Core API
Authentication
API key authentication and environment behavior.
API Key Model
Integration endpoints use API key authentication with Bearer tokens.
- Test keys start with
sk_test_and simulate delivery. - Live keys start with
sk_live_and send real WhatsApp traffic. Requires an active subscription.
Key Prefix Behavior
| Prefix | Behavior | Host |
|---|---|---|
sk_test_* | Sandbox behavior (simulated delivery lifecycle) | https://developers-api.chatmaid.net |
sk_live_* | Production behavior (real WhatsApp delivery) | https://developers-api.chatmaid.net |
Key Format and Use
POST/v1/messages/sendAuth: API key
Representative protected endpoint using API key Bearer auth.
Authorization Header
curl -X GET https://developers-api.chatmaid.net/v1/messages \
-H "Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxxxxxx"Expected 401 Response (Invalid API Key)
{
"success": false,
"error": "Unauthorized",
"message": ["Invalid API key"],
"statusCode": 401,
"timestamp": "2026-02-06T14:22:30.000Z",
"path": "/v1/messages"
}Scopes and Limits
Common scopes:
messages:send(ormessages:write)messages:readphone_numbers:read(optional, phone-number endpoints)account:read(optional, account endpoints)
Rate limit is enforced per API key. Default is 100 requests per minute unless account-specific limits are configured.
Environment mapping:
- Host:
https://developers-api.chatmaid.netfor both environments sk_test_*-> sandbox behaviorsk_live_*-> production behavior
Environment is inferred from key prefix; do not pass environment as request input.
Integration host: https://developers-api.chatmaid.net.
Endpoint to Scope Matrix
| Endpoint | Required Scope | Also Accepted |
|---|---|---|
POST /v1/messages/send | messages:send | messages:write |
GET /v1/messages | messages:read | - |
GET /v1/messages/:messageId | messages:read | - |
GET /v1/phone-numbers* | phone_numbers:read | phone-numbers:read, messages:* |
GET /v1/account* | account:read | messages:read, messages:send, messages:write |
On This Page