Instance Login

Request Code (Phone Login)

Requests a linking code for phone-based WhatsApp authentication (OTP style).

POST
https://api.wawp.net/v2/auth/request-code?access_token=YOUR_ACCESS_TOKEN&instance_id=Your_Instance_ID&phone_number=201145202826

Authentication Required

Login to swap the placeholders with your real Instance ID and Access Token.

Log In
Test /v2/auth/request-code endpoint
POST
POST

No query parameters required

This endpoint doesn't expect data in the URL.

Best practices

  • Use this as a fallback for users with broken cameras.

  • Display the 8-character code in a large, clear font with a countdown.

  • Ensure the session is in 'SCAN_QR_CODE' status before requesting.

Headless Onboarding: The Power of Phone-Based Pairing Codes

The /v2/auth/request-code endpoint is a game-changer for WhatsApp automation, specifically designed for "Headless" environments where scanning a QR code is physically impossible or technically inconvenient. This method—often referred to as OTP-style Linking—allows you to link a WhatsApp account to a Wawp instance by entering an 8-character alphanumeric code directly into the WhatsApp mobile app.

🏗️ The Dual-Handshake Architecture

When you call this endpoint with a phone_number, Wawp initiates a complex background orchestration:

  1. Targeting: The engine establishes a connection to WhatsApp’s servers and "announces" its intent to link with the specific phone number provided.
  2. Code Generation: Wawp’s cloud infrastructure negotiates a unique, short-lived 8-character pairing code (e.g., ABCD-1234).
  3. Session Binding: The generated code is cryptographically bound to your instance_id.
  4. Interactive Waiting: The engine enters an "Interactive Listening" mode, waiting for the user to type this code into their mobile device.

🛡️ Strategic Best Practices

1. Global Number Normalization

WhatsApp follows a strict international numbering format. Provisioning will fail if the format is incorrect.

  • Developer Action: Before passing the phone_number to this API, strictly normalize it on your backend:
    • Remove all spaces, dashes, and parentheses.
    • Remove any leading + or 00 (the global prefix).
    • Ensure the Country Code is present (e.g., Use 201112223333 instead of 01112223333).

2. Building an OTP-Style UX

Since the user needs to enter the code on their phone, the UX of your dashboard is critical.

  • The Workflow:
    • Show the 8-character code in a Big, Bold font.
    • Provide a countdown timer (codes are valid for approx. 2-5 minutes).
    • Include a "How to Link" guide: WhatsApp -> Settings -> Linked Devices -> Link with Phone Number.

3. Handling the 422 "Not Ready" State

If the engine is still initializing or has just been started, it may not be ready to generate a code instantly.

  • The Response: You will receive a 422 Session Status Not Expected error. This indicates the engine is currently performing an internal warm-up. Implement a 10-second wait on your frontend before allowing the user to click the "Generate Code" button again.

💡 Industry-Standard Use Cases

A. Headless Server Provisioning

For enterprise clients running hundreds of bots on isolated linux servers without any GPU or display, the Pairing Code method is the only way to scale. Devs can generate codes on their central management panel and send them to field agents to link their work numbers.

B. Remote Support & Onboarding

If your customer is non-technical and struggling to scan a QR code (due to a cracked camera or low screen brightness), your support agent can generate a Pairing Code for them and read it aloud during a support call, resulting in a successful link in seconds.

⚠️ Common Pitfalls

  • Retry Limit Abuse: WhatsApp has a hidden internal rate limit for pairing codes. Requesting a code more than 3-5 times in a short window can cause WhatsApp to temporarily block the pairing feature for that phone number.
  • Incorrect Status: You can only request a code if the session status is SCAN_QR_CODE. If the session is already WORKING, the request will be rejected to prevent accidental hijacking of an active session.

Summary of Responsibilities:

  • Initiate the Phone-Based Pairing protocol.
  • Retrieve a unique 8-character linking code.
  • Prepare the engine to listen for remote credential injection.
  • Support "Mobile-Only" onboarding flows where cameras are not used.

Request Parameters

Configure the parameters required to interact with this endpoint. All query and body arguments are listed below with their details.

Request Body

Sent as a JSON object
string

The 12-character ID of the instance

Example:
string

Your API Access Token

Example:
string

The phone number to link (e.g., 201145202826)

Example:

Request Samples

Use these ready-to-go code snippets to integrate our API into your project quickly and efficiently. Choose your preferred language and library.

1const baseUrl = "https://api.wawp.net";
2const endpoint = "/v2/auth/request-code";
3const params = new URLSearchParams({
4  "instance_id": "Your_Instance_ID",
5  "access_token": "YOUR_ACCESS_TOKEN"
6}).toString();
7const body = {
8  "phone_number": "201145202826"
9};
10
11fetch(`${baseUrl}${endpoint}${params ? '?' + params : ''}`, {
12  method: "POST",
13  headers: { "Content-Type": "application/json" },
14  body: JSON.stringify(body)
15})
16  .then(async (response) => {
17    if (response.ok) {
18      const data = await response.json();
19      console.log("Success:", data);
20      return data;
21    }
22    
23    // Error Handling
24    if (response.status === 400) {
25      console.error("Error 400: Bad Request - Missing Required Parameter(s)");
26    }
27    if (response.status === 400) {
28      console.error("Error 400: Bad Request (XML Format)");
29    }
30    if (response.status === 400) {
31      console.error("Error 400: Bad Request (Plain Text)");
32    }
33    if (response.status === 401) {
34      console.error("Error 401: Unauthorized - Invalid or Missing Access Token");
35    }
36    if (response.status === 401) {
37      console.error("Error 401: Unauthorized (XML Format)");
38    }
39    if (response.status === 404) {
40      console.error("Error 404: Not Found - Session Does Not Exist");
41    }
42    if (response.status === 404) {
43      console.error("Error 404: Not Found (XML Format)");
44    }
45    if (response.status === 500) {
46      console.error("Error 500: Internal Server Error - Unexpected Failure");
47    }
48    if (response.status === 500) {
49      console.error("Error 500: Internal Server Error (HTML)");
50    }
51    if (response.status === 502) {
52      console.error("Error 502: Bad Gateway - Connection Failed to Upstream");
53    }
54    if (response.status === 502) {
55      console.error("Error 502: Bad Gateway (XML Format)");
56    }
57    if (response.status === 422) {
58      console.error("Error 422: Unprocessable Entity - Session Status Mismatch");
59    }
60
61    const errorText = await response.text();
62    console.error(`Error ${response.status}: ${errorText}`);
63  })
64  .catch((error) => console.error("Network Error:", error));
Interactive Samples
Ln 64, Col 1javascript

Expected Responses

Explore all possible responses and outcomes from the server. We have documented each status code with data examples to make success and error handling easier.

Success - Linking Code Generated
Type:
application/json
string *

Example

{
"code": "ABCD-1234"
}
Bad Request - Missing Required Parameter(s)
Unauthorized - Invalid or Missing Access Token
Not Found - Session Does Not Exist
Unprocessable Entity - Session Status Mismatch
Internal Server Error - Unexpected Failure
Bad Gateway - Connection Failed to Upstream
Previous TopicVerify Auth List Store
Next TopicMessaging Guide

Command Palette

Search for a command to run...