Waza API uses API keys to authenticate requests. All requests must be made over HTTPS and authenticated by passing your SANDBOX or PROD API key in the header. You can view and manage your API keys on the Waza Dashboard.

Here's the format for authenticating requests to Waza:

curl --location --request GET '<base_url>/v1/api/v1/beneficiaries' \
--header 'waza-x-key;'

API keys must always be kept secret

They should not be in your client-side code or checked into your application's code or committed to git.

All API requests must be made over HTTPS.



An invalid, missing or expired api key will result in HTTP 401 Unauthorized responses.