Skip to content
Plixa
English
Get started

Developers

Build on top of Plixa in minutes.

Plixa is API-first. Generate a token in the panel, POST a message, get every inbound via signed webhooks. No SDK to install, no proprietary protocol — just JSON, REST, and HMAC.

API access is included on Professional and Business plans. Issue tokens from /api-tokens in the panel.

Send a message

POST a phone number and a body. We resolve or open the conversation, push to WhatsApp, and return the queued message.

POST https://api.plixa.app/v1/messages/send

  • · Requires a token with the `write` ability.
  • · Rate limit: 100 requests / minute per token.
Send with curl 
curl -X POST https://api.plixa.app/v1/messages/send \
  -H "Authorization: Bearer plixa_pat_…" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "5511999999999",
    "body": "Hi Lucia! Your order shipped"
  }'
Send with Node.js 
await fetch('https://api.plixa.app/v1/messages/send', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.PLIXA_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    phone: '5511999999999',
    body: 'Hi Lucia! Your order shipped',
  }),
})

Receive every message

Register a webhook endpoint in the panel. Plixa POSTs every inbound (and outbound, if you want) to your URL within seconds.

Configured at https://app.plixa.app/webhooks

  • · Events: message.inbound, message.outbound, conversation.created, conversation.updated, conversation.deleted.
  • · Retries: exponential backoff (1m, 5m, 30m, 2h, 12h), 5 attempts total. A 410 / 4xx response stops the retry chain.
Verify the signature

Every delivery carries an X-Plixa-Signature header. Re-hash the raw body with your endpoint secret and compare in constant time.

X-Plixa-Signature: sha256=<hmac>

Verify a webhook (Node.js / Express) 
import crypto from 'crypto'

app.post('/plixa-webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', process.env.PLIXA_WEBHOOK_SECRET)
    .update(req.body)
    .digest('hex')

  const provided = req.header('X-Plixa-Signature') ?? ''
  if (!crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(provided))) {
    return res.status(401).send('bad signature')
  }

  const event = JSON.parse(req.body.toString())
  // event.event, event.data — handle and respond 2xx within 10s.
  res.status(204).end()
})
Verify a webhook (PHP / Laravel) 
Route::post('/plixa-webhook', function (Request $request) {
    $body = $request->getContent();
    $expected = 'sha256='.hash_hmac('sha256', $body, env('PLIXA_WEBHOOK_SECRET'));
    if (! hash_equals($expected, (string) $request->header('X-Plixa-Signature'))) {
        abort(401, 'bad signature');
    }

    $event = json_decode($body, true);
    // $event['event'], $event['data'] — handle and respond 2xx in <10s.

    return response()->noContent();
});

Full reference

Every endpoint (panel + external) is documented with the request schema, examples, and response envelopes.

Open the /v1/docs reference

Get started

Start automating WhatsApp today.

Connect your number in five minutes and let AI handle the first reply. Free for 7 days on Professional — no credit card, cancel anytime.

Start free See pricing

No credit card required.