Docs / Developers / REST API v1 overview

REST API v1 overview

Last updated: 16 July 2026

Stravax Engage ships a REST API (v1) that lets your own systems send WhatsApp messages and create or update contacts, authenticated with an API key you generate from Settings > Developer. Sending through the API runs through the exact same pipeline as the agent inbox, so the same delivery rules and consent checks apply, there's no separate, looser API-only path.

What can I do with the API today?

How do I authenticate requests?

Send your API key as a bearer token in the Authorization header:

Authorization: Bearer <your-api-key>

The key determines which organization the request belongs to, you never pass an organization id yourself. A key from one organization has no visibility into another organization's contacts, messages, or resources.

What happens if I send outside the messaging window?

The same thing that happens in the inbox: if the contact's session window has expired, the API returns the identical error the inbox's session route would return for the same contact. There's no separate error format to learn for API sends versus inbox sends.

Does the API respect consent rules?

Yes. Sending a marketing template to a contact who hasn't opted in is blocked, the same as it would be from the inbox, rather than silently allowed because the request came from your own system.

Are there rate limits?

Yes, at two levels: a per-key request rate limit, and a monthly request ceiling included in your plan. Going over either returns an error rather than queueing or degrading silently. See current plans for the specific numbers on your plan, and upgrade in-app if you need more headroom.

Where do I manage my keys?

Keys are created, viewed, and revoked from Settings > Developer. See API keys for how scopes and revocation work, and Outbound webhooks if you also want Stravax Engage to push events to your systems instead of only pulling and pushing through this API.

More in Developers