Skip to main content
POST
/
webhooks
Create or Update Webhook
curl --request POST \
  --url https://app.wachat.net/api/v1/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://example.com/wachat/webhook",
  "id": 12,
  "name": "Production webhook",
  "events": [
    "messages.upsert",
    "connection.update"
  ],
  "instanceName": "t1_mq9r2jov_jakarta_store",
  "enabled": true,
  "secret": "whsec_your_custom_secret"
}
'
{
  "success": true,
  "webhook": {
    "id": 12,
    "name": "Production webhook",
    "url": "https://example.com/wachat/webhook",
    "events": [
      "messages.upsert",
      "connection.update"
    ],
    "enabled": true,
    "secret": "whsec_••••abcdef",
    "instance": {
      "instanceName": "jakarta_store",
      "displayName": "jakarta_store",
      "apiInstanceName": "t1_mq9r2jov_jakarta_store",
      "internalName": "t1_mq9r2jov_jakarta_store"
    },
    "createdAt": "2026-06-13T08:00:00.000Z",
    "updatedAt": "2026-06-13T08:00:00.000Z"
  }
}
Create a webhook endpoint for your Wachat account. Webhooks can listen to all instances or only one specific apiInstanceName. Supported events: 
*
messages.upsert
messages.update
contacts.update
chats.update
qrcode.updated
connection.update

curl -X POST "https://app.wachat.net/api/v1/webhooks" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production webhook",
    "url": "https://example.com/wachat/webhook",
    "instanceName": "t1_mq9r2jov_jakarta_store",
    "events": ["messages.upsert", "connection.update"],
    "enabled": true
  }'
To receive events from all instances, omit instanceName.

Delivery Headers

Every webhook delivery includes these headers: 
X-Wachat-Event
X-Wachat-Timestamp
X-Wachat-Signature
X-Wachat-Webhook-Id
X-Wachat-Signature is an HMAC-SHA256 signature of: 
timestamp.raw_json_body
using your webhook secret.
The webhook URL must use HTTPS. The secret is returned when creating/updating a webhook. Store it securely.

Authorizations

Authorization
string
header
required

Authenticate your integration payloads by injecting your premium secure Wachat Account API Private Secret Key inside standard Authorization Bearer header vectors.

Body

application/json
url
string
required

HTTPS endpoint that will receive Wachat webhook deliveries.

Example:

"https://example.com/wachat/webhook"

id
integer

Existing webhook id. Include this to update a webhook.

Example:

12

name
string
Example:

"Production webhook"

events
enum<string>[]
Available options:
*,
messages.upsert,
messages.update,
contacts.update,
chats.update,
qrcode.updated,
connection.update
Example:
["messages.upsert", "connection.update"]
instanceName
string

Optional API instance name. Omit this to receive events for all instances in the account.

Example:

"t1_mq9r2jov_jakarta_store"

enabled
boolean
default:true
Example:

true

secret
string

Optional custom webhook secret. If omitted, Wachat generates one.

Example:

"whsec_your_custom_secret"

Response

Webhook updated successfully.

success
boolean
Example:

true

webhook
object