ghiovanidebrians/go-whatsapp-multi-session-rest-api

By ghiovanidebrians

•Updated 7 months ago

Multi-session WhatsApp Web REST API server built on whatsmeow, providing device management and more.

Image
Message queues
API management
Machine learning & AI
0

820

ghiovanidebrians/go-whatsapp-multi-session-rest-api repository overview

⁠Go WhatsApp Multi-Session REST API

release version Docker Image Go Report Card License: MIT whatsmeow API Docs

A minimal REST API for WhatsApp Multi-Device and Multi-Session implementation built with Go and whatsmeow v0.0.0-20251217143725-11cf47c62d32⁠. Supports multiple accounts and devices simultaneously with efficient memory use and production-ready deployments.

ā šŸ“š API Documentation

FormatLink
🌐 Interactive Docsbump.sh/gdbrns/doc/go-whatsapp-multi-session-rest⁠
šŸ“– Swagger UIhttp://localhost:7001/docs/ (when running)
šŸ“„ OpenAPI JSONhttp://localhost:7001/docs/swagger.json
šŸ“„ OpenAPI YAMLhttp://localhost:7001/docs/swagger.yaml

ā šŸ“‹ Table of Contents

⁠✨ Features

  • šŸ” Multi-Session Support - Handle multiple WhatsApp accounts simultaneously
  • šŸ“± Multi-Device Support - Up to 4 devices per WhatsApp account
  • šŸŽ« JWT Token Authentication - Stateless, high-performance authentication for 1000+ sessions
  • šŸš€ 120+ Production-Ready Endpoints - Full whatsmeow coverage including all media types
  • šŸ“Ø Rich Messaging - Text, images, videos, audio, stickers, locations, contacts, documents
  • šŸ“Š Polls - Create polls, vote, and receive real-time results via webhooks
  • šŸ“° Newsletter/Channels - Full channel support - create, follow, message, react, TOS acceptance
  • šŸ“± Status/Stories - Post and manage WhatsApp Status updates
  • šŸ“ž Call Handling - Reject incoming WhatsApp calls programmatically
  • šŸ’¼ Business Profiles - Get business profiles and resolve wa.me/message links
  • šŸ¤– WhatsApp AI Bots - List and get profiles of available WhatsApp bots
  • šŸ“² Contact QR Codes - Generate and resolve contact QR links
  • šŸ‘ļø Presence Subscriptions - Subscribe to user online/offline/typing status
  • 🌳 RESTful Architecture - Hierarchical resource-based routes
  • šŸ‘„ Group Management - Full CRUD for groups, participants, admins, community unlinking
  • šŸ”„ Message Operations - Edit, react, delete, reply, forward, mark read
  • šŸ“Š Presence & Status - Online status, typing indicators, disappearing messages, passive mode
  • šŸ”„ App State Synchronization - Fetch, send, and manage app state patches
  • šŸ“œ Message History Sync - Request and download message history on demand
  • 🌐 Per-Device Proxy - Configure HTTP proxy per device (overrides global setting)
  • šŸ““ Passive Mode - Read-only mode to reduce bandwidth usage
  • šŸ”„ Advanced Media Retry - Handle media retry notifications automatically
  • šŸ” WA Web Version Auto-Refresh - Auto-refreshes WhatsApp Web version to handle "client outdated" during pairing
  • 🧯 Startup Reconnect Storm Protection - Concurrency limit + jitter + retry/backoff for 100s of sessions
  • šŸ”” Push Notifications - Register for push notifications (reuses webhook system)
  • šŸŖ Webhook Integration - 35+ event types with real-time notifications and retry support
  • šŸ—ļø Production Ready - Docker support, environment configuration, logging
  • šŸ“– OpenAPI/Swagger - Interactive API documentation at /docs/
  • šŸ”‘ Admin Dashboard Ready - Manage API keys and devices with admin endpoints
  • šŸ“ˆ Admin Dashboard APIs - System stats, health monitoring, device status, batch reconnect

ā šŸ’” Why Teams Choose This API

  • Stateless speed: JWT-first flow eliminates per-request database lookups for messaging throughput.
  • Auto-resilience: Devices restore and reconnect on startup with health checks for steady uptime (includes "client outdated" WA Web version auto-refresh).
  • Operational control: Admin endpoints manage API keys, devices, and webhook delivery visibility.
  • Webhook reliability: Built-in workers, retries, and per-device quotas keep downstream systems in sync.
  • Deployment-ready: Docker-compose defaults, environment-first config, and structured logging out of the box.
  • Developer experience: Full Swagger (JSON/YAML) at /docs/, with consistent JSON error envelopes and request IDs for tracing.

ā šŸ“‹ Requirements

⁠System Requirements
  • Go: 1.24 or higher (matches go.mod 1.24.5; use the latest stable toolchain)
  • PostgreSQL: Primary datastore for sessions and app metadata
  • FFmpeg: For media processing (optional but recommended)
⁠Platform Support
  • āœ… Linux (x86_64, ARM64)
  • āœ… macOS (Intel, Apple Silicon)
  • āœ… Windows (x86_64) - WSL recommended for better compatibility
⁠Dependencies
⁠Mac OS
brew install ffmpeg
export CGO_CFLAGS_ALLOW="-Xpreprocessor"
⁠Linux (Debian/Ubuntu)
sudo apt update
sudo apt install -y ffmpeg postgresql-client
⁠Windows
  • Install FFmpeg from official website⁠
  • Add FFmpeg to environment PATH
  • Note: WSL (Windows Subsystem for Linux) is recommended

ā šŸš€ Installation

⁠Images & Tags

This project publishes container images to:

  • Docker Hub (stable releases): ghiovanidebrians/go-whatsapp-multi-session-rest-api
    • Tags: vX.Y.Z, X.Y, and latest (updated on each new release tag)
  • GitHub Container Registry (edge/dev): ghcr.io/gdbrns/go-whatsapp-multi-session-rest-api
    • Tags: latest (on main/master), sha-..., and also vX.Y.Z on release tags

Examples:

# Stable (recommended for production)
docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api:latest
docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api:v1.2.0

# Edge/dev (latest main)
docker pull ghcr.io/gdbrns/go-whatsapp-multi-session-rest-api:latest
⁠Docker Compose
version: '3.8'

services:
  whatsapp-api:
    image: ghiovanidebrians/go-whatsapp-multi-session-rest-api:latest
    container_name: whatsapp-api
    restart: always
    ports:
      - "7001:7001"
    environment:
      - ADMIN_SECRET_KEY=your-super-secret-admin-key-change-this
      - JWT_SECRET_KEY=your-jwt-secret-key-at-least-32-chars
      - SERVER_PORT=7001
      - WHATSAPP_DATASTORE_TYPE=postgres
      - WHATSAPP_DATASTORE_URI=postgres://whatsapp:secret@postgres:5432/whatsapp?sslmode=disable

  postgres:
    image: postgres:15
    environment:
      - POSTGRES_USER=whatsapp
      - POSTGRES_PASSWORD=secret
      - POSTGRES_DB=whatsapp
    volumes:
      - postgres-data:/var/lib/postgresql/data

volumes:
  postgres-data:

Then run:

docker-compose up -d
⁠From Source
# Clone repository
git clone https://github.com/gdbrns/go-whatsapp-multi-session-rest-api.git
cd go-whatsapp-multi-session-rest-api

# Install dependencies
go mod download

# Configure environment
cp .env.example .env
# Edit .env with your settings

# Build
go build -o whatsapp-api cmd/main/main.go

# Run
./whatsapp-api

ā āš™ļø Configuration

Configuration can be set via:

  1. Environment variables (highest priority)
  2. .env file in the application directory
  3. Default values (lowest priority)

See Environment Variables⁠ section for all options.

ā šŸ“– How to Use

⁠1. Start the Application
# Using Docker
docker-compose up -d

# From source
go run cmd/main/main.go
⁠2. Access API Documentation

Online Documentation (Recommended):

Local Documentation (when running):

  • Swagger UI: http://localhost:7001/docs/
  • OpenAPI JSON: http://localhost:7001/docs/swagger.json
  • OpenAPI YAML: http://localhost:7001/docs/swagger.yaml
⁠3. Create an API Key (Admin)
# Create a new API key for a customer
curl -X POST "http://localhost:7001/admin/api-keys" \
  -H "X-Admin-Secret: YOUR_ADMIN_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
    "customer_name": "Acme Corp",
    "max_devices": 10
  }'

# Response:
# {
#   "status": true,
#   "code": 201,
#   "data": {
#     "api_key": "wam_a1b2c3d4e5f6g7h8..."
#   }
# }
⁠4. Create a Device (Customer)
# Create a new device using API key
curl -X POST "http://localhost:7001/devices" \
  -H "X-API-Key: wam_a1b2c3d4e5f6g7h8..." \
  -H "Content-Type: application/json" \
  -d '{
    "device_name": "Production Bot 1"
  }'

# Response (SAVE BOTH device_secret AND token!):
# {
#   "device_id": "550e8400-e29b-41d4-a716-446655440000",
#   "device_secret": "a1b2c3d4e5f6g7h8...",
#   "token": "eyJhbGciOiJIUzI1NiIs...",
#   "message": "Use the token in Authorization header for all API calls."
# }
⁠5. Login via QR Code
# Generate QR code for device login (using JWT token)
curl -X POST "http://localhost:7001/devices/me/login" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -F "output=json"

# Scan the QR code with your WhatsApp mobile app:
# WhatsApp > Settings > Linked Devices > Link a Device
⁠6. Send a Message
# Send text message (using JWT token)
curl -X POST "http://localhost:7001/chats/[email protected]/messages" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Hello from WhatsApp API!"
  }'

# Send image
curl -X POST "http://localhost:7001/chats/[email protected]/images" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -F "file=@/path/to/image.jpg" \
  -F "caption=Check this out!"

# Send document (with optional caption)
curl -X POST "http://localhost:7001/chats/[email protected]/documents" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -F "file=@/path/to/document.pdf" \
  -F "filename=document.pdf" \
  -F "caption=Here is the document."
⁠7. Regenerate Token (When Needed)
# Regenerate JWT token using device credentials
# This invalidates all previous tokens
curl -X POST "http://localhost:7001/devices/token" \
  -H "Content-Type: application/json" \
  -d '{
    "device_id": "550e8400-e29b-41d4-a716-446655440000",
    "device_secret": "a1b2c3d4e5f6g7h8..."
  }'

# Response:
# {
#   "device_id": "550e8400-e29b-41d4-a716-446655440000",
#   "token": "eyJhbGciOiJIUzI1NiIs...(NEW TOKEN)",
#   "message": "Token regenerated successfully. All previous tokens are now invalid."
# }
⁠8. Webhook Configuration
# Create a webhook
curl -X POST "http://localhost:7001/webhooks" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhook",
    "events": ["message.received", "connection.connected"]
  }'
⁠Webhook Events Summary (31 Event Types)
CategoryEvents
Messages (5)message.received, message.delivered, message.read, message.played, message.deleted
Connection (6)connection.connected, connection.disconnected, connection.logged_out, connection.reconnecting, connection.keepalive_timeout, connection.temporary_ban
Calls (4)call.offer, call.accept, call.terminate, call.reject
Groups (4)group.join, group.leave, group.participant_update, group.info_update
Newsletter (4)newsletter.join, newsletter.leave, newsletter.message_received, newsletter.update
Polls (3)poll.created, poll.vote, poll.update
Status (3)status.posted, status.viewed, status.deleted
Media (2)media.received, media.downloaded
Contact (2)contact.update, blocklist.change
App State (2)appstate.sync_complete, appstate.patch_received
History (1)history.sync

šŸ“– See docs/WEBHOOK_EVENTS.md⁠ for detailed event payloads.

ā šŸ“š API Endpoints

⁠All Endpoints

Organized by category with most commonly used endpoints first. All paths honor optional HTTP_BASE_URL (prefix not shown below). Total: 122 endpoints (123 when HTTP_BASE_URL is set because the index path is registered with and without a trailing slash).

Input & validation notes

  • Phone numbers must be in international format (no leading 0, digits only, 6-16 chars). Requests with invalid/unknown numbers return 4xx.
  • chat_jid/sender_jid must be provided for message operations; missing values return 4xx.
  • All errors are JSON with {status, code, message, data?} (and error for compatibility).
  • Every response carries X-Request-ID; you can supply your own header to correlate logs.
#MethodEndpointAuthDescription
Admin Dashboard
1GET/admin/statsAdminGet system statistics
2GET/admin/healthAdminGet system health info
*GET/admin/whatsapp/versionAdminGet WhatsApp Web version status
*POST/admin/whatsapp/version/refreshAdminRefresh WhatsApp Web version (query `force=true
3GET/admin/devicesAdminList all devices (all API keys)
4GET/admin/devices/statusAdminGet live connection status for all devices
5POST/admin/devices/reconnectAdminReconnect all disconnected devices
6GET/admin/webhooks/statsAdminGet webhook delivery statistics
Admin (API Key Management)
7POST/admin/api-keysAdminCreate API key
8GET/admin/api-keysAdminList all API keys
9GET/admin/api-keys/{id}AdminGet API key details
10PATCH/admin/api-keys/{id}AdminUpdate API key
11DELETE/admin/api-keys/{id}AdminDelete API key
12GET/admin/api-keys/{id}/devicesAdminList devices for API key
13GET/admin/api-keys/{id}/devices/statusAdminGet live connection status for API key devices
14DELETE/admin/devices/{device_id}AdminDelete a device
Device Creation & Token
15POST/devicesAPI-KeyCreate device (returns JWT token)
16POST/devices/token-Regenerate JWT token
Device Operations (JWT Token)
17GET/devices/meJWTGet current device info
18GET/devices/me/statusJWTGet connection status
19POST/devices/me/loginJWTLogin via QR code
20POST/devices/me/login-codeJWTLogin with pairing code
21POST/devices/me/reconnectJWTReconnect device
22DELETE/devices/me/sessionJWTLogout device
23GET/devices/me/contacts/{phone}/registeredJWTCheck if phone is registered
24POST/devices/me/passiveJWTSet passive mode (reduce bandwidth)
User Management
25GET/users/{user_jid}JWTGet user info
26GET/users/{user_jid}/profile-pictureJWTGet user profile picture
27POST/users/{user_jid}/blockJWTBlock user
28DELETE/users/{user_jid}/blockJWTUnblock user
29GET/users/me/privacyJWTGet privacy settings
30PATCH/users/me/privacyJWTUpdate privacy settings
31GET/users/me/status-privacyJWTGet status privacy
32POST/users/me/statusJWTUpdate status/about
33GET/users/{jid}/devicesJWTGet user's linked devices
34POST/users/me/profile-photoJWTSet profile photo
35GET/users/me/contactsJWTGet contacts
36POST/users/me/contacts/syncJWTSync contacts
37GET/users/me/blocklistJWTGet blocklist
Contact QR (NEW)
38GET/users/me/contact-qrJWTGet your contact QR link
39GET/users/contact-qr/{code}JWTResolve contact QR code
Messaging
40POST/chats/{chat_jid}/messagesJWTSend text message
41GET/chats/{chat_jid}/messagesJWTGet chat messages
42POST/chats/{chat_jid}/imagesJWTSend image
43POST/chats/{chat_jid}/videosJWTSend video
44POST/chats/{chat_jid}/audioJWTSend audio/voice note
45POST/chats/{chat_jid}/stickersJWTSend sticker (WebP)
46POST/chats/{chat_jid}/locationsJWTSend location
47POST/chats/{chat_jid}/contactsJWTSend contact vCard
48POST/chats/{chat_jid}/documentsJWTSend document
49POST/chats/{chat_jid}/archiveJWTArchive/unarchive chat
50POST/chats/{chat_jid}/pinJWTPin/unpin chat
Message Actions
51POST/messages/{message_id}/readJWTMark message as read
52POST/messages/{message_id}/reactionJWTReact to message
53PATCH/messages/{message_id}JWTEdit message
54DELETE/messages/{message_id}JWTDelete message
55POST/messages/{message_id}/replyJWTReply to message
56POST/messages/{message_id}/forwardJWTForward message
Polls
57POST/chats/{chat_jid}/pollsJWTCreate poll
58POST/polls/{poll_id}/voteJWTVote on poll
59GET/polls/{poll_id}/resultsJWTGet poll results
60DELETE/polls/{poll_id}JWTDelete poll
Calls (NEW)
61POST/calls/rejectJWTReject incoming call
Business (NEW)
62GET/business/{jid}/profileJWTGet business profile
63GET/business/link/{code}JWTResolve wa.me/message link
Bots (NEW)
64GET/botsJWTList available WhatsApp bots
65GET/bots/profilesJWTGet bot profiles
Group Management
66GET/groupsJWTList all groups with members
67POST/groupsJWTCreate group
68GET/groups/{group_jid}JWTGet group info
69POST/groups/{group_jid}/leaveJWTLeave group
70PATCH/groups/{group_jid}/nameJWTUpdate group name
71PATCH/groups/{group_jid}/descriptionJWTUpdate group description
72POST/groups/{group_jid}/photoJWTUpdate group photo
73GET/groups/{group_jid}/invite-linkJWTGet invite link
74PATCH/groups/{group_jid}/settingsJWTUpdate group settings
75GET/groups/{group_jid}/participant-requestsJWTGet join requests
76POST/groups/{group_jid}/join-approvalJWTSet join approval mode
77GET/groups/invite/{invite_code}JWTPreview group from invite
78POST/groups/{group_jid}/join-inviteJWTJoin group via invite
79PATCH/groups/{group_jid}/member-add-modeJWTSet member add mode
80PATCH/groups/{group_jid}/topicJWTUpdate group topic
81POST/groups/{parent_group_jid}/link/{group_jid}JWTLink subgroup
82DELETE/groups/{parent_jid}/link/{child_jid}JWTUnlink subgroup (NEW)
83GET/groups/{community_jid}/linked-participantsJWTGet community members
84GET/groups/{community_jid}/subgroupsJWTList community subgroups
85POST/groups/{group_jid}/participantsJWTAdd participants
86DELETE/groups/{group_jid}/participantsJWTRemove participants
87POST/groups/{group_jid}/requests/approveJWTApprove join requests
88POST/groups/{group_jid}/requests/rejectJWTReject join requests
89POST/groups/{group_jid}/adminsJWTPromote to admin
90DELETE/groups/{group_jid}/adminsJWTDemote from admin
Presence & Status
91POST/chats/{chat_jid}/presenceJWTSend typing/recording indicator
92POST/presence/statusJWTUpdate availability status
93POST/presence/subscribeJWTSubscribe to presence updates (NEW)
94PATCH/chats/{chat_jid}/disappearing-timerJWTSet disappearing messages timer
App State
95GET/app-state/{name}JWTFetch app state
96POST/app-stateJWTSend app state patch
97POST/app-state/mark-cleanJWTMark app state as clean
Webhooks
98GET/webhooksJWTList webhooks
99POST/webhooksJWTCreate webhook
100GET/webhooks/{webhook_id}JWTGet webhook details
101PATCH/webhooks/{webhook_id}JWTUpdate webhook
102DELETE/webhooks/{webhook_id}JWTDelete webhook
103GET/webhooks/{webhook_id}/logsJWTGet webhook logs
104POST/webhooks/{webhook_id}/testJWTTest webhook
Newsletter/Channels
105GET/newslettersJWTList subscribed newsletters
106POST/newslettersJWTCreate newsletter
107GET/newsletters/{jid}JWTGet newsletter info
108POST/newsletters/{jid}/followJWTFollow newsletter
109DELETE/newsletters/{jid}/followJWTUnfollow newsletter
110GET/newsletters/{jid}/messagesJWTGet newsletter messages
111POST/newsletters/{jid}/messagesJWTSend newsletter message
112POST/newsletters/{jid}/reactionJWTReact to newsletter message
113POST/newsletters/{jid}/muteJWTToggle newsletter mute
114POST/newsletters/{jid}/viewedJWTMark messages viewed
115GET/newsletters/invite/{code}JWTGet info from invite
116POST/newsletters/{jid}/liveJWTSubscribe to live updates
117POST/newsletters/{jid}/photoJWTUpdate newsletter photo
118GET/newsletters/{jid}/updatesJWTGet message updates (NEW)
119POST/newsletters/tos/acceptJWTAccept TOS notice (NEW)
Status/Stories
120POST/statusJWTPost status (text/image/video)
121GET/statusJWTGet status updates
122DELETE/status/{status_id}JWTDelete status
123GET/status/{user_jid}JWTGet user status
System
124GET/-Server status
125GET/docs/*-Swagger UI
126GET/docs/swagger.json-OpenAPI JSON spec
127GET/docs/swagger.yaml-OpenAPI YAML spec

Authentication Types:

  • Admin: X-Admin-Secret header
  • API-Key: X-API-Key header
  • JWT: Authorization: Bearer <token> header
  • -: No authentication required

ā šŸ” Authentication Flow

This API uses a JWT Token authentication system optimized for high-volume operations (1000+ sessions with non-stop messaging).

⁠Architecture Overview
ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”
│                           ADMIN (X-Admin-Secret)                            │
ā”œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¤
│  GET  /admin/stats             → System statistics (API keys, devices)      │
│  GET  /admin/health            → System health (memory, uptime, DB status)  │
│  GET  /admin/whatsapp/version   → WhatsApp Web version status                │
│  P

Tag summary

Content type

Image

Digest

sha256:9aa5eccbf…

Size

17.9 MB

Last updated

7 months ago

docker pull ghiovanidebrians/go-whatsapp-multi-session-rest-api