Business API integration guide

1. Create an API key in the workspace Developer Console (owner-managed). The plain secret is shown once—store it in your secret manager or server environment.
2. Configure base URL on your server: use your HTTPS host plus /api/wazaj/business. Example production host: https://transuptech.online. Prefer reading the value from environment variables rather than hardcoding in client bundles.
3. Authenticate every request with the API key (see below). These routes do not use browser session cookies.
4. Send messages with POST…/messages/text or …/messages/template, always with Content-Type: application/json.
5. Handle errors and retries: treat 401, 403, 422, and 503 explicitly; use exponential backoff for transient failures.
6. Operate keys safely: rotate on a schedule and revoke immediately if a secret leaks.

Full API prefix for business messaging (example deployment): https://transuptech.online/api/wazaj/business

Concrete example (copy from the block below):

https://transuptech.online/api/wazaj/business

Replace with your own origin in code; the snippets below use $BASE_URL which expands to this example when you copy.

Business endpoints accept your API key in any of these forms:

• X-API-Key: wzj_…
• Authorization: Bearer wzj_…
• Authorization: ApiKey wzj_…

Missing, invalid, expired, or revoked keys receive 401.

Content-Type: application/json
X-API-Key: wzj_xxx

POST/messages/text

Full path: https://transuptech.online/api/wazaj/business/messages/text

Request body

Example JSON

{
  "to": "+50912345678",
  "body": "Hello from Wazaj API",
  "preview_url": false,
  "reply_to_meta_message_id": null
}

Success (200)

{
  "success": true,
  "message_id": 12345
}

cURL

curl -X POST "https://transuptech.online/api/wazaj/business/messages/text" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $WAZAJ_API_KEY" \
  -d '{
    "to": "+50912345678",
    "body": "Hello from Wazaj API",
    "preview_url": false
  }'

POST/messages/template

Same headers as text: Content-Type: application/json and your API key.

Request body

Example JSON

{
  "to": "+50912345678",
  "template_name": "order_update",
  "template_language": "en",
  "template_components": [
    {
      "type": "body",
      "parameters": [{ "type": "text", "text": "John" }]
    }
  ]
}

Success (200)

{
  "success": true,
  "message_id": 12346
}

cURL

curl -X POST "https://transuptech.online/api/wazaj/business/messages/template" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $WAZAJ_API_KEY" \
  -d '{
    "to": "+50912345678",
    "template_name": "order_update",
    "template_language": "en",
    "template_components": [
      {
        "type": "body",
        "parameters": [{ "type": "text", "text": "John" }]
      }
    ]
  }'

401 Unauthorized— missing or invalid API key.

{
  "success": false,
  "message": "Unauthorized"
}

403 Forbidden— account disconnected or blocked from sending.

{
  "success": false,
  "message": "Wazaj account disconnected"
}

422 Unprocessable Entity — validation or business rules (examples: billing_send_denied, templates_not_entitled).

{
  "success": false,
  "message": "Validation failed",
  "errors": {
    "to": ["The to field is required."]
  }
}

503 Service Unavailable— messaging module or downstream not ready. Retry with backoff.

1. Create an API key from the Developer Console.
2. Store the secret in a vault or server-only environment variable.
3. Call business endpoints only from server-to-server code.
4. Log non-2xx responses and implement retry/backoff where appropriate.
5. Rotate keys on a schedule; revoke immediately if compromised.