Quick start · Documentation

Base URL

All endpoints are versioned under /v1 and served from your SigFollow gateway:

https://api.sigfollow.com/v1

For self-hosted deployments substitute your own hostname. The version prefix stays stable; breaking changes increment to /v2without dropping the old version.

Code sample conventions

Every endpoint reference page ships four sample languages in consistent style — copy them straight into your project:

curl — POSIX shell, single command, ready to paste
JavaScript — runtime-agnostic native fetch (Node 18+, Deno, Bun, modern browsers — no dependency required)
Python — requests (install with pip install requests)
Java — OkHttp for HTTP + Jackson for JSON. Maven coordinates: com.squareup.okhttp3:okhttp:4.12.0 and com.fasterxml.jackson.core:jackson-databind:2.17.0 (or newer). Request bodies are built with Map.of / List.of and serialized through ObjectMapper, so you never escape JSON by hand. We picked OkHttp over java.net.httpbecause it's ubiquitous in production Java stacks, has cleaner multipart APIs, and sensible connection-pooling defaults; Jackson over Gson because Spring Boot ships it.

Examples elide the enclosing method signature for brevity — wrap the snippets in a method that throws Exception (Jackson serialization may throw JsonProcessingException, OkHttp's execute() throws IOException).

1. Generate an API key

Sign in as a tenant administrator and open Integrations → API Keys → New key. Pick the scopes you need (scope reference):

messages:send — send WhatsApp messages
templates:read / templates:write — list and create message templates
contacts:read / contacts:write — sync customer contacts and tags
blacklist:read / blacklist:write — maintain the tenant blacklist

Keys are shown once

The plaintext key is returned exactly once at creation time. Copy it immediately into your secret manager. The server only stores the HMAC hash and prefix — there is no way to recover the plaintext later.

2. Send a message

Plug the phone number ID (from Channels → Phone numbers) and your key into the request:

curl -X POST https://api.sigfollow.com/v1/PHONE_NUMBER_ID/messages \
  -H "Authorization: Bearer sflo_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "messaging_product": "whatsapp",
    "to": "{{Recipient-Phone-Number}}",
    "type": "text",
    "text": { "body": "Hello from SigFollow" }
  }'

A successful response mirrors Meta's Cloud API shape:

{
  "messaging_product": "whatsapp",
  "contacts": [{ "input": "{{Recipient-Phone-Number}}", "wa_id": "{{Recipient-Phone-Number}}" }],
  "messages": [{ "id": "wamid.HBgN..." }]
}

3. Handle errors

Errors return Meta-style bodies (error reference):

{
  "error": {
    "message": "Invalid or expired API key",
    "type": "OAuthException",
    "code": 190
  }
}

HTTP 401 means the key is invalid or revoked. 403 means the key is valid but lacks the required scope. 429 means you exceeded the per-second rate limit; honor the Retry-After header.

Where to next

Authentication — Bearer token, HMAC signatures, IP allowlists
Rate limiting & idempotency — backoff strategy and safe retries
Messages reference — every message type and field
Postman collection — import the full API into Postman in one click