Authentication

API Credentials
Public Key
Secret Key
Summary

API Credentials

Unlike Z-API which uses the Client-Token header, works with a key pair: Public Key and Secret Key. To generate your credentials, go to the Security menu in the dashboard: Security.

Public Key

The Public Key is used exclusively by the channel connection SDK. With it, you can connect channels (such as WhatsApp, Telegram, etc.) directly within your system, without needing to access the dashboard.

The Public Key can be exposed in your application’s frontend, as it has limited permissions for channel connection only.

Example usage with the SDK:

import { HubMessage } from '@hubmessage/connect';

const hub = new HubMessage({
  publicKey: 'YOUR_PUBLIC_KEY'
});

Install the SDK via npm: @hubmessage/connect

Secret Key

The Secret Key is used for authentication in APIs. It must be sent in the Authorization header as a Bearer token.

The Secret Key must never be exposed in the frontend. Use it only in your application’s backend.

Example usage in API calls:

curl -X POST https://zapi.hubmessage.io/channels/YOUR_CHANNEL/token/YOUR_TOKEN/send-text \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_SECRET_KEY" \
  -d '{"phone": "5511999999999", "message": "Hello!"}'

Summary

Key	Usage	Can expose in frontend?
Public Key	Channel connection SDK	Yes
Secret Key	API calls (`Authorization` header)	No, backend only

Z-API Compatibility Official API Limitations

⌘I

Introduction

Messages

API Credentials

Public Key

Secret Key

Summary

Introduction

Messages

​API Credentials

​Public Key

​Secret Key

​Summary

API Credentials

Public Key

Secret Key

Summary