Create a session
Creates a new session — a slot for one WhatsApp number — in the caller's organization. Requires the `manage` capability. The session starts **unpaired**: no WhatsApp number is attached yet. To attach a number, link a device by scanning the QR code (`GET /sessions/{session}/qr`) or by requesting a phone pairing code (`POST /sessions/{session}/pairing-code`). **Side effects / async behavior.** When the request body sets `start: true`, the gateway begins QR pairing right away and the returned session reflects the early connecting state; pairing then proceeds asynchronously (watch the event stream for `auth.qr` and connection events). When `start` is omitted or false, the session is created stopped. **Not idempotent:** each call creates a distinct session. **Errors.** `validation_error` (400) — the body failed validation (e.g. an invalid field). `unauthorized` (401) — missing or invalid credentials. `forbidden` (403) — the caller lacks the `manage` capability. On success returns **201 Created** with the new session row.
Send Authorization: Bearer <token>. The router accepts two kinds of token and tries each in turn: a frontend-minted login JWT (verified against the frontend JWKS; the person's org + role are read from it), or an api-key for a script/service (carrying a fixed set of gateway permissions). The bearerFormat: JWT label describes the person-login case.
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
If true, incoming messages on this session are automatically marked as read (blue ticks). Optional; when omitted the gateway default applies.
Optional human-friendly name for the session, shown in dashboards and lists. Omit to create an unlabeled session.
If true, the session emits a "typing…" presence indicator to the recipient while it sends a message. Optional; when omitted the gateway default applies.
If true, begin QR pairing immediately on creation (the session transitions toward connecting and a QR code becomes available). If false (the default), the session is created stopped/unpaired and you start pairing later via the QR or pairing-code endpoints.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/v1/sessions" \ -H "Content-Type: application/json" \ -d '{}'{ "autoRead": false, "createdAt": 1719662400000, "createdByUserId": "user_01J9DEF...", "gatewayId": "gw-sg-1", "id": "01J9ZX8K2QHV0M3T6R7P4N5W8C", "isAdminSession": false, "label": "Support line", "lastConnectedAt": 1719662400000, "organizationId": "org_01J9ABC...", "phoneNumber": "6281234567890", "presenceTyping": true, "ratePerHour": 600, "ratePerMin": 20, "status": "working", "updatedAt": 1719662400000, "waJid": "6281234567890@s.whatsapp.net", "waLid": "205227043110953@lid"}{ "error": { "code": "not_found", "details": { "property1": null, "property2": null }, "message": "session not found" }}List sessions GET
Lists the sessions (attached WhatsApp numbers) belonging to the caller's organization. Requires the `manage` capability. Each item shows the session's current status, the attached number once paired, and which gateway currently holds it. The response is org-scoped — sessions in other organizations are never returned. **Pagination.** This list is returned in a single page (no cursor is consumed); the response carries a `nextCursor` field for forward compatibility, which is null when there are no further pages. **Errors.** `unauthorized` (401) — missing or invalid credentials. `forbidden` (403) — the caller lacks the `manage` capability.
Get a session GET
Returns one session by id, including its current status and — once paired — the attached WhatsApp number and the gateway that holds it. Requires the `manage` capability. **Org isolation.** A session that belongs to another organization is reported as `not_found` (404), **not** `forbidden`, so a caller cannot probe for the existence of other orgs' sessions. **Errors.** `not_found` (404) — no such session in your organization. `unauthorized` (401) / `forbidden` (403) — credential / capability failures.