Authentication

ChatYug External API requests are authenticated with a Bearer API key prefixed ck_.

Need to obtain a key? API keys require portal approval and generation. See the full workflow in API Keys.

Authorization header

Include the key on every External API request (except the public health check at GET /api/external/test):

Authorization: Bearer ck_your_api_key_here

Key format

Keys use the prefix ck_ followed by 64 hexadecimal characters. Example shape:

ck_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456

Validate your key

GET /api/external/me

Returns userId, wabaId, businessName, and phoneNumbers[] for the key’s WABA. See Testing & IDs for a full response example.

One key, one WABA

Each API key is scoped to a single WhatsApp Business Account. Use the phone number IDs from GET /me as phoneNumberId in send requests.

Webhook secret is separate

The API key authenticates outbound requests from your server to ChatYug. Inbound webhooks use a separate secret configured in the portal. See Webhook Setup and Signature Verification.

Expired or revoked keys

Expired keys return 401. Revoked keys stop working immediately. Generate a replacement through the portal approval workflow — see API Keys.