Overview
Send a Meta-approved v2 template to a phone number. Unlike v1 send (contact_id), v2 send accepts to and country_code, optional body_params for {{N}} placeholders, dynamic URL or COPY_CODE buttons, per-recipient header media, and otp_code for AUTHENTICATION templates. Endpoint: POST /api/v2/whatsapp/templates/{TEMPLATE_ID}/send — no trailing slash.
POST /api/v2/whatsapp/templates/{TEMPLATE_ID}/send
Authenticate with Authorization: Bearer <token>. Send JSON body with to, country_code, and optional fields below.
curl --request POST \
'https://app.buzzbip.com/api/v2/whatsapp/templates/1289/send' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR_JWT' \
--data '{
"to": "21696816277",
"country_code": "TN",
"body_params": ["Sam", "ORD-2026-00041"]
}'Usage notes
⚠️ Note: body_params count must exactly match the number of {{N}} placeholders in your template body. A mismatch returns HTTP 400. ⚠️ Note: otp_code cannot be combined with body_params or buttons. Use it only with AUTHENTICATION category templates.
v2 endpoints do not use trailing slashes. Use /api/v2/whatsapp/templates/{id}/send not /api/v2/whatsapp/templates/{id}/send/
Integration notes
When integrating the Buzzbip whatsapp endpoint into your application, treat https://app.buzzbip.com as the only production host. Obtain a JWT from POST /api/login_check and send Authorization: Bearer <token> on every request. Confirm User.hasApiAccess is enabled in Buzzbip Admin — without it, valid tokens still receive authorization errors. Parse JSend responses by reading status, message, and data together; do not rely on HTTP status codes alone. For ecommerce plugins, also send x-api-key, x-platform-type, and x-base-uri as described in the secret-key documentation. v2 WhatsApp routes do not use trailing slashes. Implement retries with exponential backoff when you encounter rate limits, and log full error bodies during development. Store credentials server-side, rotate secrets if exposed, and re-authenticate before the 3600-second JWT TTL expires in long-running workers. Queue bulk WhatsApp sends from your backend rather than client browsers. Test against a small set of contacts before enabling production campaigns.
Security
Security best practices for Buzzbip API clients include restricting API credentials to backend services, using TLS for every request, and monitoring failed authentication attempts. Separate staging and production Buzzbip accounts when possible so template tests do not message real customers. Document which templates and automations each integration triggers. When debugging, redact phone numbers and message bodies in application logs shared with third parties.
What's next?
Related pages: api/v2/whatsapp-media api/v2/whatsapp-templates guides/whatsapp-v2-use-cases guides/whatsapp-common-gotchas