Complete Guide to External API Integration
Introduction to the Coext External API
The Coext External API is a powerful RESTful interface that enables you to programmatically send WhatsApp messages through your connected WhatsApp Business Account. Whether you’re building automated notifications, customer support systems, or marketing campaigns, this API provides the tools you need.
This guide will walk you through everything from initial setup to advanced use cases, ensuring you can fully leverage the API’s capabilities.
What Makes This API Different
Unlike complex OAuth flows or multi-step authentication procedures, the Coext External API uses simple API key authentication. This means:
- Quick Setup: Get started in minutes, not hours
- Simple Headers: Just add your API key to each request
- No Token Refresh: Your API key works until you revoke it
- Optional Enhanced Security: Add HMAC signatures when you need extra protection
Capabilities Overview
| Capability | Description | Permission Required |
|---|---|---|
| Send Text Messages | Send plain text messages during an active customer session (within 24-hour window) | send_text |
| Send Template Messages | Send pre-approved WhatsApp templates for business-initiated conversations | send_template |
| Send Media Messages | Send images, videos, documents, and audio files | send_media |
| List Templates | Retrieve all available message templates and their status | view_templates |
| Track Messages | Get message delivery status (sent, delivered, read, failed) | view_messages |
| Receive Webhooks | Get real-time notifications when customers message you or message status changes | Webhook configuration |
Step 1: Creating Your API Key
Your API key is the credential that identifies and authenticates your requests. Here’s how to create one:
Navigate to External API Management
- Log into your Coext dashboard
- From the side menu, select External API Management
- Click on the API Keys tab
- Click the Create API Key button
Configure Your Key
When creating your key, you’ll need to provide:
| Field | Description | Example |
|---|---|---|
| Name | A descriptive name to identify this key | “Production Order Notifications” |
| Description | Optional notes about this key’s purpose | “Used for automated order status updates” |
| WhatsApp Account | The connected WhatsApp Business Account to use | Select from dropdown |
| Permissions | Which operations this key can perform | send_text, send_template, etc. |
| Rate Limit | Maximum requests per minute (default: 60) | 60 |
| Daily Limit | Maximum requests per day (default: 5000) | 5000 |
| Expiration Date | Optional date when key automatically expires | Leave empty for no expiration |
Save Your Credentials Immediately
⚠️ Critical: After creating your API key, you’ll see both the API Key and API Secret. The secret is only shown once and cannot be retrieved later. Copy both credentials and store them securely!
Your credentials will look like:
API Key: pk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
API Secret: sk_live_x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4
Step 2: Understanding the Base URL
All API requests are made to the following base URL:
https://your-domain.com/api/v1/external
Replace your-domain.com with your actual Coext instance domain.
Available Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /messages/text | Send a plain text message |
| POST | /messages/template | Send a template message with raw components |
| POST | /messages/template/send | Send a simplified template with named variables |
| GET | /templates | List all available templates |
| GET | /templates/:name | Get details for a specific template |
| GET | /messages/:uuid | Get status of a sent message |
Step 3: Making Your First API Call
Let’s send your first message! We’ll start with a simple text message.
Required Headers
Every request must include these headers:
Content-Type: application/json
X-API-Key: pk_live_your_api_key_here
cURL Example
curl -X POST "https://your-domain.com/api/v1/external/messages/text"
-H "Content-Type: application/json"
-H "X-API-Key: pk_live_your_api_key_here"
-d '{
"to": "+919876543210",
"message": "Hello! This is a test message from the API.",
"reference": "test-msg-001"
}'
Understanding the Request Body
| Field | Type | Required | Description |
|---|---|---|---|
to | string | Yes | Recipient’s phone number in E.164 format (e.g., +919876543210) |
message | string | Yes | The message text (max 4096 characters) |
reference | string | No | Your internal reference ID for tracking (returned in webhooks) |
Success Response
{
"success": true,
"data": {
"message_id": "550e8400-e29b-41d4-a716-446655440000",
"status": "sent"
},
"meta": {
"request_id": "req_abc123def456",
"rate_limit": {
"limit": 60,
"remaining": 59,
"reset_at": "2025-12-19T10:01:00.000Z"
}
}
}
Error Response Example
{
"success": false,
"error": {
"code": "INVALID_PHONE_NUMBER",
"message": "Phone number must be in E.164 format"
},
"meta": {
"request_id": "req_xyz789"
}
}
Step 4: Sending Template Messages
Template messages are pre-approved message formats required for business-initiated conversations outside the 24-hour customer service window.
Why Templates Are Important
- Required for First Contact: You cannot send freeform messages to customers who haven’t messaged you in the last 24 hours
- Pre-Approved Content: Templates are reviewed by Meta to ensure compliance with messaging policies
- Consistent Branding: Templates ensure your messages maintain a professional, consistent format
Simplified Template Endpoint
The easiest way to send templates is using the simplified endpoint with named variables:
curl -X POST "https://your-domain.com/api/v1/external/messages/template/send"
-H "Content-Type: application/json"
-H "X-API-Key: pk_live_your_api_key_here"
-d '{
"to": "+919876543210",
"template_name": "order_confirmation",
"language": "en",
"variables": {
"customer_name": "John Doe",
"order_id": "ORD-12345",
"total_amount": "$99.99",
"delivery_date": "December 25, 2025"
},
"reference": "order-12345"
}'
Raw Template Endpoint
For more control, use the raw template endpoint with component arrays:
curl -X POST "https://your-domain.com/api/v1/external/messages/template"
-H "Content-Type: application/json"
-H "X-API-Key: pk_live_your_api_key_here"
-d '{
"to": "+919876543210",
"template_name": "order_confirmation",
"language": "en",
"components": [
{
"type": "body",
"parameters": [
{ "type": "text", "text": "John Doe" },
{ "type": "text", "text": "ORD-12345" },
{ "type": "text", "text": "$99.99" }
]
}
]
}'
Step 5: Understanding Rate Limits
Rate limits protect the system from abuse and ensure fair usage. Every response includes rate limit information:
| Limit Type | Default Value | Description | What Happens When Exceeded |
|---|---|---|---|
| Per-Minute | 60 requests | Requests per minute per API key | HTTP 429 with retry_after |
| Daily | 5,000 requests | Requests per 24 hours per API key | HTTP 429 until next day |
| Per-Phone | 10 per minute | Messages to same recipient per minute | HTTP 429 for that recipient |
Rate Limit Headers in Response
"meta": {
"rate_limit": {
"limit": 60, // Your per-minute limit
"remaining": 45, // Requests remaining this minute
"reset_at": "2025-12-19T10:01:00.000Z" // When limit resets
}
}
Next Steps
Now that you understand the basics, explore these advanced topics:
- Authentication Deep Dive: Learn about enhanced HMAC signature authentication
- Webhook Integration: Receive real-time notifications for message events
- Error Handling: Understand all error codes and build robust retry logic
- Template Configuration: Set up variable mappings in the dashboard
Best Practices Summary
- Store credentials securely – Use environment variables, never commit to code
- Use the Playground first – Test your integration before production
- Implement retry logic – Handle rate limits with exponential backoff
- Track with references – Use the
referencefield to correlate messages - Monitor rate limits – Check remaining limits in each response
- Set up webhooks – Don’t poll for status; use webhooks instead