Build on WASSIIT

Secure messaging infrastructure for government agencies and professional services in Morocco. Send messages, share documents, and make calls through a simple REST API.

View API DocsRequest Partner Access

Everything you need to communicate

Full communication capabilities via a clean REST API. Messages are delivered through end-to-end encrypted infrastructure.

💬

Text Messages

Send text messages to any WASSIIT user by phone number with delivery tracking.

POST /api/partner/v1/messages
{
  "to": "+212600000000",
  "text": "Votre RDV est confirmé"
}
🎤

Audio Messages

Send voice notes and audio files via multipart upload.

POST /api/partner/v1/messages/audio
Content-Type: multipart/form-data

to: +212600000000
file: <audio.ogg>
📄

Documents

Share PDF, images, and any file type with users securely.

POST /api/partner/v1/messages/document
Content-Type: multipart/form-data

to: +212600000000
file: <document.pdf>
📞

Voice & Video Calls

Initiate secure voice and video calls via WebRTC.

POST /api/partner/v1/calls
{
  "to": "+212600000000",
  "type": "voice"
}

How it works

1

Get Your API Key

Register as a partner through our admin process. Receive a scoped API key with permissions tailored to your use case.

2

Integrate

Simple REST API with JSON payloads. Send your first message in under 5 minutes. Full OpenAPI specification available.

3

Go Live

Messages are delivered through WASSIIT's end-to-end encrypted infrastructure. Real-time delivery tracking and webhook notifications.

Authentication

API Key Authentication

All Partner API requests require an API key passed in the X-API-Key header. Keys are generated when a partner is created and can be rotated via the admin endpoint.

Example Request
curl -X POST https://api.wassiit.ma/api/partner/v1/messages \
  -H "X-API-Key: wst_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"to": "+212600000000", "text": "Hello from WASSIIT!"}'

Permissions

Each API key has scoped permissions. Requests to endpoints outside your permission set will return 403 Forbidden.

messages.send
audio.send
files.send
calls.initiate
conversations.read
webhooks.manage

Rate Limiting

Each partner has a configurable rate limit (default: 100 requests/minute). Exceeding the limit returns 429 Too Many Requests.

Webhook Signing

Webhook payloads are signed with HMAC-SHA256 using your webhook secret. Verify the X-WASSIIT-Signature header to confirm authenticity.

Signature Verification (Python)
import hmac, hashlib

def verify_signature(body: bytes, secret: str, signature: str) -> bool:
    expected = hmac.new(
        secret.encode(), body, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

API Reference

Complete reference for all Partner API endpoints. Contact us for API access

Messages

Ready to integrate?

Contact our partnerships team to get your API credentials and start building on WASSIIT.

Contact PartnershipsRequest API Access