Using WhatsApp via API

Despite all data protection concerns, WhatsApp is still the German favorite messenger app. In addition to the special WhatsApp Business App , Facebook has also created an official interface, the WhatsApp Business API, to make it more interesting for companies. If you want to send WhatsApp messages programmatically from your web application, there are other ways as well.

The official way is via the WhatsApp Business API: If you want to use it directly, you have to register with one of the official providers in the partner network. MessageBird, for example, has proven its worth in this respect. Without going into the exact details, I will show you the most important takeaways:

  • You need a valid German mobile phone number that is at least connected to a WhatsApp data plan.
  • Sending messages is subject to strict restrictions: Sending messages to external contacts is only possible via so-called message templates, which have to be submitted and approved manually; if the contact responds, any text message can be sent to this contact via API within a 24-hour time window.
  • You need an explicit opt-in for every contact, which you have to implement yourself.
  • For each message dispatch, fees are charged by the third party provider.

The actual API call in the MessageBird example (with the help of _curl from stringhelper ) turns out to be relatively simple:


If you have your own server as well as a (not actively used) mobile phone, there is another way to achieve what you want and bypass the above mentioned restrictions. Here you can make use of the functionality of WhatsApp Web. The following two libraries are suitable for this purpose.

WebWhatsapp wrapper has been around for a relatively long time and is also based on Python and Selenium. Sending messages works as follows, for example:


The much slimmer Baileys , on the other hand, is based on TypeScript and WebSockets. Messages are sent using the following code as an example:


Both libraries work on the same principle: the web app is controlled remotely, authentication is only required once (the session is restored the next time it is called). There are no restrictions (compared to normal message dispatch).