Skip to main content

API Key Authentication

All v1 endpoints use API Key authentication. Pass your key in the X-Api-Key header: 
curl -X POST "https://api.whatabot.app/api/v1/sessions/flows/{flowId}/create" \
  -H "X-Api-Key: wh_your_api_key_here"
API keys are prefixed with wh_ and scoped to a workspace. Each key can have a callbackUrl where session responses are delivered via Webhook.

How to create an API Key

  1. Go to the WhataBot Dashboard
  2. Navigate to the Workspaces screen
  3. Click Edit on the desired workspace
  4. Go to the API tab
  5. Click Create API Key, set a name and the callbackUrl
  6. Copy the generated key (starts with wh_)
The API key is only shown once. Store it in a secure location.

Iframe Authentication

To embed the WhataBot flow editor in your app via iframe, you need an OAuth client (clientId + clientSecret). See the full Embed Authentication guide for instructions on how to create the client and the authentication flow.