need help from anyone familiar with whatsapp cloud api. I'm using the Mekari Qontak API and follow the documentation provided in the repo.
Somehow my request here got response 401
curl --request POST \
--url \
--header 'Accept: application/json' \
--header 'Authorization: hmac username=“{{Username}}“, algorithm="hmac-sha256", headers="date request-line", signature="{{Signature}}"' \
--header 'Content-Type: application/json' \
--data '{
"to_name": "Test User",
"to_number": "6281234567890",
"message_template_id": "60cccaa0-ccd9-4efd-bdfb-875859c4b50a",
"channel_integration_id": "56b60c3c-0123-46af-958b-32f3ad12ee37",
"language": {
"code": "id"
},
"parameters": {
"buttons": [
{
"index": "0",
"type": "url",
"value": "123456"
}
],
"body": [
{
"key": "1",
"value_text": "123454321",
"value": "otp"
}
]
}
}'
Does anyone know what might cause this 401 error?
Are there specific steps needed for authentication, such as generating an HMAC signature?
Has anyone successfully sent messages using this API and can share a working example?
- API key and credentials are correct.
- The request headers match the API documentation.
- The username, algorithm, headers, and signature are properly set in the Authorization header.
- The message_template_id and channel_integration_id are valid.
need help from anyone familiar with whatsapp cloud api. I'm using the Mekari Qontak API https://github/mekari-engineering/qontak-api-js and follow the documentation provided in the repo.
Somehow my request here got response 401
curl --request POST \
--url https://api.mekari/qontak/chat/v1/broadcasts/whatsapp/direct \
--header 'Accept: application/json' \
--header 'Authorization: hmac username=“{{Username}}“, algorithm="hmac-sha256", headers="date request-line", signature="{{Signature}}"' \
--header 'Content-Type: application/json' \
--data '{
"to_name": "Test User",
"to_number": "6281234567890",
"message_template_id": "60cccaa0-ccd9-4efd-bdfb-875859c4b50a",
"channel_integration_id": "56b60c3c-0123-46af-958b-32f3ad12ee37",
"language": {
"code": "id"
},
"parameters": {
"buttons": [
{
"index": "0",
"type": "url",
"value": "123456"
}
],
"body": [
{
"key": "1",
"value_text": "123454321",
"value": "otp"
}
]
}
}'
Does anyone know what might cause this 401 error?
Are there specific steps needed for authentication, such as generating an HMAC signature?
Has anyone successfully sent messages using this API and can share a working example?
- API key and credentials are correct.
- The request headers match the API documentation.
- The username, algorithm, headers, and signature are properly set in the Authorization header.
- The message_template_id and channel_integration_id are valid.
- You linked to a NodeJS SDK, but instead of any JS code, you are showing us a cURL request - not sure how those two thing are supposed to match up? – C3roe Commented Mar 28 at 9:37
- 1 "Does anyone know what might cause this 401 error?" - have you checked what the response body might have to say? – C3roe Commented Mar 28 at 9:38
- My request translated to curl and still got the same error 401 Unauthorized – warungman Commented Mar 28 at 11:15
1 Answer
Reset to default 1Helo based on the docs here https://developers.mekari/docs/kb/hmac-authentication/node#creating-hmac-signature
you may need to add header 'Date' also with Format must follow RFC7231. Example: Wed, 10 Nov 2021 07:24:29 GMT
shouldbe like this
curl --request POST 'https://api.mekari/qontak/chat/v1/broadcasts/whatsapp/direct' \
--header 'Authorization: hmac username="{{Username}}", algorithm="hmac-sha256", headers="date request-line", signature="{{Signature}}"' \
--header 'Date: Fri, 28 Mar 2025 10:04:47 GMT' \
--header 'Content-Type: application/json' \
--data-raw '{
"to_name": "Test User",
"to_number": "6281234567890",
"message_template_id": "60cccaa0-ccd9-4efd-bdfb-875859c4b50a",
"channel_integration_id": "56b60c3c-0123-46af-958b-32f3ad12ee37",
"language": {
"code": "id"
},
"parameters": {
"buttons": [
{
"index": "0",
"type": "url",
"value": "123456"
}
],
"body": [
{
"key": "1",
"value_text": "123454321",
"value": "otp"
}
]
}
}' | jq
voila!