LogoLogo
Become a PartnerStatus Page
  • get started
    • Welcome to 360Dialog
    • Quickstarts
      • Register as a Meta Tech Provider
      • Add a WhatsApp Number
      • Set up Integrated Onboarding
      • Create a Message Template
      • Send a Message
      • (temp title) Getting started as a partner
    • Pricing & Billing
      • Payment Methods for BR: Pix & Boleto
      • Month Closing Invoice (MCI)
    • Get API Access
    • Tech Provider Program
      • Understanding the Meta Tech Provider Program
      • Becoming a Meta Tech Provider: A Step-by-Step Guide
  • MM Lite Beta Program
    • Onboarding
    • Sending Messages
    • Expected Errors & Programming Languages
    • MM Lite Sandbox Testing
      • Sending Messages using MM Lite Sandbox
      • Expected Erros & Programming Languages
  • Partner & Account Management
    • Solutions for Partners
      • Benefits for Partners
      • Partner Hub
      • WABA Management
    • Account Setup & Management
      • Prerequisites and best practices for account creation
      • Account Structure
      • Account Creation
  • Integrations & API Development
    • Webhook Events & Setup
      • Webhook Events (Partner & Messaging API)
      • Webhook Configuration & Management
    • Integration Best Practices
      • Architecture and Security
      • Best Practices for Designing Integrations
        • Design a Stable Webhook Receiving Endpoint
      • Sizing Your Environment Based on Expected Throughput
      • Design a Resilient Message Sending Service
      • Integrated Onboarding
        • Basic Integrated Onboarding
        • Custom Integrated Onboarding
        • Host Your Own Embedded Signup
      • API Key Authentication for the Partner API
  • API Reference
    • Messaging API
    • Messaging Health Status
    • Sandbox (Test API Key)
    • Differences Between Cloud API and On-Premise API for Partners
      • [will be deprecated] Messaging with On-Premise API
    • Partner API
  • WABA Management
    • Managing WABA Accounts
      • Using the Partner Hub to manage Clients and Channels
      • Using the Partner API to manage Clients and Channels
      • Partner Permission to Generate API Key
      • Checking Usage & Statistics
    • Phone Number & Hosting
      • Migrating a Phone Number
        • Migrate number from Meta or alternate BSP to 360Dialog
        • Migrate a phone number to a new WABA
        • Migrate a phone number to a new WABA to change messaging Currency
      • WhatsApp Coexistence
        • Coexistence Onboarding
        • Coexistence Webhooks
      • Hosting type Change (On-premise API to Cloud API)
    • WABA Profile & Compliance
      • Display Name Guidelines
      • WABA Profile Info
      • WABA Policy Enforcement
      • Business Account Verification
    • Partner change (between 360Dialog Partners)
    • WhatsApp Flows
    • Accelerated Onboarding
    • Business Account Verification
  • Messaging
    • Sending & Receiving Messages
      • Conversations
      • Receiving messages
      • Before sending a message
    • Message Types
      • Conversational Components
      • Checklist for Message Broadcasts and Campaigns
      • Text messages
      • Interactive messages
        • Single and Multi Product Messages
        • Location Request Messages
        • Address Messages (India and Singapore only)
      • Contacts & Location Messages
    • Template Messages
      • Template Library
      • Template Elements
      • Sending Template Messages
      • Authentication Templates
        • Zero-Tap Authentication Templates
        • One-Tap Autofill Authentication Templates
        • Copy Code Authentication Templates
      • Catalog Templates
      • Product Card Carousel Templates
      • Single-Product Message Templates
      • Coupon Code Templates
      • Limited-Time Offer Templates
      • Multi-Product Templates
    • Media Messages
      • Upload, retrieve or delete media
    • Messaging Health & Troubleshooting
      • Messaging Limits & Quality Rating
      • Errors While Messaging
      • Messages statuses
  • Commerce & Payments
    • Payments (India Only)
      • Receive WhatsApp Payments via Payments Gateway
      • Receive WhatsApp Payments via Payment Links
      • Order Details Template Message
    • Payments (Singapore Only)
      • Receive WhatsApp Payments via Stripe
    • Products and Catalogs
      • India Businesses: Compliance for Commerce
  • Support & Updates
    • Help & Troubleshooting
      • FAQ
      • Error Code Reference
      • User Support Documentation
        • Tutorials
          • Page How to Troubleshoot Login Issues in the 360dialog Hub
          • How to Report an Issue
          • How to Contact Support
        • How-To Guides
          • Raise a support request
          • Requesting a Status Update for Business Verification
        • Reference
          • Troubleshooting Embedded Signup Issues
          • Commerce Policy Checks for WhatsApp API Access
          • Support Availability & SLAs
          • Incident Issue Prioritization
          • Case Types Table
        • Explanation
          • Why Business Verification Takes Time
          • Why Some Issues Are Not Emergencies
          • Understanding the Support Process
      • Support with Meta
    • Imprint & Data Privacy
    • Product Updates & News
      • How to ensure your Template Messages will be received
      • Integrated Onboarding new look and Campaigns Best Practices
Powered by GitBook
On this page

Was this helpful?

We are introducing API Key authentication as the new default method for accessing the 360Dialog Partner API. This change provides more flexibility, improved security, and better control over your API access.

Why We Are Moving to API Key Authentication

Problems with Bearer Token Authentication

Until now, Partner API access has relied on Bearer tokens tied to user authentication. While simple, this approach has several limitations:

  • Single token access: Only one token per user, with no way to separate environments or integrations.

  • Lack of granular control: You can’t manage different keys for different use cases.

  • Security risks: If a Bearer token is compromised, it’s difficult to revoke without disrupting all access.

Benefits of API Key Authentication

API keys offer a more robust and secure approach to authentication. With API keys, you can:

  • Generate multiple keys for different systems or integrations.

  • Revoke or rotate keys at any time without affecting other keys or users.

  • Leverage upcoming security features, such as IP whitelisting, Key usage analytics or Scoped access control

This gives you better visibility and control over how your integrations use the API.

How This Affects You

Backward Compatibility & Transition Period

  • API Key authentication is now enabled by default for all partners.

  • The legacy Bearer token authentication remains available for now.

  • You can choose to disable Bearer token auth at any time from the dashboard.

We recommend transitioning to API Key authentication as soon as possible to take advantage of new features and improved security.

How to Create, View, and Delete API Keys

Managing your API keys is simple and can be done directly in the 360Dialog Partner Dashboard:

  1. Log in to your Partner Dashboard.

  2. Navigate to the “API Keys” tab

  3. To generate a new key:

    1. Click “Generate API Key”

    2. Add a name (e.g., “Prod Server”)

    3. Complete the OTP

    4. Copy the key and store it securely — this is the only time you’ll see it.

  4. To delete a key, simply click the trash icon next to the key name. The key is immediately revoked.

💡 Tip: Use different keys for different environments or systems to isolate access and simplify management.

How to Update API Requests to Use API Key

Recommended Migration Steps

To start using your API key:

  • Replace the Authorization header in your requests:

Previously, you may have used:

This is the only change needed in your API requests — all endpoints and functionality remain the same.

Disabling Legacy Bearer Token Auth

If you’d like to enforce the new authentication method and disable Bearer tokens:

  1. Go to the "API KEY" tab in your Partner Dashboard.

  2. Toggle “Legacy Token Authentication” to OFF. This will immediately block all Bearer token-based access.

Note: Once disabled, Bearer tokens will no longer work. Make sure all systems have switched to API keys before turning it off.

You can enable the Legacy Token Authentication again in the Integration tab of your Partner Dashboard.


FAQ's

What’s changing with Partner API authentication?

We’re introducing API keys as a new authentication method. API key auth is enabled by default, and you can manage keys directly in the Partner Dashboard. The old Bearer token method is still available but can be disabled.

Why should I switch to API key authentication?

API keys offer:

  • More control (you can create multiple keys and revoke them individually).

  • Better security (future security features will be API key-based).

  • Easier management from the dashboard.

Can I disable the old Bearer token authentication?

Yes! In the Partner Dashboard, there’s an option to disable Bearer token auth. Once disabled, only API key authentication will work.

Can I have multiple API keys?

Yes, you can generate multiple keys and revoke them individually.

What happens if I delete an API key?

Any API requests using that key will stop working immediately. Make sure to update your integrations before deleting keys.

Will future security features require API keys?

Yes. API keys will support upcoming security features like IP restrictions, access controls, and monitoring.

What if I forget to update my authentication method?

For now, Bearer token authentication will continue to work, but we highly recommend switching to API keys as soon as possible.

Once I’ve disabled Bearer Token, can I enable it again?

Yes, Legacy Bearer Token authentication can be enabled in the Partner Dashboard. Go the the Integration tab, and enable the Legacy Authentication.


By switching to API key authentication, you gain stronger control over your integrations and set yourself up for upcoming improvements to API security and observability.

Need More Help?

Reach out to our Support Team.

Last updated 1 month ago

Was this helpful?

# ✅ New method

curl -X GET "https://hub.360Dialog.io/api/v2/..." \
  -H "x-api-key: YOUR_API_KEY_HERE"
# ❌ Legacy method

curl -X GET "https://hub.360Dialog.io/api/v2/..." \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN_HERE"
  1. Integrations & API Development
  2. Integration Best Practices

API Key Authentication for the Partner API

PreviousHost Your Own Embedded SignupNextAPI Reference
  • Why We Are Moving to API Key Authentication
  • How This Affects You
  • How to Create, View, and Delete API Keys
  • How to Update API Requests to Use API Key
  • Disabling Legacy Bearer Token Auth
  • FAQ's
  • Need More Help?