The WhatsApp Marketing product provides conversational messages, allowing users to initiate conversations with businesses after the business has sent an initial message. To create a conversational flow, one of the ways is to integrate a bot to reply to users' WhatsApp messages.
You can send media and text content using this message type.
Refer to the visual below to see what the image type media message is displayed.
Endpoint and Headers
Visit our Postman collection to test this request.
Headers
| Header | Sample Value | Description |
|---|---|---|
| X-INS-AUTH-KEY | 1a2b3c4d5e6f | This key is required to authorize your request. Refer to API Authentication Tokens to generate your token. |
| Content-Type | application/json | This header specifies the media type of the resource. |
Body parameters
| Column | Description | Data Type | Required |
|---|---|---|---|
| messages | All messages are contained in the messages key. You can send multiple messages with a single request. | Array | Yes |
| phoneNumber | Phone number for the person you want to send a message to. | String | Yes |
| message | Message object | Object | Yes |
| type | Must be an “image” for this message type. | String | Yes |
| image | A media object of type image. Captions are not supported when used in a media template. | Object | Yes |
| link | The protocol and URL of the media to be sent. Use only with HTTP/HTTPS URLs. Supported file types are image/jpeg, image/png. Max: 5 MB. | URL | Yes, if there is no ID. |
| id | The media object ID. Do not use this field when the message type is set to text. | URL | Yes, if there is no link. |
| caption | Describes the specified image media. | String | No |
WhatsApp Status Callback
The Status Callback allows you to track the delivery status of your WhatsApp messages in real time. When you send a message, the system sends status updates to the API URL you’ve specified in the callback parameter. If you don't respond to code between 200 and 300, the system automatically retries the request up to 10 times following this schedule:| Retry Attempt | Time After First Attempt |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 2 minutes |
| 3rd retry | 3 minutes |
| 4th retry | 8 minutes |
| 5th retry | 13 minutes |
| 6th retry | 18 minutes |
| 7th retry | 28 minutes |
| 8th retry | 38 minutes |
| 9th retry | 48 minutes |
| 10th retry | 1 hour |
Sample Request
Below is a sample request to send a conversational WhatsApp image message with an optional caption.
curl --location 'https://whatsapp.useinsider.com/v1/conversational/send' \
--header 'Content-Type: application/json' \
--header 'x-ins-auth-key: INS.**************************' \
--data '{
"messages": [
{
"phoneNumber": "+1**********",
"message": {
"type": "image",
"image": {
"link": "{{IMAGE_URL}}",
"caption": "Media Message (Image)"
}
}
}
]
}'Sample Responses
One key information will be returned for each message to be sent. This key will be added to all events related to the message.
{
"keys": [
"whatsapp-*************************"
]
}403 Forbidden
This error occurs when requests are blocked by Cloudflare’s security mechanisms, which act as an additional protection layer for Insider’s infrastructure.
As part of this setup, Insider complies with Cloudflare’s automated security policies. In certain cases, these mechanisms may block specific User-Agent values or IP addresses.
If the client IP is denied or restricted, the API will return the following response:
{
"message": "ip-restricted",
"error": {
"message": "ip-restricted",
"code": 1088
}
}
Notes:
403 Forbidden error occurs when the IP address is not whitelisted for you.
Error code 1088 is specific to IP restriction errors.
How to Troubleshoot a 403 Forbidden Error
If you encounter a 403 Forbidden error when making API requests, for example, through the Conversational or Transactional API, please check the following:
Verify the User-Agent header used in your HTTP client (especially default or empty values such as Java’s default
User-Agent).Review blocked requests under Security > Events in your Cloudflare dashboard to identify whether they were rejected due to User-Agent or WAF rules.
For more detailed troubleshooting guidance and Cloudflare’s official documentation, refer to the following resources:
Limitations
- All functions must be executed with a simple HTTPS POST request.
- Only new WhatsApp messages can be sent via this API. No data can be retrieved.
- The API Key should be provided as the authorization key on the request header. If the key is incorrect, the operation will not be executed and an authorization error will return in the response.
- The rate limit is 10 requests per second.
The default limit shown here is a standard baseline. If your use case requires higher capacity, feel free to reach out to the Insider One team — we can adjust it to fit your needs.