Summary
An API token allows external systems such as Customer Relationship Management (CRM) platforms or custom applications to securely connect with Wati and access its APIs. This guide explains how to generate an API token in Wati, choose the correct permissions, and store the token securely for future use.
Instructions
Follow the steps below to generate a new API token in your Wati account.
Step 1: Log in to your Wati account
Sign in to your Wati account.
Step 2: Go to the API settings page
In the navigation menu, go to Connector → API → Create API Token.
This will open the API Tokens page where you can manage your tokens.
Step 3: Generate a new API token
On the API Tokens page, click Generate new token.
Enter a token name to identify the token.
Step 4: Select the required permissions (scopes)
Choose the permissions your integration needs. These permissions are called scopes and define what the token is allowed to access.
Examples of commonly used scopes include:
contacts:read— Allows reading contact datacontacts:write— Allows creating or updating contactsmessagetemplate:read— Allows reading message template information
Select only the scopes required for your integration to improve security.
Step 5: Set an expiry date (optional)
You can set an expiry date for the token. This helps reduce security risks by limiting how long the token remains active.
For better security, it is recommended to rotate API tokens every 6 months.
Step 6: Copy and securely store the token
After the token is generated:
Copy the token immediately.
Store it securely in your password manager or secure environment.
Important: The token is displayed only once at the time of generation. If you lose it, you will need to generate a new token.
Notes:
The Create New Token option removes user-level dependencies, meaning the token does not rely on a specific user account.
The token will remain active until:
It reaches the expiry date, or
It is manually updated or revoked.
Keeping your API tokens secure helps protect your integrations and prevents unauthorized access to your Wati account.
Frequently Asked Questions (FAQs)
API Tokens in Wati
1. What is an API token in Wati?
An API token allows external systems such as Customer Relationship Management (CRM) platforms or custom applications to securely connect with Wati and access its APIs.
2. How do I generate a new API token in Wati?
To generate a new API token in Wati, log in to your Wati account and go to Connector → API → Create API Token. On the API Tokens page, click Generate new token, enter a token name, select the required permissions (scopes), optionally set an expiry date, and generate the token.
3. What permissions (scopes) can be selected when generating an API token?
Permissions in Wati API tokens are called scopes and define what the token can access. Examples of scopes include contacts:read for reading contact data, contacts:write for creating or updating contacts, and messagetemplate:read for reading message template information.
4. Can an expiry date be set for an API token in Wati?
Yes. You can optionally set an expiry date when generating an API token in Wati. Setting an expiry date limits how long the token remains active and helps reduce security risks.
5. How often should API tokens be rotated for security?
For better security, it is recommended to rotate API tokens every 6 months.
6. Why should the generated API token be copied and stored immediately?
The API token is displayed only once at the time of generation. If the token is not copied and stored securely when it is generated, you will need to create a new token.
API Token Behavior and Validity
7. Does the Create New Token option depend on a specific user account?
No. The Create New Token option removes user-level dependencies, meaning the API token does not rely on a specific user account.
8. How long does an API token remain active in Wati?
An API token in Wati remains active until it reaches its expiry date or until it is manually updated or revoked.