go-whatsapp-multi-session-rest-api
Multi-session WhatsApp Web REST API server built on whatsmeow, providing device management and more.
820
A minimal REST API for WhatsApp Multi-Device and Multi-Session implementation built with Go and whatsmeow v0.0.0-20251217143725-11cf47c62d32ā . Supports multiple accounts and devices simultaneously with efficient memory use and production-ready deployments.
| Format | Link |
|---|---|
| š Interactive Docs | bump.sh/gdbrns/doc/go-whatsapp-multi-session-restā |
| š Swagger UI | http://localhost:7001/docs/ (when running) |
| š OpenAPI JSON | http://localhost:7001/docs/swagger.json |
| š OpenAPI YAML | http://localhost:7001/docs/swagger.yaml |
/docs//docs/, with consistent JSON error envelopes and request IDs for tracing.go.mod 1.24.5; use the latest stable toolchain)brew install ffmpeg
export CGO_CFLAGS_ALLOW="-Xpreprocessor"
sudo apt update
sudo apt install -y ffmpeg postgresql-client
This project publishes container images to:
ghiovanidebrians/go-whatsapp-multi-session-rest-api
vX.Y.Z, X.Y, and latest (updated on each new release tag)ghcr.io/gdbrns/go-whatsapp-multi-session-rest-api
latest (on main/master), sha-..., and also vX.Y.Z on release tagsExamples:
# Stable (recommended for production)
docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api:latest
docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api:v1.2.0
# Edge/dev (latest main)
docker pull ghcr.io/gdbrns/go-whatsapp-multi-session-rest-api:latest
version: '3.8'
services:
whatsapp-api:
image: ghiovanidebrians/go-whatsapp-multi-session-rest-api:latest
container_name: whatsapp-api
restart: always
ports:
- "7001:7001"
environment:
- ADMIN_SECRET_KEY=your-super-secret-admin-key-change-this
- JWT_SECRET_KEY=your-jwt-secret-key-at-least-32-chars
- SERVER_PORT=7001
- WHATSAPP_DATASTORE_TYPE=postgres
- WHATSAPP_DATASTORE_URI=postgres://whatsapp:secret@postgres:5432/whatsapp?sslmode=disable
postgres:
image: postgres:15
environment:
- POSTGRES_USER=whatsapp
- POSTGRES_PASSWORD=secret
- POSTGRES_DB=whatsapp
volumes:
- postgres-data:/var/lib/postgresql/data
volumes:
postgres-data:
Then run:
docker-compose up -d
# Clone repository
git clone https://github.com/gdbrns/go-whatsapp-multi-session-rest-api.git
cd go-whatsapp-multi-session-rest-api
# Install dependencies
go mod download
# Configure environment
cp .env.example .env
# Edit .env with your settings
# Build
go build -o whatsapp-api cmd/main/main.go
# Run
./whatsapp-api
Configuration can be set via:
.env file in the application directorySee Environment Variablesā section for all options.
# Using Docker
docker-compose up -d
# From source
go run cmd/main/main.go
Online Documentation (Recommended):
Local Documentation (when running):
http://localhost:7001/docs/http://localhost:7001/docs/swagger.jsonhttp://localhost:7001/docs/swagger.yaml# Create a new API key for a customer
curl -X POST "http://localhost:7001/admin/api-keys" \
-H "X-Admin-Secret: YOUR_ADMIN_SECRET" \
-H "Content-Type: application/json" \
-d '{
"customer_name": "Acme Corp",
"max_devices": 10
}'
# Response:
# {
# "status": true,
# "code": 201,
# "data": {
# "api_key": "wam_a1b2c3d4e5f6g7h8..."
# }
# }
# Create a new device using API key
curl -X POST "http://localhost:7001/devices" \
-H "X-API-Key: wam_a1b2c3d4e5f6g7h8..." \
-H "Content-Type: application/json" \
-d '{
"device_name": "Production Bot 1"
}'
# Response (SAVE BOTH device_secret AND token!):
# {
# "device_id": "550e8400-e29b-41d4-a716-446655440000",
# "device_secret": "a1b2c3d4e5f6g7h8...",
# "token": "eyJhbGciOiJIUzI1NiIs...",
# "message": "Use the token in Authorization header for all API calls."
# }
# Generate QR code for device login (using JWT token)
curl -X POST "http://localhost:7001/devices/me/login" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-F "output=json"
# Scan the QR code with your WhatsApp mobile app:
# WhatsApp > Settings > Linked Devices > Link a Device
# Send text message (using JWT token)
curl -X POST "http://localhost:7001/chats/[email protected]/messages" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "Content-Type: application/json" \
-d '{
"text": "Hello from WhatsApp API!"
}'
# Send image
curl -X POST "http://localhost:7001/chats/[email protected]/images" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-F "file=@/path/to/image.jpg" \
-F "caption=Check this out!"
# Send document (with optional caption)
curl -X POST "http://localhost:7001/chats/[email protected]/documents" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-F "file=@/path/to/document.pdf" \
-F "filename=document.pdf" \
-F "caption=Here is the document."
# Regenerate JWT token using device credentials
# This invalidates all previous tokens
curl -X POST "http://localhost:7001/devices/token" \
-H "Content-Type: application/json" \
-d '{
"device_id": "550e8400-e29b-41d4-a716-446655440000",
"device_secret": "a1b2c3d4e5f6g7h8..."
}'
# Response:
# {
# "device_id": "550e8400-e29b-41d4-a716-446655440000",
# "token": "eyJhbGciOiJIUzI1NiIs...(NEW TOKEN)",
# "message": "Token regenerated successfully. All previous tokens are now invalid."
# }
# Create a webhook
curl -X POST "http://localhost:7001/webhooks" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-server.com/webhook",
"events": ["message.received", "connection.connected"]
}'
| Category | Events |
|---|---|
| Messages (5) | message.received, message.delivered, message.read, message.played, message.deleted |
| Connection (6) | connection.connected, connection.disconnected, connection.logged_out, connection.reconnecting, connection.keepalive_timeout, connection.temporary_ban |
| Calls (4) | call.offer, call.accept, call.terminate, call.reject |
| Groups (4) | group.join, group.leave, group.participant_update, group.info_update |
| Newsletter (4) | newsletter.join, newsletter.leave, newsletter.message_received, newsletter.update |
| Polls (3) | poll.created, poll.vote, poll.update |
| Status (3) | status.posted, status.viewed, status.deleted |
| Media (2) | media.received, media.downloaded |
| Contact (2) | contact.update, blocklist.change |
| App State (2) | appstate.sync_complete, appstate.patch_received |
| History (1) | history.sync |
š See docs/WEBHOOK_EVENTS.mdā for detailed event payloads.
Organized by category with most commonly used endpoints first. All paths honor optional HTTP_BASE_URL (prefix not shown below). Total: 122 endpoints (123 when HTTP_BASE_URL is set because the index path is registered with and without a trailing slash).
Input & validation notes
0, digits only, 6-16 chars). Requests with invalid/unknown numbers return 4xx.chat_jid/sender_jid must be provided for message operations; missing values return 4xx.{status, code, message, data?} (and error for compatibility).X-Request-ID; you can supply your own header to correlate logs.| # | Method | Endpoint | Auth | Description |
|---|---|---|---|---|
| Admin Dashboard | ||||
| 1 | GET | /admin/stats | Admin | Get system statistics |
| 2 | GET | /admin/health | Admin | Get system health info |
| * | GET | /admin/whatsapp/version | Admin | Get WhatsApp Web version status |
| * | POST | /admin/whatsapp/version/refresh | Admin | Refresh WhatsApp Web version (query `force=true |
| 3 | GET | /admin/devices | Admin | List all devices (all API keys) |
| 4 | GET | /admin/devices/status | Admin | Get live connection status for all devices |
| 5 | POST | /admin/devices/reconnect | Admin | Reconnect all disconnected devices |
| 6 | GET | /admin/webhooks/stats | Admin | Get webhook delivery statistics |
| Admin (API Key Management) | ||||
| 7 | POST | /admin/api-keys | Admin | Create API key |
| 8 | GET | /admin/api-keys | Admin | List all API keys |
| 9 | GET | /admin/api-keys/{id} | Admin | Get API key details |
| 10 | PATCH | /admin/api-keys/{id} | Admin | Update API key |
| 11 | DELETE | /admin/api-keys/{id} | Admin | Delete API key |
| 12 | GET | /admin/api-keys/{id}/devices | Admin | List devices for API key |
| 13 | GET | /admin/api-keys/{id}/devices/status | Admin | Get live connection status for API key devices |
| 14 | DELETE | /admin/devices/{device_id} | Admin | Delete a device |
| Device Creation & Token | ||||
| 15 | POST | /devices | API-Key | Create device (returns JWT token) |
| 16 | POST | /devices/token | - | Regenerate JWT token |
| Device Operations (JWT Token) | ||||
| 17 | GET | /devices/me | JWT | Get current device info |
| 18 | GET | /devices/me/status | JWT | Get connection status |
| 19 | POST | /devices/me/login | JWT | Login via QR code |
| 20 | POST | /devices/me/login-code | JWT | Login with pairing code |
| 21 | POST | /devices/me/reconnect | JWT | Reconnect device |
| 22 | DELETE | /devices/me/session | JWT | Logout device |
| 23 | GET | /devices/me/contacts/{phone}/registered | JWT | Check if phone is registered |
| 24 | POST | /devices/me/passive | JWT | Set passive mode (reduce bandwidth) |
| User Management | ||||
| 25 | GET | /users/{user_jid} | JWT | Get user info |
| 26 | GET | /users/{user_jid}/profile-picture | JWT | Get user profile picture |
| 27 | POST | /users/{user_jid}/block | JWT | Block user |
| 28 | DELETE | /users/{user_jid}/block | JWT | Unblock user |
| 29 | GET | /users/me/privacy | JWT | Get privacy settings |
| 30 | PATCH | /users/me/privacy | JWT | Update privacy settings |
| 31 | GET | /users/me/status-privacy | JWT | Get status privacy |
| 32 | POST | /users/me/status | JWT | Update status/about |
| 33 | GET | /users/{jid}/devices | JWT | Get user's linked devices |
| 34 | POST | /users/me/profile-photo | JWT | Set profile photo |
| 35 | GET | /users/me/contacts | JWT | Get contacts |
| 36 | POST | /users/me/contacts/sync | JWT | Sync contacts |
| 37 | GET | /users/me/blocklist | JWT | Get blocklist |
| Contact QR (NEW) | ||||
| 38 | GET | /users/me/contact-qr | JWT | Get your contact QR link |
| 39 | GET | /users/contact-qr/{code} | JWT | Resolve contact QR code |
| Messaging | ||||
| 40 | POST | /chats/{chat_jid}/messages | JWT | Send text message |
| 41 | GET | /chats/{chat_jid}/messages | JWT | Get chat messages |
| 42 | POST | /chats/{chat_jid}/images | JWT | Send image |
| 43 | POST | /chats/{chat_jid}/videos | JWT | Send video |
| 44 | POST | /chats/{chat_jid}/audio | JWT | Send audio/voice note |
| 45 | POST | /chats/{chat_jid}/stickers | JWT | Send sticker (WebP) |
| 46 | POST | /chats/{chat_jid}/locations | JWT | Send location |
| 47 | POST | /chats/{chat_jid}/contacts | JWT | Send contact vCard |
| 48 | POST | /chats/{chat_jid}/documents | JWT | Send document |
| 49 | POST | /chats/{chat_jid}/archive | JWT | Archive/unarchive chat |
| 50 | POST | /chats/{chat_jid}/pin | JWT | Pin/unpin chat |
| Message Actions | ||||
| 51 | POST | /messages/{message_id}/read | JWT | Mark message as read |
| 52 | POST | /messages/{message_id}/reaction | JWT | React to message |
| 53 | PATCH | /messages/{message_id} | JWT | Edit message |
| 54 | DELETE | /messages/{message_id} | JWT | Delete message |
| 55 | POST | /messages/{message_id}/reply | JWT | Reply to message |
| 56 | POST | /messages/{message_id}/forward | JWT | Forward message |
| Polls | ||||
| 57 | POST | /chats/{chat_jid}/polls | JWT | Create poll |
| 58 | POST | /polls/{poll_id}/vote | JWT | Vote on poll |
| 59 | GET | /polls/{poll_id}/results | JWT | Get poll results |
| 60 | DELETE | /polls/{poll_id} | JWT | Delete poll |
| Calls (NEW) | ||||
| 61 | POST | /calls/reject | JWT | Reject incoming call |
| Business (NEW) | ||||
| 62 | GET | /business/{jid}/profile | JWT | Get business profile |
| 63 | GET | /business/link/{code} | JWT | Resolve wa.me/message link |
| Bots (NEW) | ||||
| 64 | GET | /bots | JWT | List available WhatsApp bots |
| 65 | GET | /bots/profiles | JWT | Get bot profiles |
| Group Management | ||||
| 66 | GET | /groups | JWT | List all groups with members |
| 67 | POST | /groups | JWT | Create group |
| 68 | GET | /groups/{group_jid} | JWT | Get group info |
| 69 | POST | /groups/{group_jid}/leave | JWT | Leave group |
| 70 | PATCH | /groups/{group_jid}/name | JWT | Update group name |
| 71 | PATCH | /groups/{group_jid}/description | JWT | Update group description |
| 72 | POST | /groups/{group_jid}/photo | JWT | Update group photo |
| 73 | GET | /groups/{group_jid}/invite-link | JWT | Get invite link |
| 74 | PATCH | /groups/{group_jid}/settings | JWT | Update group settings |
| 75 | GET | /groups/{group_jid}/participant-requests | JWT | Get join requests |
| 76 | POST | /groups/{group_jid}/join-approval | JWT | Set join approval mode |
| 77 | GET | /groups/invite/{invite_code} | JWT | Preview group from invite |
| 78 | POST | /groups/{group_jid}/join-invite | JWT | Join group via invite |
| 79 | PATCH | /groups/{group_jid}/member-add-mode | JWT | Set member add mode |
| 80 | PATCH | /groups/{group_jid}/topic | JWT | Update group topic |
| 81 | POST | /groups/{parent_group_jid}/link/{group_jid} | JWT | Link subgroup |
| 82 | DELETE | /groups/{parent_jid}/link/{child_jid} | JWT | Unlink subgroup (NEW) |
| 83 | GET | /groups/{community_jid}/linked-participants | JWT | Get community members |
| 84 | GET | /groups/{community_jid}/subgroups | JWT | List community subgroups |
| 85 | POST | /groups/{group_jid}/participants | JWT | Add participants |
| 86 | DELETE | /groups/{group_jid}/participants | JWT | Remove participants |
| 87 | POST | /groups/{group_jid}/requests/approve | JWT | Approve join requests |
| 88 | POST | /groups/{group_jid}/requests/reject | JWT | Reject join requests |
| 89 | POST | /groups/{group_jid}/admins | JWT | Promote to admin |
| 90 | DELETE | /groups/{group_jid}/admins | JWT | Demote from admin |
| Presence & Status | ||||
| 91 | POST | /chats/{chat_jid}/presence | JWT | Send typing/recording indicator |
| 92 | POST | /presence/status | JWT | Update availability status |
| 93 | POST | /presence/subscribe | JWT | Subscribe to presence updates (NEW) |
| 94 | PATCH | /chats/{chat_jid}/disappearing-timer | JWT | Set disappearing messages timer |
| App State | ||||
| 95 | GET | /app-state/{name} | JWT | Fetch app state |
| 96 | POST | /app-state | JWT | Send app state patch |
| 97 | POST | /app-state/mark-clean | JWT | Mark app state as clean |
| Webhooks | ||||
| 98 | GET | /webhooks | JWT | List webhooks |
| 99 | POST | /webhooks | JWT | Create webhook |
| 100 | GET | /webhooks/{webhook_id} | JWT | Get webhook details |
| 101 | PATCH | /webhooks/{webhook_id} | JWT | Update webhook |
| 102 | DELETE | /webhooks/{webhook_id} | JWT | Delete webhook |
| 103 | GET | /webhooks/{webhook_id}/logs | JWT | Get webhook logs |
| 104 | POST | /webhooks/{webhook_id}/test | JWT | Test webhook |
| Newsletter/Channels | ||||
| 105 | GET | /newsletters | JWT | List subscribed newsletters |
| 106 | POST | /newsletters | JWT | Create newsletter |
| 107 | GET | /newsletters/{jid} | JWT | Get newsletter info |
| 108 | POST | /newsletters/{jid}/follow | JWT | Follow newsletter |
| 109 | DELETE | /newsletters/{jid}/follow | JWT | Unfollow newsletter |
| 110 | GET | /newsletters/{jid}/messages | JWT | Get newsletter messages |
| 111 | POST | /newsletters/{jid}/messages | JWT | Send newsletter message |
| 112 | POST | /newsletters/{jid}/reaction | JWT | React to newsletter message |
| 113 | POST | /newsletters/{jid}/mute | JWT | Toggle newsletter mute |
| 114 | POST | /newsletters/{jid}/viewed | JWT | Mark messages viewed |
| 115 | GET | /newsletters/invite/{code} | JWT | Get info from invite |
| 116 | POST | /newsletters/{jid}/live | JWT | Subscribe to live updates |
| 117 | POST | /newsletters/{jid}/photo | JWT | Update newsletter photo |
| 118 | GET | /newsletters/{jid}/updates | JWT | Get message updates (NEW) |
| 119 | POST | /newsletters/tos/accept | JWT | Accept TOS notice (NEW) |
| Status/Stories | ||||
| 120 | POST | /status | JWT | Post status (text/image/video) |
| 121 | GET | /status | JWT | Get status updates |
| 122 | DELETE | /status/{status_id} | JWT | Delete status |
| 123 | GET | /status/{user_jid} | JWT | Get user status |
| System | ||||
| 124 | GET | / | - | Server status |
| 125 | GET | /docs/* | - | Swagger UI |
| 126 | GET | /docs/swagger.json | - | OpenAPI JSON spec |
| 127 | GET | /docs/swagger.yaml | - | OpenAPI YAML spec |
Authentication Types:
X-Admin-Secret headerX-API-Key headerAuthorization: Bearer <token> headerThis API uses a JWT Token authentication system optimized for high-volume operations (1000+ sessions with non-stop messaging).
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā ADMIN (X-Admin-Secret) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā GET /admin/stats ā System statistics (API keys, devices) ā
ā GET /admin/health ā System health (memory, uptime, DB status) ā
ā GET /admin/whatsapp/version ā WhatsApp Web version status ā
ā P
Content type
Image
Digest
sha256:9aa5eccbfā¦
Size
17.9 MB
Last updated
7 months ago
docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api