WhatsApp Gateway
API referenceContacts

Block a contact

Tells WhatsApp to block this contact so they can no longer message the session. This is a **live action** against WhatsApp — the session must be **connected**. If the session is not connected the gateway responds `501` (`not_implemented`). The operation is **idempotent**: blocking an already-blocked contact succeeds with the same `204` and no additional effect. On success the response body is empty. **Auth:** requires the `send` capability. **Errors:** `404` (`not_found`) if the session does not exist or is not owned by the caller's organization; `501` (`not_implemented`) if the session is not connected.

POST
/api/v1/sessions/{session}/contacts/{jid}/block

Authorization

AuthorizationBearer <token>

Send Authorization: Bearer <token>. The router accepts two kinds of token and tries each in turn: a frontend-minted login JWT (verified against the frontend JWKS; the person's org + role are read from it), or an api-key for a script/service (carrying a fixed set of gateway permissions). The bearerFormat: JWT label describes the person-login case.

In: header

Path Parameters

session*string

The WhatsApp session id used to perform the live action. The session must be connected.

jid*string

A WhatsApp JID — the address of a user (e.g. "14155550123@s.whatsapp.net"), group ("...@g.us"), or channel. For contact picture/about/block/unblock this is the target user's JID.

Response Body

application/json

curl -X POST "https://example.com/api/v1/sessions/sess_01HZX/contacts/14155550123@s.whatsapp.net/block"
Empty
{  "error": {    "code": "not_found",    "details": {      "property1": null,      "property2": null    },    "message": "session not found"  }}

Get a contact's about text GET

Fetches the contact's "about" text — the short status line shown on their profile — from WhatsApp. This is a **live lookup** against WhatsApp — the session must be **connected**. If the session is not connected the gateway responds `501` (`not_implemented`). The `about` field may be an empty string when the contact has none or has restricted it by privacy settings. **Auth:** requires the `read` capability. **Errors:** `404` (`not_found`) if the session does not exist or is not owned by the caller's organization; `501` (`not_implemented`) if the session is not connected.

Get a contact's profile picture GET

Fetches the contact's current profile picture from WhatsApp and returns its URL and metadata. This is a **live lookup** against WhatsApp — the session must be **connected**. If the session is not connected the gateway responds `501` (`not_implemented`). The returned URL points at WhatsApp's CDN and is time-limited; fetch it promptly. **Auth:** requires the `read` capability. **Errors:** `404` (`not_found`) if the session does not exist or is not owned by the caller's organization (also returned when the contact has no accessible picture, depending on privacy settings); `501` (`not_implemented`) if the session is not connected.