WhatsApp Gateway
API referenceSessions

Get the connected account's own identity

Returns the WhatsApp identity of the number attached to this session — its JID, linked-device id, push name, and phone number. Requires the `manage` capability. **Precondition.** The session must be paired; if no number is attached yet, this returns `not_found` (404). On builds where this is not yet wired, it may return `not_implemented` (501). **Errors.** `not_found` (404) — session unknown or not yet paired. `not_implemented` (501) — the feature is stubbed in this build. `unauthorized` (401) / `forbidden` (403) — credential / capability failures.

GET
/api/v1/sessions/{session}/me

Authorization

AuthorizationBearer <token>

Send Authorization: Bearer <token>. The router accepts two kinds of token and tries each in turn: a frontend-minted login JWT (verified against the frontend JWKS; the person's org + role are read from it), or an api-key for a script/service (carrying a fixed set of gateway permissions). The bearerFormat: JWT label describes the person-login case.

In: header

Path Parameters

session*string

The session id — a session is one attached (or to-be-attached) WhatsApp number, scoped to your organization. A session in another organization is reported as not_found (404), never forbidden.

Response Body

application/json

application/json

curl -X GET "https://example.com/api/v1/sessions/sess_01HZX8K3M9/me"
{  "connected": true,  "phoneNumber": "string",  "sessionId": "string",  "status": "string",  "waJid": "string",  "waLid": "string"}
{  "error": {    "code": "not_found",    "details": {      "property1": null,      "property2": null    },    "message": "session not found"  }}

Delete a session DELETE

Permanently deletes a session and its stored data. Requires the `manage` capability. **Destructive and irreversible.** This removes the session row for good. If a WhatsApp number is still attached, log it out first (`POST /sessions/{session}:logout`) to unlink the device cleanly; deleting does not guarantee the device is unlinked on WhatsApp's side. **Idempotency.** Deleting a session that does not exist (or belongs to another org) returns `not_found` (404). **Errors.** `not_found` (404) — no such session in your organization. `unauthorized` (401) / `forbidden` (403) — credential / capability failures. Returns **204 No Content** on success.

Request a phone pairing code POST

Requests a pairing code to attach a number **without scanning a QR** — the alternative to the QR endpoint. Requires the `manage` capability. **Input.** Pass the target `phone` (international format, digits only, no leading + — e.g. `628123456789`) in the request body. **Output.** The response returns a short code such as `ABCD-1234` to enter in WhatsApp on that phone under Settings → Linked devices → Link a device → Link with phone number instead. **Precondition.** The session must be unpaired; requesting a code for an already-paired session returns an error. The code is short-lived — request a fresh one if it expires before use. **Errors.** `validation_error` (400) — missing or malformed `phone`, or the session is already paired. `not_found` (404) — no such session in your organization. `unauthorized` (401) / `forbidden` (403) — credential / capability failures.