Send and receive messages on all your connected channels — WhatsApp, Telegram, Messenger, Instagram, TikTok — from your own systems, receive events by webhook, and even plug in your own AI key.
Create API keys from your dashboard: Messaging API page (each key is an independent instance with its own allowed channels and webhook). Keys are shown once — store them securely.
Base URL: https://thikaa.com/<your-store>/api/messaging/ Authorization: Bearer <api_key> (or X-API-Key: <api_key>)
POST /api/messaging/?action=send
| Field | Required | Description |
|---|---|---|
channel | ✓ | One of: wd (WhatsApp QR) · wa (WhatsApp API) · tg · fb · ig · tt |
to | ✓ | Recipient — phone number with country code for WhatsApp, platform user id otherwise |
message | ✓ | Text to send (UTF-8, Arabic fully supported) |
media_url | — | Optional public HTTPS URL of an image / document to attach |
media_type | — | Hint like image, document |
curl -X POST "https://thikaa.com/<your-store>/api/messaging/?action=send" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"channel": "wd",
"to": "9647701234567",
"message": "تحديث الوظائف الأسبوعي 👇 ..."
}'
{ "ok": true, "message_id": "...", "channel": "wd", "to": "9647701234567" }
GET /api/messaging/?action=status — returns the key’s instance status, allowed channels and current balance.
curl "https://thikaa.com/<your-store>/api/messaging/?action=status" \ -H "Authorization: Bearer YOUR_API_KEY"
Set a webhook URL per API key (Messaging API page). Every inbound customer message on the key’s channels is POSTed to your endpoint as JSON, signed with your key’s secret:
POST <your-webhook-url>
Content-Type: application/json
X-Thikaa-Event: message.received
X-Thikaa-Signature: sha256=<hmac_sha256(body, webhook_secret)>
{ "event": "message.received", "instance_id": "...", "data": { ... } }
$body = file_get_contents('php://input');
$sig = $_SERVER['HTTP_X_THIKAA_SIGNATURE'] ?? '';
$ok = hash_equals('sha256=' . hash_hmac('sha256', $body, $secret), $sig);
const crypto = require('crypto');
const expected = 'sha256=' + crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
const ok = crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(req.headers['x-thikaa-signature'] || ''));
Separately from the Messaging API, the platform can POST admin-level events to a single URL (Settings → Webhooks). Useful events include:
| Event | Fires when |
|---|---|
message-sent | a message is sent in any conversation |
bot-message | the AI bot replies |
new-messages | new inbound customer messages |
new-conversation / new-conversation-created | a new conversation starts |
conversation-status-updated | a conversation is resolved / archived |
sms-sent · email-sent | an SMS / email notification goes out |
You can run your bots on your own AI account instead of platform credit: connect an OpenAI, Google Gemini or Anthropic Claude API key from the AI Providers page in your dashboard, then select that connection in your bot’s model settings. Your key is stored per-tenant and used only for your own bots.
| HTTP | Error | Meaning |
|---|---|---|
| 401 | missing_api_key / invalid_api_key | Key absent, disabled or revoked |
| 402 | insufficient_balance | Account out of credit / inactive |
| 403 | channel_not_allowed / plan_not_eligible | Key not permitted for this channel, or plan below Professional |
| 405 | method_not_allowed | Wrong HTTP method |
| 429 | — | Per-key rate limit exceeded (default 60 requests/minute) |
Questions? Message us on WhatsApp from the site — a human (or our own bot 😄) will help.