Eocean WhatsApp Business Client APIs Collection



In order to use WhatsApp Business Account Client APIs, there are few pre requisites which you need to look first.


First you need to install Postman in your system.


We need to download a collection of WhatsApp Business APIs from GitHub first from the below link.
Once you downloaded the collection, go to the Postman application and import the downloaded files.
After importing the file, your postman should look like this as shown in picture below
Now select ‘WABiz Developer’ as the Environment from the dropdown on top right corner, like below:


The pre-configured ‘WABiz Developer’ environment contains a non-exhaustive set of variables that are referenced by the collection. It’s important for you to edit and replace some of these variables with your own values. You can reach the edit dialog by clicking the little eye button next to the environment dropdown and then clicking edit. See the portion of the screen on below figure.
The first thing you should replace is the URL which represents the webapp endpoint. You’ll see that all of the requests will reference this variable via URL .

Note: This URL endpoint will be provided to you by E-Ocean upon request

As you are calling the APIs from the collection, you will need to obtain and replace these values with valid ones. For example, the Login API will generate and return a token as a response. You will need to take this token and update the corresponding key with it as subsequent API calls will use this token for authentication.

1.3 SSL

All WhatsApp Business Application APIs require the use of HTTPS. Postman understands this and tried to do a SSL certificate handshake. You can bypass this by using insecure HTTPS. Go to Postman Settings, then to General Tab, and turning off SSL Certificate Verification. This is particularly important while testing with MacOS 10.15 Catalina, due to the way Apple manages SSL certificates at the operating system level.


After completing above steps, you can call WhatsApp Business APIs after editing the required fields in each API. The list of major WABA Client APIs are as follows:

1. Login-Admin API

The first and most important API of WhatsApp Business API is Login-Admin. After calling this API, you will receive an Authorization Token (AUTH Token) which later will be used for other APIs as a mandatory value in Header section.
There are two ways to call the Login-Admin API.

i) First Approach:

If this is the first time your instance has run you will need to change the root password and perform registration. Edit your environment and make sure to set these variables: AdminUsername, AdminPassword, and NewAdminPassword. The initial AdminUsername and AdminPassword are the factory defaults (“admin” and “secret” respectively). The NewAdminPassword is what you choose.
Look at the image (Figure 1.6) below and set Authorization to “Basic Auth” then fill in the username / password with the variables as shown. On the Body tab, “new_password” value should be filled from variable NewAdminPassword. Click Send to fire off the request and get the token from the response.
Note: The AdminUsername and AdminPassword will be provided by E-Ocean upon request.

ii) Second Approach:

You can also call Login-Admin API by providing the Credentials in Base64 format in Header section as shown in image (Figure 1.7) below.
The credentials will be converted into base 64 in below mentioned format Format: Basic base64(username:password)

Standard Login:

After you have set a new password, you can use a standard login for the WhatsApp Business API client, which should look like:
If you want to use the API in one of your applications, then the cURL version should look like:


When your login request is received by the WhatsApp Business API client, your credentials are processed for validation.
  • If successful, your token is generated. The response contains your token in the token field.
  • If not successful, an error is returned.


On success, a status of 200 OK is returned, along with the token and token expiration time. All generated tokens expire in 7 days.


If the request is not successful, you will see an HTTP status of 401 Unauthorized. This error generally means that the username and/or password that was sent with the login request is invalid, and thus the WhatsApp Business API client is unable to generate the token.
The response will look like the following example:
Once you get a successful result you need to copy that token value into your environment variables for AdminAuthToken. You can now change the AdminPassword to match the new password which was just set.

2. Send-Text-Message API

You’re now set to choose any of the APIs in the collection and start firing! You’ll need to start off with Login APIs to ensure you get the auth token to use in all other API calls. The APIs are conveniently ordered the same way they appear in the docs to make it easy to follow.
In below example, Recipient-WA-ID is actually the WhatsApp number of the receiver