Session endpoints

A WaGo session is one WhatsApp device connection controlled by one session token. Most application endpoints require the session to be connected and logged in.

Lifecycle

Admin creates or already has a token.
Client calls POST /session/connect with that token.
If the device is not logged in, client calls GET /session/qr.
User scans the QR code in WhatsApp linked devices.
Client polls GET /session/status until Connected and LoggedIn are true.
The same token can later restore the session by calling POST /session/connect again.

Endpoints

Endpoint	Auth	Body	Use
`POST /session/init`	`admintoken`	`Name`, `Token`, `Os`	Create a token row in the local database.
`POST /session/connect`	`token`	`Subscribe`, `Immediate`, `Phone`	Start or restore a WhatsApp client for the token.
`POST /session/pair`	`token`	`Subscribe`, `Immediate`, `Phone`	Connect using a WhatsApp pair code flow.
`GET /session/qr`	`token`	none	Return the current QR code as a data URL.
`GET /session/status`	`token`	none	Return connection and login state.
`POST /session/disconnect`	`token`	none	Disconnect from WhatsApp without logging out the linked device.
`POST /session/logout`	`token`	none	Log out from WhatsApp. A future connection requires scanning again.
`GET /session/all`	`admintoken`	none	List stored users, tokens, webhooks, and JIDs.
`POST /session/delete`	`admintoken` plus target `token`	none	Delete a token and local session files.
`POST /session/scanned`	`admintoken`	none	Return sessions that already have a JID stored.

Create a token

For the full admin provisioning flow, see Create a token.

curl -X POST http://localhost:1337/session/init \
  -H "Content-Type: application/json" \
  -H "admintoken: YOUR_ADMIN_TOKEN" \
  -d '{
    "Name": "customer-1",
    "Token": "customer-token-1",
    "Os": "linux"
  }'

Token is stored after spaces are removed. Keep it stable because it identifies the session in later requests.

Connect a token

curl -X POST http://localhost:1337/session/connect \
  -H "Content-Type: application/json" \
  -H "token: YOUR_TOKEN" \
  -d '{
    "Subscribe": ["Message", "ReadReceipt", "Presence", "Call"],
    "Immediate": true,
    "Phone": ""
  }'

Subscribe controls webhook event classes. Valid values in code are:

Message, ReadReceipt, Presence, HistorySync, ChatPresence, Call, All, Newsletter, LoggedOut

Use ["All"] while testing. In production, subscribe only to events your app uses.

Scan QR

curl -H "token: YOUR_TOKEN" \
  http://localhost:1337/session/qr

Render QRCode as an image. If the session is already logged in, the endpoint returns an error instead of a QR.

Restore a session

To restore after process restart, call POST /session/connect with the same token. If WhatsApp credentials are still valid on disk, WaGo reconnects without a QR scan.

Disconnect vs logout

Action	Keeps WhatsApp linked?	Next connect needs QR?
`POST /session/disconnect`	Yes	Usually no
`POST /session/logout`	No	Yes
`POST /session/delete`	Removes local token/session	Token must be recreated

Use disconnect for maintenance. Use logout when the user wants to unlink the device.

​Lifecycle

​Endpoints

​Create a token

​Connect a token

​Scan QR

​Restore a session

​Disconnect vs logout