Quixess

Platform

Growth EngineBrand IntelligenceContent StudioBlog WriterSocial HubAnalytics

Solutions

Real EstateAgenciesEcommerceLocal ServicesCreators
PricingDevelopersBlogContact
Sign InStart Free →
Developer API

Send messages. Receive events.
From your own backend.

A scoped HTTP API for WhatsApp Business — send OTPs, send templates, send free-form replies, query message history, and receive signed webhook events. Built for tenant backends, signup services, and support tooling.

Get an API keyJump to reference

WhatsApp Business Cloud API

Production-grade Meta Cloud API integration. We handle the WABA setup, token rotation, and signature verification — you call REST.

Scoped API keys

Each key is bound to one brand and one set of scopes. A signup key can only send OTPs, never read messages.

Reliable webhooks

Versioned Quixess-shaped event envelopes, HMAC-signed, retried with exponential backoff. Replay any failed delivery.

Idempotent writes

Pass Idempotency-Key on any send. Same key within 24h returns the original response — safe to retry from your queue.

Quickstart

Three steps to your first WhatsApp send.

1

Mint an API key

Open Settings → API Keys in the dashboard. Pick a brand to bind the key to, select the scopes you need (e.g. whatsapp:send_otp), and copy the qxs_… secret — it's shown only once.

2

Submit a template

Most sends require a Meta-approved template. Submit one at WhatsApp → Templates — the OTP authentication preset approves in ~1 hour. List your approved templates via GET /external/templates.

3

Send your first OTP

POST to /api/v1/whatsapp/external/send/otp with the recipient phone and code. The brand is resolved from your API key — never sent in the request body.

Sample request

curl -X POST 'https://api.quixess.com/api/v1/whatsapp/external/send/otp' \
  -H 'X-API-Key: qxs_YOUR_KEY' \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: 7c4a8d09-ca37-4d1b-a5b3-9f8e2c1d4e6f' \
  -d '{"to": "+12818184370", "code": "482913", "template_name": "signup_otp"}'
Webhooks

Receive every event at your URL

When a customer messages your WhatsApp Business number, we forward a canonical event envelope to the webhook URL you configured at connection time. HMAC-signed, retried with exponential backoff (1s → 5s → 30s → 2m → 10m → 1h → 6h), and replayable via the dashboard.

Inbound message event

POST https://api.bordercart.com/webhooks/quixess
Content-Type: application/json
X-Quixess-Event-Id: evt_01HFXYZ...
X-Quixess-Event-Type: message.received
X-Quixess-Signature-256: sha256=...

{
  "id": "evt_01HFXYZ...",
  "type": "message.received",
  "version": "1",
  "occurred_at": "2026-05-15T10:30:00Z",
  "delivered_at": "2026-05-15T10:30:00.234Z",
  "brand_id": "...",
  "data": {
    "wa_message_id": "wamid.HBgL...",
    "from": { "phone": "12818184370", "name": "Frank" },
    "to": { "phone_number_id": "...", "waba_id": "..." },
    "type": "text",
    "content": { "body": "Hi there" },
    "reply_to": null
  }
}
message.received

Inbound message from a customer — text, image, voice note, button tap, location, reaction.

message.delivered

Outbound delivery confirmation (sent → delivered).

message.read

Customer opened the message (blue tick).

message.failed

Send failed. data.errors carries Meta's error code + reason.

template.status_changed

Meta approved / rejected / paused a template you submitted.

call.received

Inbound WhatsApp call (when Business Calling API is approved on your WABA).

API Reference

The full external WhatsApp surface — 12 endpoints, 7 scopes, cursor pagination, idempotency. Every endpoint authenticates with X-API-Key. Click an endpoint to expand its full request/response reference.

Base URLhttps://social-api.quixess.com

Authentication

Pass the API key in the X-API-Key request header on every call.

X-API-Key: qxs_dZ4VJbDi...

Mint keys at /app/settings/api-keys in the dashboard. Each key is bound to one brand at creation — you can't override that brand from the request body.

Available scopes

  • whatsapp:send_otpWhatsApp · Send OTP
  • whatsapp:send_templateWhatsApp · Send Template
  • whatsapp:replyWhatsApp · Reply (text / media / quote)
  • whatsapp:read_templatesWhatsApp · Read Templates
  • whatsapp:read_messagesWhatsApp · Read Messages
  • whatsapp:read_conversationsWhatsApp · Read Conversations
  • whatsapp:manage_webhooksWhatsApp · Manage Webhook Events

Endpoints (11)

Common errors

StatusMeaningFix
401Missing or invalid X-API-Key header.Verify you copied the full qxs_… secret and that the key has not been revoked.
403The key is valid but does not have the required scope.Recreate the key with the right scope checked, or extend it from this page.
400Validation error or brand-not-bound.For WhatsApp scopes, ensure the key has a brand binding. Otherwise check the response body for the missing field.
404Resource not found — no active WhatsApp connection, or the template+language combo is not in the cache.Reconnect the WABA or call POST /whatsapp/templates/sync to refresh the template cache after Meta approval.
409Template exists but is not yet APPROVED.Wait for Meta approval (~1h for AUTH, ~24h for UTILITY/MARKETING). Status updates land via the webhook.
502Meta returned an error (wrapped in whatsapp_error.error).Inspect the response body — common Meta errors include 131008 (button parameter missing) and 132000 (template not approved).

Build your WhatsApp integration today

Already signed up for Quixess Social? Mint a key in the dashboard and you're a single curl call away from your first WhatsApp send.

Get your API keyOr sign up