API Management

WizMessage provides a developer-friendly API that lets you connect your existing systems — your e-commerce store, CRM, helpdesk, or custom application — to drive chatbot actions, manage contacts, and send bulk messages programmatically. From this screen, you generate and manage API keys with enterprise-grade security: keys are hashed for safe storage, secrets are shown only once, and you can restrict access by IP whitelist and enforce rate and daily request limits. Set up outbound webhooks to receive real-time events (message received, delivered, read) with signature verification, and use the built-in Playground to test live API calls directly from your browser before writing any integration code.

API & Webhook Architecture

Admin

Generate Keys

Admin creates API key and secret.

System

Event Occurs

Message sent or delivered triggers a webhook.

Developer

Integrate API

Developer uses keys in external software.

System

Webhook Delivery

Payload signed and sent to developer server (up to 5 retries).

Admin

Generate Keys

Admin creates API key and secret.

Developer

Integrate API

Developer uses keys in external software.

System

Event Occurs

Message sent or delivered triggers a webhook.

System

Webhook Delivery

Payload signed and sent to developer server (up to 5 retries).

📊 Plan Requirement: API Management requires Wiz Bot or Wiz Pro. API calls and webhook deliveries are unlimited — no monthly message cap applies to API usage.

What you can do here

Generate API Keys — create secure API keys (pk_live_...) and single-view secrets (sk_live_...) to connect external systems.
Rotate Secrets — if compromised, regenerate your secret while keeping the public key intact to avoid full code refactoring.
Enforce IP Whitelisting — define a comma-separated list of allowed IP addresses to block unauthorized requests.
Set Usage Limits — mitigate abuse by defining rate limits (requests per minute) and daily absolute caps.
Configure Webhooks — set up outbound webhooks with a signature token (whsec_...) to receive real-time events (sent, delivered, received).
Test in the Playground — use the built-in, in-browser Playground to execute live test calls using your templates and contacts before writing code.

Generate API Keys

Create secure public and secret key pairs

Rotate Secrets

Regenerate secrets without breaking key IDs

IP Whitelisting

Restrict access to allowed IP addresses

Usage Limits

Enforce rate and daily request limits

Webhooks

Real-time events with signature verification

API Playground

Test live calls directly in your browser

How to manage your API

Your API Integration Workflow

Step 1

Generate Keys

Create a new API key, set rate limits and IP whitelists, and copy the Secret Key (it is only shown once).

Step 2

Test in Playground

Open the Playground tab, select your key, configure message parameters, and send a live test request.

Step 3

Configure Webhooks

Set up a webhook URL to receive events, and use the generated Webhook Secret to verify payload signatures.

Step 1

Generate Keys

Create a new API key, set rate limits and IP whitelists, and copy the Secret Key (it is only shown once).

Step 2

Test in Playground

Open the Playground tab, select your key, configure message parameters, and send a live test request.

Step 3

Configure Webhooks

Set up a webhook URL to receive events, and use the generated Webhook Secret to verify payload signatures.

Tip: Treat API keys like passwords. Never commit them to Git repositories or hardcode them in frontend code. If a key is leaked, revoke or rotate it immediately.

Technical Configuration Details

Our API enforces strict enterprise-grade security and rate limiting.

API Key Security

API Key Format: Prefixed with pk_live_ (e.g., pk_live_abcd1234...). The first 12 characters are plain text for identification; the full key is hashed via SHA-256.
API Secret Format: Prefixed with sk_live_ (e.g., sk_live_xyz9876...). Shown only once upon creation.
Rate Limit: Maximum allowed requests per minute per key (defaults to 60).
Daily Limit: Hard daily cap on total requests per key (defaults to 1000).

Outbound Webhooks

Webhook Secret: Automatically generates a signature token prefixed with whsec_ (e.g., whsec_abc123...).
Signature Verification: Every webhook contains a X-WizMessage-Signature header (HMAC-SHA256 signature of the raw body using your whsec_ secret).
Event Subscriptions: Subscribe to specific events like message.received, message.sent, delivery.updated, or listen to all.
Retry Logic: Failed webhook deliveries are retried with delays up to 5 attempts.

Making the Most of the API

The API turns WizMessage from a standalone tool into a connected part of your business operations.

15-25%

Of abandoned carts recovered using automated WhatsApp reminders

140×

Return on investment for an online brand using cart recovery

40-70%

Reduction in "Where is my order?" tickets using order webhooks

How top teams use the API

Playbook: High-Return Integrations

Sales

Cart Recovery

Connect your e-commerce store to send a WhatsApp reminder 30–45 minutes after cart abandonment. Yields far better recovery than email.

Support

Order Updates

Send automated status updates (packed, shipped, delivered) to drastically reduce routine support tickets.

Operations

CRM Sync

Sync every interaction back to HubSpot, Zoho, or Salesforce so sales and support teams share a unified customer view.

Real-World Results

An e-commerce sports brand integrated cart recovery, order updates, and CRM syncing and tracked the results:

3× increase in overall conversion rate.
23% cart recovery (vs. 8% industry average for email).
35% reduction in support costs.
Customer satisfaction improved from 3.2 to 4.6 out of 5.

Measured improvements with API Integrations

Cart Recovery Rate

8% (Email)23%

Support Ticket Volume

Baseline-40%

Customer Satisfaction

3.2 / 54.6 / 5

Industry case studies: e-commerce sports brand

Bot Settings — The chatbot behavior driven by your API.
Message Settings — Monitor limits and accounts that your keys act on.
WhatsApp Templates — Choose which pre-approved message layouts are sent via API.

API & Webhook Architecture

Generate Keys

Event Occurs

Integrate API

Webhook Delivery

Generate Keys

Integrate API

Event Occurs

Webhook Delivery

Generate API Keys

Rotate Secrets

IP Whitelisting

Usage Limits

Webhooks

API Playground

Your API Integration Workflow

Generate Keys

Test in Playground

Configure Webhooks

Generate Keys

Test in Playground

Configure Webhooks

Playbook: High-Return Integrations

Cart Recovery

Order Updates

CRM Sync

Measured improvements with API Integrations

Continue Learning

Bot Escalations

Excluded Numbers

Flow Builder

API & Webhook Architecture

Generate Keys

Event Occurs

Integrate API

Webhook Delivery

Generate Keys

Integrate API

Event Occurs

Webhook Delivery

Generate API Keys

Rotate Secrets

IP Whitelisting

Usage Limits

Webhooks

API Playground

Your API Integration Workflow

Generate Keys

Test in Playground

Configure Webhooks

Generate Keys

Test in Playground

Configure Webhooks

Playbook: High-Return Integrations

Cart Recovery

Order Updates

CRM Sync

Measured improvements with API Integrations