HTTPS Setup

Access to the WhatsApp Business API Client requires HTTPS.

SSL Configuration

The WhatsApp Business API Client generates a self-signed certificate by default when it is created. The Certification Authority (CA) certificate used to generate the self-signed certificate might be required to verify the WhatsApp Business API Client endpoint and avoid a certificate trust warning. See the Retrieving a CA Certificate section for instructions on how to get the CA certificate.

Alternatively, you may upload the CA certificate instead of the self-signed certificate. The Uploading a CA Certificate section describes how to do this.

As Webhooks also requires HTTPS for callbacks; you can use your own CA certificates to prevent the application from running into SSL errors when it attempts to POST to the configured Webhook. To upload your own CA certificates for Webhooks, see the Uploading Webhook CA Certificates section.

Uploading a CA Certificate

Make sure that the uploaded certificate contains the following sections in one file and in the same order as displayed here:

  1. Private key
  2. Certificate
  3. One or more intermediate CA certificates — The WhatsApp Business API Client needs at least one intermediate CA certificate, otherwise, upload will fail.

To upload the certificate to WhatsApp Business API client, use the following API request, which contains the Content-Type of text/plain.

POST /v1/certificates/external
  Content-Type: text/plain
  Content-Length: content-size

certificate

If using cURL, the command will look like:

curl -X POST \
  https://your-webapp-hostname:your-webapp-port/v1/certificates/external \
  -H 'Authorization: Bearer your-auth-token' \
  -H 'Content-Type: text/plain' \
  --data-binary @your-path-to-certificate.pem 

If a certificate already exists, it will be overwritten. You must restart the web server, that is, all Webapp container instances, once the certificate is uploaded. You should be extremely cautious to only update the certificate with a valid (i.e., proper & correct) certificate. Otherwise, the web server will fail to restart (as the API endpoint will be down) and will require manual intervention to recover from the situation.

Response

null

Retrieving a CA Certificate

To retrieve the CA certificate stored in the WhatsApp Business API Client (i.e., direct download), use the following API request:

GET /v1/certificates/external/ca

Response

Content-Type: text/plain
Content-Length: content-size

certificate

If a CA certificate is not found, then a 404 response code is returned with no body.

Deleting CA Certificates

Deleting certificates is not supported. We could support this in the future if there is a use case we have overlooked.

Uploading Webhook CA Certificates

If the Webhook URL as configured in the application settings uses an internal CA cert, you need to upload it to the WhatsApp Business API Client so that it can be supported by the WhatsApp Business API. If you are using an externally known CA cert, you can safely skip this section.

You can generate a self-signed certificate in the PEM format by running:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

The certificate file needs to be in the PEM format. If you have more than one certificate to upload, they should first be combined into a single file by concatenating them:

cat cert1.pem cert2.pem > bundle.pem

Request

POST /v1/certificates/webhooks/ca
Content-Type: text/plain
Content-Length: content-size

certificate

If you need to send the certificate over cURL, it should look like the following:

curl -X POST \
  https://your-webapp-hostname:your-webapp-port/v1/certificates/webhooks/ca \
  -H 'Authorization: Bearer your-auth-token' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: text/plain' \
  --data-binary @your-path-to-certificate.pem \
  -k

If a certificate already exists, it will be overwritten. All Coreapp nodes must be restarted after uploading the certificate for the changes to take effect.

Response

null or {}

Retrieving Webhook CA Certificates

Request

GET /v1/certificates/webhooks/ca

Response

Content-Type: text/plain
Content-Length: content-size

certificate

If no certificate is found, a 404 response code is returned with no body.

Deleting Webhook CA Certificates

Request

DELETE /v1/certificates/webhooks/ca

Response

null or {}