Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/rahul-baberwal/django-meta-whatsapp/llms.txt

Use this file to discover all available pages before exploring further.

All REST API endpoints in django-meta-whatsapp use API key authentication. Pass your key in the X-API-Key request header on every call. Keys are generated and managed from the dashboard under Settings → API Keys (/whatsapp/settings/api-keys/).

Generating an API Key

  1. Open the dashboard at /whatsapp/
  2. Navigate to Settings → API Keys → Add Key
  3. Enter a descriptive name for the key (e.g. "Production Backend", "Mobile App")
  4. Copy the generated key and store it securely
Each key is backed by the WhatsAppAPIKey model with the following fields:
FieldTypeDescription
nameCharFieldHuman-readable label for identifying the key
keyCharField(max_length=64)UUID-based secret, unique, auto-generated on creation via uuid.uuid4
is_activeBooleanFieldKeys can be disabled without deleting, preserving audit history
created_atDateTimeFieldTimestamp when the key was created

Making Authenticated Requests

Include your API key in the X-API-Key header on every request: 
curl -X POST https://yourdomain.com/whatsapp/api/send-message/ \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"phone": "919876543210", "message": "Hello!"}'
Alternative — query parameter: You can also pass the key as ?api_key=your-key. This approach is less secure and should only be used for quick local testing, never in production. 
curl "https://yourdomain.com/whatsapp/api/chats/?api_key=your-api-key"
The authentication check (inside _APIAuth._ok()) accepts either form: it reads request.headers.get("X-API-Key") first, then falls back to request.GET.get("api_key"). The key is validated against active WhatsAppAPIKey records (is_active=True).

API Base URL

All endpoints are mounted under the URL prefix you chose when including the package URLs. Assuming you used: 
# urls.py
path("whatsapp/", include("django_meta_whatsapp.urls", namespace="django_meta_whatsapp")),
The REST API base is /whatsapp/api/. The full list of available REST endpoints:
MethodPathDescription
POST/whatsapp/api/send-message/Send a plain text message
POST/whatsapp/api/send-location/Send a location pin
POST/whatsapp/api/send-template/Send an approved template message
GET/whatsapp/api/chats/List recent conversations
GET/whatsapp/api/campaigns/List recent campaigns
POST/whatsapp/api/block/Block a contact
DELETE/whatsapp/api/unblock/Unblock a contact
GET/whatsapp/api/blocked/List all blocked contacts

Error Responses

StatusMeaning
401Missing or invalid API key
400Invalid request body or missing required fields
200Success
Example 401 response (returned when the X-API-Key header is absent or the key does not match an active record): 
{"error": "Unauthorized"}

Security Best Practices

  • Store keys in environment variables — never commit them to source code
  • Create separate keys for each application or environment (production, staging, CI)
  • Disable unused keys rather than deleting them, so audit logs remain intact
  • Rotate keys immediately if you suspect they have been exposed
Treat API keys like passwords. Anyone who holds a valid key can send messages from your WhatsApp Business Account. Rotate compromised keys immediately by disabling the old key and creating a new one in the dashboard.

Available Endpoints

Messaging API

Send text, location, and template messages via HTTP POST.

Campaigns API

List and monitor bulk campaign status and metrics.

Blocked Users API

Block, unblock, and list blocked WhatsApp contacts.

Python Utility Functions

Call send, campaign, and block helpers directly from Python code.

Build docs developers (and LLMs) love

Get started for freeTalk to us