Meta onboarding, template approval or per-message fee. You pay a flat plan (from RM1,200/year per device) and send via simple REST calls.

What languages can I use?

Any language that can make an HTTP POST — Node.js, PHP, Python, Go, Java, or even no-code tools that support webhooks/HTTP requests. See our code-examples article for ready snippets.

Is there a sandbox or trial for the API?

API access requires a paid plan (trial devices are excluded), but you can create an account, explore the dashboard and docs, and contact us to help you run a first test.

How do I send to multiple recipients?

The endpoint sends one message per call — loop your list, or use the dashboard’s bulk campaign features (with pacing and scheduling) for large sends.

Ready to put this into action?

App365 handles the blasting, warmup, auto-replies and opt-outs for you — built for Malaysian businesses.