These two terms scare non-technical owners, but the idea is friendly. They’re only relevant if you want WhatsApp to talk to your own software — otherwise you can skip them entirely.
API key vs webhook: the difference
They work in opposite directions:
| API key | Webhook URL | |
|---|---|---|
| Direction | Your app → WhatsApp | WhatsApp → your app |
| Purpose | Send messages | Get notified of events |
| Analogy | A key to send | A doorbell that rings |
Example: an online store uses its API key to send “Order shipped” automatically, and a webhook so that when a customer replies “Where’s my order?”, the store’s system instantly knows.
When you actually need them
Honestly? Most businesses don’t. If you run everything from the ChatMitra dashboard, you never touch these. You only need them to:
- Send messages from your own app or backend.
- Sync WhatsApp events into a CRM or database.
- Build a custom workflow or automation.
Using them safely
Your server --(API key)--> ChatMitra --> WhatsApp
Your server <--(webhook)-- ChatMitra <-- WhatsApp event- Keep the API key secret. Store it on your server, never in website/browser code.
- Revoke and regenerate if a key leaks — anyone with it can send messages on your bill.
- Reply to webhooks fast with a 200 OK; do heavy work afterward.
For code examples in five languages and payload details, see the Webhook & API feature and the developer docs.