Getting started
Authentication
All Engagive public business APIs (including WhatsApp templates and messages) expect a JSON Web Token (JWT) in the Authorization header. For integrations, create a dedicated API access token from the business portal—do not rely on copying the short-lived session token from browser devtools.
Where the token comes from
Sign in at https://stage.app.engagive.io. Under Profile, use the API access token section to choose validity, generate, and copy your token. Step-by-step UI: WhatsApp — portal setup.
Header format
On every request, send exactly:
Authorization: Bearer <your_api_access_token>Replace <your_api_access_token> with the string from the portal. No other query or body field replaces this header for authentication.
Token validity
When you generate a token, you pick an expiry window. Available options in the portal:
- 7 days
- 30 days
- 90 days
- 180 days
- 365 days (1 year)
After expiry, requests return 401 until you generate a new token. Older tokens you generated earlier may still work until their own expiry—plan rotations in your own runbooks.
Permissions and account access
The token represents the business user who generated it. The API enforces the same rules as the Engagive portal:
- You only access WhatsApp accounts and data for your organization.
account_idin the URL must be an account you are allowed to use; otherwise the API rejects the call.- Actions such as listing templates or sending messages require the same role permissions as in the app (e.g. view/edit templates, send chats). Missing permission typically results in a forbidden response.
Authentication errors
| Situation | Typical result |
|---|---|
| Missing or malformed Authorization header | 401 — no or invalid Bearer token |
| Expired or invalid JWT | 401 — invalid or expired token |
| Valid token but wrong account_id | 403 or error body — not allowed for that account |
See also Errors & responses for the full response envelope.