Skip to main content

Authentication

WazzAPI supports two authentication mechanisms depending on your use case.

API Key Authentication

API key authentication is the standard method for programmatic access and server-to-server integrations.
This is the recommended method for most developers building backend integrations.

How It Works

Include your API key in the Authorization header of every request:
Authentication Header
Authorization: Bearer YOUR_API_KEY

Example Request

cURL
curl -X POST https://api.wazzapi.io/api/v1/messages \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Managing Keys

You can create and manage API keys from the Dashboard.
  • Keys are scoped to your organization.
  • Keys respect your subscription limits.
  • You can revoke keys at any time if compromised.
Never expose your API keys in client-side code (browsers, mobile apps). Always proxy requests through your own backend.

Session Authentication

Session-based authentication is used exclusively for the WazzAPI web dashboard. If you are building an extension or a frontend that runs within the WazzAPI dashboard context, the session is handled automatically via cookies. You do not need to manually handle tokens.

Troubleshooting

Common authentication errors:
Error CodeMeaningSolution
401 UnauthorizedInvalid or missing keyCheck your Authorization header format.
403 ForbiddenInsufficient permissionsVerify the key belongs to the correct organization.