API Keys
API keys authenticate your server’s outbound calls to the ChatYug External API. Keys are scoped to one WABA and are managed in the portal — not at account signup.
Approval workflow
API access requires a separate approval step after your WABA is active:
- Sign in to the ChatYug portal and open API Configuration.
- Click Generate New API Key and submit a request for your WABA. Optionally name the key (names must be unique per WABA).
- ChatYug operations reviews the request via an internal WhatsApp approval workflow.
- When approved, return to API Configuration and complete key generation.
- Copy the full key immediately — it is shown only once.
Key format
Issued keys use the prefix ck_ followed by 64 hexadecimal characters:
ck_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456
Expiration
Newly generated keys expire six months after creation. Expired keys return 401 Unauthorized. Submit a new approval request and generate a replacement key before expiry in production.
One-time display
The complete key string is displayed only at generation time. Store it in a secrets manager. If lost, revoke the key in the portal and start a new approval request — keys cannot be retrieved again.
Revoke and delete
From API Configuration you can revoke active keys (immediate effect on External API calls) or delete keys you no longer need. Revoked keys stop working instantly.
Using the key
Send the key as a Bearer token on every External API request:
Authorization: Bearer ck_your_api_key_here
Validate the key and list available phone numbers:
See Authentication for request-header details and the difference between API keys and webhook secrets.
Not the same as webhook secret
The API key is for your server → ChatYug requests. Inbound events ChatYug pushes to your HTTPS endpoint use a separate webhook secret configured in Webhook Settings. See Webhook Setup.