'%3e%3cpath%20d='M10%2020C15.5228%2020%2020%2015.5228%2020%2010C20%204.47715%2015.5228%200%2010%200C4.47715%200%200%204.47715%200%2010C0%2015.5228%204.47715%2020%2010%2020Z'%20fill='%23F0F0F0'/%3e%3cpath%20d='M19.378%2013.4785C19.78%2012.3951%2020%2011.2234%2020%2010.0002C20%208.77701%2019.78%207.60529%2019.378%206.52197H0.621992C0.220039%207.60529%200%208.77701%200%2010.0002C0%2011.2234%200.220039%2012.3951%200.621992%2013.4785L10%2014.348L19.378%2013.4785Z'%20fill='%230052B4'/%3e%3cpath%20d='M9.9991%2019.9998C14.2987%2019.9998%2017.9642%2017.286%2019.3771%2013.478H0.621094C2.03402%2017.286%205.69945%2019.9998%209.9991%2019.9998Z'%20fill='%23D80027'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_586_4336'%3e%3crect%20width='20'%20height='20'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M10%2020C15.5228%2020%2020%2015.5228%2020%2010C20%204.47715%2015.5228%200%2010%200C4.47715%200%200%204.47715%200%2010C0%2015.5228%204.47715%2020%2010%2020Z'%20fill='%23F0F0F0'/%3e%3cpath%20d='M9.56445%209.99982H19.9992C19.9992%209.09725%2019.8789%208.22287%2019.6547%207.39111H9.56445V9.99982Z'%20fill='%23D80027'/%3e%3cpath%20d='M9.56445%204.78254H18.5315C17.9193%203.78363%2017.1366%202.9007%2016.2241%202.17383H9.56445V4.78254Z'%20fill='%23D80027'/%3e%3cpath%20d='M9.99828%2020.0001C12.3518%2020.0001%2014.5149%2019.1866%2016.2231%2017.8262H3.77344C5.48164%2019.1866%207.6448%2020.0001%209.99828%2020.0001Z'%20fill='%23D80027'/%3e%3cpath%20d='M1.46699%2015.2171H18.5315C19.023%2014.4152%2019.4041%2013.5386%2019.6548%2012.6084H0.34375C0.594414%2013.5386%200.975547%2014.4152%201.46699%2015.2171Z'%20fill='%23D80027'/%3e%3cpath%20d='M4.63219%201.56164H5.54348L4.69582%202.17746L5.01961%203.17391L4.17199%202.55809L3.32437%203.17391L3.60406%202.31309C2.85773%202.93477%202.20359%203.66313%201.66453%204.47469H1.95652L1.41695%204.86668C1.33289%205.00691%201.25227%205.14937%201.175%205.29395L1.43266%206.08695L0.951953%205.7377C0.832461%205.99086%200.723164%206.24973%200.624922%206.51398L0.908789%207.38773H1.95652L1.10887%208.00356L1.43266%209L0.585039%208.38418L0.0773047%208.75309C0.0264844%209.1616%200%209.57769%200%2010H10C10%204.47719%2010%203.82609%2010%200C8.02453%200%206.18301%200.573047%204.63219%201.56164ZM5.01961%209L4.17199%208.38418L3.32437%209L3.64816%208.00356L2.80051%207.38773H3.84824L4.17199%206.39129L4.49574%207.38773H5.54348L4.69582%208.00356L5.01961%209ZM4.69582%205.09051L5.01961%206.08695L4.17199%205.47113L3.32437%206.08695L3.64816%205.09051L2.80051%204.47469H3.84824L4.17199%203.47824L4.49574%204.47469H5.54348L4.69582%205.09051ZM8.60656%209L7.75895%208.38418L6.91133%209L7.23512%208.00356L6.38746%207.38773H7.4352L7.75895%206.39129L8.0827%207.38773H9.13043L8.28277%208.00356L8.60656%209ZM8.28277%205.09051L8.60656%206.08695L7.75895%205.47113L6.91133%206.08695L7.23512%205.09051L6.38746%204.47469H7.4352L7.75895%203.47824L8.0827%204.47469H9.13043L8.28277%205.09051ZM8.28277%202.17746L8.60656%203.17391L7.75895%202.55809L6.91133%203.17391L7.23512%202.17746L6.38746%201.56164H7.4352L7.75895%200.565195L8.0827%201.56164H9.13043L8.28277%202.17746Z'%20fill='%230052B4'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1008_13251'%3e%3crect%20width='20'%20height='20'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M10%2020C15.5228%2020%2020%2015.5228%2020%2010C20%204.47715%2015.5228%200%2010%200C4.47715%200%200%204.47715%200%2010C0%2015.5228%204.47715%2020%2010%2020Z'%20fill='%23F0F0F0'/%3e%3cpath%20d='M0.34375%2012.6089C1.26711%2016.0348%203.96465%2018.7324%207.39059%2019.6557V12.6089H0.34375Z'%20fill='%23D80027'/%3e%3cpath%20d='M7.39055%200.344727C3.96465%201.26805%201.26707%203.96562%200.34375%207.39152H7.39059V0.344727H7.39055Z'%20fill='%230052B4'/%3e%3cpath%20d='M19.6562%207.39152C18.7329%203.96562%2016.0353%201.26805%2012.6094%200.344727V7.39156H19.6562V7.39152Z'%20fill='%23D80027'/%3e%3cpath%20d='M12.6094%2019.6557C16.0353%2018.7324%2018.7329%2016.0348%2019.6562%2012.6089H12.6094V19.6557Z'%20fill='%230052B4'/%3e%3cpath%20d='M12.608%209.99982C12.608%2011.4406%2011.4401%2012.6085%209.99934%2012.6085C8.55859%2012.6085%207.39062%2011.4406%207.39062%209.99982C7.39062%208.55904%209.99934%207.39111%209.99934%207.39111C9.99934%207.39111%2012.608%208.55904%2012.608%209.99982Z'%20fill='%23496E2D'/%3e%3cpath%20d='M7.39062%209.99982C7.39062%208.55904%208.55859%207.39111%209.99934%207.39111C11.4401%207.39111%2012.608%208.55904%2012.608%209.99982'%20fill='%230052B4'/%3e%3cpath%20d='M8.5332%208.6958V10.3262C8.5332%2011.1367%209.19016%2011.7936%2010.0006%2011.7936C10.811%2011.7936%2011.468%2011.1367%2011.468%2010.3262V8.6958H8.5332Z'%20fill='%23D80027'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1008_13324'%3e%3crect%20width='20'%20height='20'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Simplified Authorization (for White Label)
Authorization grants you access to the end‑customer account, allowing you to connect channels, send messages, and perform other actions on the end-customer's behalf.
Use simplified authorization if you operate under the White Label model. This allows you to obtain client tokens and act on behalf of end customers without requiring their direct interaction.
If you operate under the Wazzup Label model, obtain user tokens via OAuth instead.
How simplified authorization works: the partner first acquires a service machine_token, then exchanges it (token‑exchange) for tokens specific to a given end‑customer account.
To use simplified authorization for obtaining user access tokens, the end‑customer account must have been created by you.
Use Basic authentication with your Wazzup partner account login credentials in the request headers: Authorization: Basic base64(email:password)
Step 1. Create an end-customer account
Create an end‑customer account using the POST /v2/accounts method. You will then receive the customer's account_id, which is required to obtain user access tokens.
Save the account_id returned in the response — you will need it in Step 3.
Step 2. Obtain a machine_token
The machine_token is used to exchange it for user access tokens in the next step.
POST v2/oauth/token| Parameter. Required are marked with * | Type | Description |
grant_type* |
string |
OAuth grant type. Specify client_credentials |
client_credentials_data* |
object |
Data required for client_credentials grant |
client_credentials* |
string |
A list of permissions you are requesting from the user — i.e., which actions you need to perform in the user's account. The requested set of |
Request example
curl -L 'https://tech.wazzup24.com/v2/oauth/token' \
-H 'Authorization: Basic base64(email:password)' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials",
"client_credentials_data": {
"scope": "transport,crm"
}
}'
Response example:
{
"data": {
"access_token": "eyJahkboGpppcilllO77iJ99IU12zI671NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjozmYzItOThjYS1kY2VjOWVjNTZjMTciLCJpYXQiOjE3NjMwMjc4NzYsImV4cCI6MTc2MzA1NjY3NiwianRpIjoiNWY3OWY0ZDgtZjNlYy00M2VhLTgyYjctMGI4YzJiZmU5hIn0.l",
"token_type": "Bearer",
"expires_in": 28800
},
"meta": {
"timestamp": 1763027876
}
}
Result: machine_token (returned in the response as access_token), which you will exchange for user access tokens in the next step.
Store the machine_token in a secure Secret Manager or vault. Never expose it to the frontend or client-side code.
Step 3. Exchange the machine_token for user access tokens
POST /v2/oauth/tokenPOST /v2/oauth/token │ ├── grant_type * │ └── token_exchange_data * ├── subject_token * ├── subject_token_type * ├── requested_subject * └── scope *
| Parameter. Required are marked with * | Parameter type | Parameter description |
grant_type* |
string |
Specify "urn:ietf:params:oauth:grant-type:token-exchange" |
token_exchange_data* |
object token_exchange_data |
Data required to obtain the tokens |
token_exchange_data (object)
| Parameter. Required are marked with * | Parameter type | Parameter description |
subject_token* |
string |
The machine_token obtained in Step 2 (returned in the response as access_token) |
subject_token_type* |
string |
Specify "urn:wazzup:oauth:token-type:machine_token" |
requested_subject* |
string |
The customer's account_id, received when creating the end‑customer account |
scope* |
string |
A list of permissions you are requesting from the user — i.e., which actions you need to perform in the user's account. The requested set of |
Request example
curl -L 'https://tech.wazzup24.com/v2/oauth/token' \
-H 'Authorization: Basic base64(email:password)' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"token_exchange_data": {
"subject_token": "eyJahkboGpppcilllO77iJ99IU12zI671NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjozmYzItOThjYS1kY2VjOWVjNTZjMTciLCJpYXQiOjE3NjMwMjc4NzYsImV4cCI6MTc2MzA1NjY3NiwianRpIjoiNWY3OWY0ZDgtZjNlYy00M2VhLTgyYjctMGI4YzJiZmU5hIn0.l",
"subject_token_type": "urn:wazzup:oauth:token-type:machine_token",
"requested_subject": "12345678",
"scope": "transport,crm"
}
}'
Response example:
{
"data": {
"access_token": "eyJhbGciOi...",
"refresh_token": "def50200...",
"token_type": "Bearer",
"expires_in": 86400
},
"meta": {
"timestamp": 1759481962
}
}
Result: You now have the end‑customer's client_access_token (returned as access_token in the response) for making API calls and a refresh_token for renewing it.
You can now proceed to add channels, send messages, and perform other actions.
Authorize all calls made on behalf of the end‑customer with the header: Authorization: Bearer <client_access_token>
Common errors
| code | When it occurs | How to resolve |
VALIDATION_FAILED |
Input data validation error | Verify the correctness of the data being sent |
OAUTH_INVALID_GRANT_TYPE |
An invalid grant type was specified | Ensure the grant_type value is correct |
OAUTH_REDIRECT_ |
Incorrect redirect_uri specified |
Use the redirect_uri agreed upon with Wazzup |
OAUTH_AUTHORIZATION_ |
Invalid authorization code | Request a new authorization code — the provided one has either expired or does not belong to your client |
OAUTH_CODE_CHALLENGE_ |
Unknown PKCE method (code_challenge_method) |
Use a supported PKCE method (S256, PLAIN) |
OAUTH_CODE_VERIFIER_ |
Invalid or missing code_verifier |
Verify the correct generation and transmission of the code_verifier |
OAUTH_REQUESTED_ |
The requested subject does not match the expected value | Ensure you are using the correct machine token |
OAUTH_SUBJECT_TOKEN_ |
Mismatched subject_token_type |
Verify the accuracy of the provided subject_token_type |
OAUTH_CLIENT_ID_MISMATCH |
client_id mismatch |
Ensure the client_id is passed correctly and belongs to your application |
OAUTH_REFRESH_TOKEN_ |
Invalid or expired refresh_token |
Repeat the authorization process to obtain a new token pair |
OAUTH_AUTHORIZATION_ |
Invalid authorization header | Verify that the token is correctly passed in the Authorization header |
OAUTH_INVALID_ |
Invalid or expired partner_token |
Verify the token's validity with your manager or use a valid partner_token |
OAUTH_TOKEN_INVALID_ |
Token is invalid or has expired | Refresh the token or repeat the authorization process |
OAUTH_TOKEN_UNKNOWN_ |
Token is unknown or has been revoked | Repeat the authorization process or refresh the token |
OAUTH_PARTNER_ |
Partner not found | Contact your Wazzup manager for details |
OAUTH_PARTNER_ |
Partner is inactive | Contact your manager to activate the partner account |
OAUTH_CLIENT_NOT_ |
The end‑customer does not belong to this partner | Verify that the customer is indeed associated with your partner account |
OAUTH_SCOPE_FORBIDDEN |
Requested scope is not permitted | Coordinate the required permissions (scope) with your manager |
OAUTH_MISSING_GRANT |
Client has not granted access or has revoked it | The client needs to go through the oauth identification again |
What's next
After authorization: