Summary
We are performing a security key rotation to enhance API and access security. This change may affect some customers, particularly those with inactive or dormant API integrations.
This exercise will take place from 9-Feb-2026 to 24-Feb-2026.
Instructions
Understanding the Process
What is the Wati doing?
We are performing a Security Key Rotation.
The Goal: We are doing this to enhance our API and Access security.
We're introducing a "Recording Phase" to automatically save active sessions during the security key rotation process. This will minimize disruptions for active customers.
Impact on Customers
Active Customers
You won't be affected by this change. If you regularly log in or use your API integration, our system will recognize and record your connection, ensuring it stays active throughout the process.
Inactive/Dormant Customers
If your API integration is turned off or hasn't made a request during our recording period (09-Feb to 24-Feb-2026), it won't be saved. On 24-Feb-2026, when we finish the update, that specific integration will stop working until you reactivate it.
Note: The affected customers are those with dormant or inactive integrations. If you're an active user, rest assured that your connection and API keys will remain unaffected.
If your API is inactive i.e. if no requests are made between these dates(09-Feb to 24-Feb-2026), your current token will expire on 24-Feb-2026, and you will need to generate a new token to reconnect.
How to generate a new token:
If you haven't made any API calls during this period and your token is expired on 24-Feb-2026 or after, please follow these steps to get the new token:
Log in to Wati and open the API Docs.
Copy your Access Token.
Replace the old token in your code with the new one.
Note: No further action is needed if have active integrations in your Wati account or run API calls regularly.
What to Do Next
Keep using your API integration as usual.
We'll take care of the security key rotation process in the background.
If you have any concerns or issues after 24-Feb-2026, please reach out to our support team for assistance.
You can create a support ticket using the widget available in our help center.
Frequently Asked Questions (FAQs)
1. Will I be logged out of the dashboard?
No. Most active customers will not notice anything. Their tokens will be automatically recorded and "allowed" to keep working. Only users who are completely inactive during the recording weeks (09-Feb to 24-Feb-2026) will lose access.
2. Will my existing API integrations stop working?
Not likely, No. As long as your integration makes at least one request during our transition period (09-Feb to 24-Feb-2026), it will be automatically "allowlisted" and continue to work.
3. Do I need to generate new API tokens immediately?
No. If your integrations are active, your current tokens will continue to be accepted via our allowlist system. However, generating a new token is always a safe option if you wish to do so, as new tokens are signed with the new security key immediately.
4. I am seeing a "401 Unauthorized" error or was logged out. What happened?
If your integration or account was inactive for an extended period (specifically between 09-Feb and 24-Feb-2026), it likely wasn't captured in our allowlist database before the security rotation was finalized.
The Fix:
For Dashboard Users: Simply log in again to create a new session.
For API Users: Go to the dashboard, generate a New API Token, and replace the old one in your code.