API Reference

Overview

The Wazelo CRM REST API lets you programmatically interact with contacts, conversations, messages, and campaigns. All requests require authentication via an API key.

Request format

All requests must include the following headers:

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json

Response format

All responses return JSON. Successful responses use HTTP 2xx status codes. Errors return 4xx or 5xx with an error object.

{
  "success": true,
  "data": { ... },
  "meta": {
    "page": 1,
    "limit": 20,
    "total": 145
  }
}

Authentication

Wazelo CRM uses API keys for authentication. Generate your key from Settings → API Keys in your dashboard. Keep your API key secret — treat it like a password.

Generating an API key

Go to Settings → API Keys → New Key. Give it a name and select the permission scope. Keys can be scoped to read-only, read-write, or specific resources.

Using the key

curl -X GET https://api.wazelo.in/v1/contacts \
  -H "Authorization: Bearer wzl_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Key rotation

Rotate your API key from the Settings panel at any time. The old key is immediately invalidated. Update your integrations before rotating in production.

Contacts

Manage your contact database — create, retrieve, update, tag, and delete contacts.

Messages

Send WhatsApp messages to contacts. You can send template messages at any time, and freeform messages within the 24-hour customer service window.

Conversations

Retrieve and manage conversations from your shared inbox.

Campaigns

Create and monitor broadcast campaigns programmatically.

Webhooks

Receive real-time event notifications by registering a webhook URL. Wazelo CRM sends a POST request to your endpoint when events occur.

Registering a webhook

Go to Settings → Webhooks → New Webhook. Enter your endpoint URL and select the events to subscribe to.

Supported events

Payload example — message.received

{
  "event": "message.received",
  "timestamp": "2025-04-19T10:14:33Z",
  "data": {
    "message_id": "msg_01HX9T7",
    "from": "919876543210",
    "contact_id": "cnt_01HX4K9",
    "conversation_id": "conv_01HX7Q1",
    "type": "text",
    "text": "Hi, I want to book a site visit",
    "received_at": "2025-04-19T10:14:33Z"
  }
}

Webhook security

Each webhook request includes an X-Wazelo-Signature header — an HMAC-SHA256 signature of the request body using your webhook secret. Always verify this before processing the payload.

const crypto = require("crypto");

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Error Codes

Wazelo CRM uses standard HTTP status codes. All error responses follow this format:

{
  "success": false,
  "error": {
    "code": "CONTACT_NOT_FOUND",
    "message": "No contact found with ID cnt_invalid",
    "status": 404
  }
}