Authentication

Swagger UI

Obtain JWT tokens for dashboard APIs or use API keys for server-to-server integrations.

Dashboard routes use JWT Bearer tokens from `/api/auth/login` or `/api/auth/register`. External integration routes under `/api/external/*` require the `X-API-Key` header.

POST/api/auth/register

Register

Create a new tenant, owner user, and start the free trial.

URL: https://api.actiwapi.com/api/auth/register

Auth: None

Request example

{
  "name": "Jane Doe",
  "email": "owner@acme.com",
  "password": "SecurePass123!",
  "businessName": "Acme Corp"
}

Code examples

curl -X POST "https://api.actiwapi.com/api/auth/register" \
  -H "Content-Type: application/json"
  -d '{  "name": "Jane Doe",  "email": "owner@acme.com",  "password": "SecurePass123!",  "businessName": "Acme Corp"}'

Response example201

{
  "success": true,
  "data": {
    "accessToken": "eyJhbG...",
    "refreshToken": "eyJhbG...",
    "expiresIn": "7d",
    "user": {
      "id": "uuid",
      "email": "owner@acme.com",
      "name": "Jane Doe",
      "role": "owner",
      "tenantId": "uuid",
      "tenantName": "Acme Corp"
    }
  }
}

Try in Swagger UI

POST/api/auth/login

Login

Authenticate with email and password to receive access and refresh tokens.

URL: https://api.actiwapi.com/api/auth/login

Auth: None

Request example

{
  "email": "owner@acme.com",
  "password": "SecurePass123!"
}

Code examples

curl -X POST "https://api.actiwapi.com/api/auth/login" \
  -H "Content-Type: application/json"
  -d '{  "email": "owner@acme.com",  "password": "SecurePass123!"}'

Response example200

{
  "success": true,
  "data": {
    "accessToken": "eyJhbG...",
    "refreshToken": "eyJhbG...",
    "expiresIn": "7d",
    "user": { "id": "uuid", "email": "owner@acme.com", "role": "owner" }
  }
}

Try in Swagger UI

POST/api/auth/refresh

Refresh token

Exchange a valid refresh token for a new access token.

URL: https://api.actiwapi.com/api/auth/refresh

Auth: None

Request example

{ "refreshToken": "eyJhbG..." }

Code examples

curl -X POST "https://api.actiwapi.com/api/auth/refresh" \
  -H "Content-Type: application/json"
  -d '{ "refreshToken": "eyJhbG..." }'

Response example200

{
  "success": true,
  "data": {
    "accessToken": "eyJhbG...",
    "refreshToken": "eyJhbG...",
    "expiresIn": "7d"
  }
}

Try in Swagger UI

GET/api/auth/profile

Get profile

Returns the authenticated user and tenant context.

URL: https://api.actiwapi.com/api/auth/profile

Auth: JWT Bearer

Headers

HeaderValueRequired
AuthorizationBearer {accessToken}Yes
Content-Typeapplication/jsonYes*

Code examples

curl -X GET "https://api.actiwapi.com/api/auth/profile" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {accessToken}"

Response example200

{
  "success": true,
  "data": {
    "id": "uuid",
    "email": "owner@acme.com",
    "name": "Jane Doe",
    "role": "owner",
    "tenantId": "uuid",
    "tenantName": "Acme Corp"
  }
}

Try in Swagger UI

POST/api/v1/api-keys

Create API key

Generate an API key for external integrations. The secret is shown once.

URL: https://api.actiwapi.com/api/v1/api-keys

Auth: JWT Bearer

Headers

HeaderValueRequired
AuthorizationBearer {accessToken}Yes
Content-Typeapplication/jsonYes*

Request example

{
  "name": "Production server",
  "permissions": ["messages:send", "messages:read", "sessions:read"]
}

Code examples

curl -X POST "https://api.actiwapi.com/api/v1/api-keys" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {accessToken}"
  -d '{  "name": "Production server",  "permissions": ["messages:send", "messages:read", "sessions:read"]}'

Response example201

{
  "success": true,
  "data": {
    "id": "uuid",
    "name": "Production server",
    "keyPrefix": "awp_live_",
    "apiKey": "awp_live_xxxxxxxxxxxxxxxx",
    "permissions": ["messages:send", "messages:read", "sessions:read"]
  }
}

Try in Swagger UI

Error codes

Failed requests return a JSON envelope with success: false and a human-readable message.

{
  "success": false,
  "message": "Validation failed",
  "errors": {
    "phone": "Valid phone number is required"
  }
}
HTTPCodeDescription
400VALIDATION_ERRORRequest body or query failed validation.
401UNAUTHORIZEDMissing or invalid JWT / API key.
403FORBIDDENAuthenticated but lacking permission or entitlement.
403SUBSCRIPTION_INACTIVETrial expired or subscription not active.
403LIMIT_EXCEEDEDPlan limit reached (sessions, messages, API requests, etc.).
404NOT_FOUNDResource does not exist or is not in your tenant.
409CONFLICTDuplicate resource or invalid state transition.
429RATE_LIMITEDToo many requests; retry after backoff.
500INTERNAL_ERRORUnexpected server error.
502WHATSAPP_UNAVAILABLEWhatsApp session disconnected or provider error.

← Back to Getting Started