Postman Collection for WhatsApp Business APIs

Postman is a popular tool to help test and develop APIs. To make it more convenient for developers who are integrating with the WhatsApp Business APIs, we've developed a Postman collection that contains the full set of APIs.

  • Setup : Installing the collection
  • Configure : Configuring the environment variables
  • First Time Setup: Performing registration for the first time
  • Test : Playing with the APIs


To get started, download the following and install Postman.

Postman App

WABiz Postman Collection on GitHub (Either clone the repo or download as zip package)

Once you have Postman running, you can click 'Import' and select the two JSON files in the Postman Collection package from GitHub. After it has been imported, you should see 'WhatsApp Business API' under Collections and also be able to select 'WABiz Developer' as the Environment, like below:


Postman offers a configurable environment which is essentially a set of key-value pairs. It allows you to create commonly used variables that can be reference across multiple requests. You can read more about it here.

The pre-configured 'WABiz Developer' environment contains a non-exhaustive set of variables that are referenced by the collection. It's important for you to edit and replace some of these variables with your own values. You can reach the edit dialog by clicking the little eye button next to the environment dropdown and then clicking edit. See the portion of the screen marked with red below.

The first thing you should replace is the URL which represents the webapp endpoint. You'll see that all of the requests will reference this variable via {{URL}} so it's important you get this right.

As you are calling the APIs from the collection, you will need to obtain and replace these values with valid ones. For example, the Login API will generate and return a token as a response. You will need to take this token and update the corresponding key with it as subsequent API calls will use this token for authentication. Another example is getting the media-id from Media Upload API, and then using it in Send Media Message API.

If you want to make this even more convenient, you can write post-request scripts that will parse values from API response, and update the environment variable. This guide shows you just how to do that.


All WhatsApp Business Application APIs require the use of HTTPS. Postman understands this and tried to do a SSL certificate handshake. You can bypass this by using insecure HTTPS. Go to Postman Settings, then to General Tab, and turning off SSL Certificate Verification. This is particularly important while testing with MacOS 10.15 Catalina, due to the way Apple manages SSL certificates at the operating system level.

First Time Setup

If this is the first time your instance has run you will need to change the root password and perform registration. Edit your environment and make sure to set these variables: AdminUsername, AdminPassword, and NewAdminPassword. The initial AdminUsername and AdminPassword are the factory defaults ("admin" and "secret" respectively). The NewAdminPassword is what you choose.

Look at the image below and set Authorization to "Basic Auth" then fill in the username / password with the variables as shown. On the Body tab, "new_password" value should be filled from variable NewAdminPassword. Click Send to fire off the request and get the token from the response.

Once you get a successful result you need to copy that token value into your environment variables for AdminAuthToken. You can now change the AdminPassword to match the new password which was just set.

Hit "Update" to save the value. Now you have a token that will let you perform admin tasks. The collection uses that variable in its headers so you don't have to re-copy it every time. Finally, you can now remove from the "Login-Admin" template Body tab the property "new_password".

Please see Registration section for more information about registration.

Under Collections, navigate to the 02-Registration section and select Request-Code. Before hitting send you must make sure the crucial registration variables are set in the environment list (Click on the 'Body' tab): RegistrationRequestCountryCode, RegistrationRequestPhoneNumber, RegistrationRequestMethod, RegistrationRequestVNameCert, TwoStepPIN (if Two-step Verification is enabled).

RegistrationRequestVNameCert is the Base64 cert string you get from your WhatsApp Account in the Facebook Business Manager.

Make sure there are no trailing whitespace or carriage returns in the Base64 value you copy in. It should be a long string of characters with no spaces at the end.

After you succeed at Request-Code you will get a code by your method. Enter the code in your environment list for RegistrationRegisterCode and go down to Register-Account API in the collection. When this succeeds with "201 Created" you have registered and are ready to use the instance for checking contacts and sending messages.


You're now set to choose any of the APIs in the collection and start firing! You'll need to start off with Login APIs to ensure you get the auth token to use in all other API calls. The APIs are conveniently ordered the same way they appear in the docs to make it easy to follow. Feel free to edit the APIs in any way you'd like. The intention is help you test the API and its responses more easily.