API & Webhooks
BotWave exposes a REST API and outbound webhooks so you can integrate it with your own systems โ CRMs, ticketing, analytics, alerting.
Getting an API Key
- Dashboard โ Settings โ API Keys
- Click Generate new key
- Copy the key (shown once). Treat it like a password.
Authentication
Send the key as a bearer token:
bash
curl -H "Authorization: Bearer $BOTWAVE_API_KEY" \
https://www.botwave.online/api/v1/sessionsCommon Endpoints
| Method | Path | Use |
|---|---|---|
| GET | /api/v1/sessions | List your sessions |
| POST | /api/v1/messages | Send a message via a session |
| GET | /api/v1/messages?session=... | List recent messages |
| POST | /api/v1/webhooks | Register an outbound webhook |
| DELETE | /api/v1/webhooks/{id} | Remove a webhook |
Sending a Message
bash
curl -X POST https://www.botwave.online/api/v1/messages \
-H "Authorization: Bearer $BOTWAVE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"session_id": "sess_abc123",
"to": "120363025xxxxxx@g.us",
"text": "Hello from the BotWave API!"
}'Webhooks
Register a URL and BotWave will POST every incoming event to it. Payload:
json
{
"event": "message.received",
"session_id": "sess_abc123",
"from": "+15551234567",
"group_id": "120363025xxxxxx@g.us",
"text": "Hi bot",
"timestamp": "2026-05-22T10:31:46Z"
}Supported events: message.received, message.sent, session.connected, session.disconnected, member.joined, member.left.
Rate Limits
| Plan | Requests / minute | Webhook event rate |
|---|---|---|
| Free | 60 | 30 / min |
| Pro | 600 | 300 / min |
| Business | 6,000 | Unlimited fair-use |
Signing & Verification
Webhook requests include an X-Botwave-Signature header (HMAC-SHA256 of the body using your webhook secret). Always verify before trusting the payload.
js
import crypto from 'node:crypto';
const sig = req.headers['x-botwave-signature'];
const expected = crypto
.createHmac('sha256', process.env.BOTWAVE_WEBHOOK_SECRET)
.update(req.rawBody)
.digest('hex');
if (sig !== expected) return res.status(401).end();