~ WAAPI.link
latest — live single binary Docker · multi-arch MIT

$ whatsapp.http()
// self-hosted, sane defaults

A WhatsApp HTTP API + dashboard you actually own. Ship a Go binary, point your n8n / Zapier / curl at it, done. No SaaS bill. No vendor lock-in.

GitHub stars GitHub forks Latest release CI status MIT
Star on GitHub ./quickstart.sh
~/waapi-gateway
● live
# 1. run it — one prebuilt image, gateway + dashboard
$ docker run -d -p 3000:3000 \
    -e ADMIN_PASS=strong-pass \
    -v waapi_data:/app/storages \
    ghcr.io/mecaca-global-inc/waapi-gateway:latest

# 2. login → get an API key
$ curl -sX POST http://localhost:3000/api/login \
    -H 'Content-Type: application/json' \
    -d '{"username":"admin","password":"strong-pass"}'
{"api_key":"8604c43f-d6b3-4305-b77f-8888d519ab07"}

# 3. send a message
$ curl -sX POST http://localhost:3000/api/sendText \
    -H "Authorization: Bearer $KEY" \
    -H 'Content-Type: application/json' \
    -d '{"session":"main","chat_id":"6281234567890","text":"hello 👋"}'
{"id":"3EB0...","timestamp":1747100000}

// what you get

A single binary. A pretty dashboard. Everything you'd build yourself, but on day one.

[01] multi-session

Run multiple WhatsApp accounts inside one process. Routed by session name.

[02] QR + pair-code

Login by scanning a QR or entering an 8-digit code on your phone.

[03] send anything

Text, image, video, voice (PTT), file, location, contact (vCard).

[04] webhooks

HMAC-SHA256 signed. Retries with backoff. Filter by event.

[05] ephemeral-aware

Auto-matches the chat's disappearing-messages timer. No "old version" warnings.

[06] live stream

WebSocket /ws pushes events to the dashboard in realtime.

[07] group admin

Create groups, add/remove/promote members, rename, lock, invite links — full REST surface.

[08] embedded dashboard

Next.js UI baked into the binary. One URL: send playground, webhooks, embedded Swagger.

[09] sqlite / postgres

SQLite by default. Drop a postgres URL into DB_URI for prod.

[10] one binary

Gateway + dashboard in a single 60 MB image. docker run and you're live.

[11] your brand

Set DEVICE_NAME — the WhatsApp Linked Devices screen shows your label.

[12] secure by default

Weak-password boot guard, login rate-limit, hashed API keys, constant-time compares.

// 60-second deploy

One prebuilt image. Gateway and dashboard in the same container — no separate frontend to host, no CORS to wrangle.

  • Pull ghcr.io/mecaca-global-inc/waapi-gateway — multi-arch, amd64 + arm64.
  • Set a strong ADMIN_PASS — boot refuses weak defaults.
  • Mount a volume on /app/storages so sessions survive restarts.
  • Open the dashboard, scan the QR.
  • Send your first message.
Deploy guide ↗ Latest release ↗
deploy anywhere
docker
# bare docker
$ docker run -d -p 3000:3000 \
    -e ADMIN_PASS=strong-pass \
    -v waapi_data:/app/storages \
    ghcr.io/mecaca-global-inc/waapi-gateway:latest

# or any container PaaS — Zeabur, Railway,
# Render, Fly, Coolify: add the image as a
# service, set ADMIN_PASS, mount a volume.

# dashboard + API + docs all on one URL:
http://localhost:3000

// talk to it

open the OpenAPI 3.1 spec ↗
POST /api/sendText
{
  "session": "default",
  "chat_id": "6281234567890",
  "text": "hello"
}
POST /api/sendImage
{
  "session": "default",
  "chat_id": "...@lid",
  "url": "https://.../pic.jpg",
  "caption": "check this"
}
POST webhook → your URL
{
  "event": "message",
  "session": "default",
  "payload": {
    "chat": "...@lid",
    "body": "hi",
    "from_me": false
  }
}

// design principles

→ one binary

No microservice maze. A 33 MB Go binary, a SQLite file, an env file. scp and you're live.

→ boring stack

Go on the back, Next.js on the front, Tailwind for paint. Nothing exotic to learn at 3 a.m.

→ secure by default

Refuses to boot with weak admin creds. Rate-limited login. Constant-time compares. Hashed key storage. HMAC-signed webhooks.

→ no vendor lock-in

MIT-licensed. Your data lives on your disk. Switch off the server — you keep the code, the SQLite, and the sessions.

// rapid q&a

? Is this affiliated with WhatsApp? +

No. Independent open-source project. For commercial use, also consider the official WhatsApp Business API.

? Can I get banned? +

WhatsApp can ban any unofficial client at any time. Don't spam. Don't blast cold lists. Respect from_me=false filters in your automations to avoid reply loops.

? Does it run on a Pi / NAS? +

Yes. Multi-arch Docker (amd64 + arm64) builds in CI. SQLite default keeps the footprint tiny.

? How do I auto-reply to a message? +

Point a webhook at your n8n / Zapier / FastAPI / Express server. Filter event=="message" & from_me==false. POST back to /api/sendText with chat_id = payload.chat.

? Where do I report a security issue? +

Email security@waapi.link. Don't open a public issue for vulns.

$ git clone & chill.

Self-host in 60 seconds. Star the repo if it saved you a SaaS subscription.

View on GitHub Download latest