Platform
REST API with scoped keys for every endpoint. Send messages, manage contacts, trigger campaigns, query analytics — all via clean JSON APIs. Build your own dashboards.
API endpoints
Full REST coverage
Permissions
Least privilege
Anytime
Zero-downtime keys
Every call
Full traceability
POST a JSON message to /api/messages and Edesy delivers it via WhatsApp. Templates, freeform, media, carousels — all supported.
Create, read, update, delete contacts. Bulk import via API. Update custom fields. Manage opt-in / opt-out programmatically.
Launch a scheduled campaign via API. Useful for triggering from external systems (e.g. CRM tags a customer as 'won' → trigger thank-you campaign).
Read bot configurations, update prompts, deploy new versions — all via API. Useful for staging → production deployments.
Pull campaign metrics, conversation stats, agent performance into your own BI tool. Hourly cron jobs feeding your dashboards.
Each API key has its own permission scope. Generate read-only keys for reporting, write-only keys for ingestion, full keys for admin tooling.
Workspace Settings → API Keys → Create. Pick a name (used in audit logs), pick a scope (e.g. 'contacts:read', 'messages:write'), and optionally set an expiration date.
Set the Authorization header: 'Bearer YOUR_API_KEY'. All API endpoints accept this; some endpoints (webhooks) use signed payload verification instead.
Standard JSON over HTTPS. GET to read, POST to create, PATCH to update, DELETE to remove. Idempotency keys supported for retry safety.
JSON responses with HTTP status codes. 2xx = success. 4xx = client error (bad request, unauthorized, not found). 5xx = server error (retry-safe).
API dashboard shows per-key request count, error rate, latency. Audit log shows every call with timestamp, endpoint, and result.
| Feature | Edesy | Typical platform |
|---|---|---|
| REST API access | Premium tier | |
| Endpoint coverage | 150+ | 20–30 |
| Per-key scoping | ||
| Rate limit transparency | Hidden | |
| Idempotency keys | ||
| OpenAPI / Swagger docs | PDF docs only | |
| Sandbox / test environment | ||
| API call audit log |
Salesforce tags a contact as 'won' → webhook fires → your script calls Edesy API to add the contact to a 'New Customer' list, which triggers a welcome drip.
Marketing automation across stacks
Internal dashboard pulls campaign metrics hourly via API, displays in Looker/Metabase alongside other business KPIs.
Single source of truth for cross-team metrics
Agency builds a white-labeled client portal that wraps Edesy APIs — clients see only their WhatsApp metrics in agency-branded UI.
Agency premium pricing supported by custom UI
Order placed in Shopify → script calls Edesy API to add post-purchase contact to nurture list with custom field set.
Cross-system orchestration without Zapier dependency
Daily cron job syncs new customers from your data warehouse to Edesy contact lists. Custom fields keep customer data fresh.
Contact lists always reflect latest customer state
Monthly script exports all WhatsApp conversations to your compliance archive for regulatory storage requirements.
Regulatory obligations met automatically
There's a temptation for SaaS vendors to ship features behind walls — APIs only for premium tiers, limited endpoint coverage, opaque rate limits that surprise developers in production. The strategy makes sense as a pricing lever but hurts long-term: it pushes the most technical, most influential customers to build workarounds (or switch to a more open competitor). Edesy takes the opposite approach. Every feature accessible in the UI is accessible via API, with the same data model and same naming conventions.
The API surface covers every major workflow: send messages, manage contacts (CRUD + bulk import), launch and monitor campaigns, configure and version bots, query analytics, manage integrations, and admin operations like role assignment and workspace settings. The endpoint count is 150+ and growing. We follow REST conventions strictly — GET to read, POST to create, PATCH to update, DELETE to remove — so any developer who's used a modern API can start integrating without reading manuals.
Per-key scoping is the security feature most developers don't think they care about until they're managing 10 integrations. The naive approach is one all-powerful API key per workspace; the secure approach is one scoped key per integration, with permissions limited to what that integration actually needs. Edesy makes the secure approach the easy approach — generate a key, click checkboxes for the scopes it needs, you're done. If that key leaks, the blast radius is contained to whatever scopes you granted.
Idempotency keys are the underrated feature that makes API integrations actually reliable in production. When you POST a message with the same idempotency key twice (because your network retried, or your script crashed and re-ran), Edesy returns the original result instead of creating a duplicate. No phantom messages, no double-charges, no support tickets from confused customers. Most platforms don't support this — Edesy does, and it's a tiny detail that saves hundreds of hours of debugging over the lifetime of a non-trivial integration.
Free workspace, full API access from day one, 150+ endpoints, Node.js SDK. Most integrations ship in under a day.