A

Reference

Buzpo documentation.

A developer-focused guide that mirrors the Baileys runtime conventions. Authentication, sessions, sending, webhooks — all in one place.

Quickstart

Buzpo wraps the same Baileys WebSocket layer that Baileys uses (@whiskeysockets/baileys 7.0.0-rc.9), adding session management, API keys, webhooks, and a beautiful UI on top.

# 1. Create a session
curl -X POST http://localhost:3010/api/sessions \
  -H "Content-Type: application/json" \
  -d '{ "name": "support-line" }'

# 2. Trigger QR (and scan in WhatsApp -> Linked Devices)
curl -X POST http://localhost:3010/api/sessions/<id>/qr

# 3. Mint an API key
curl -X POST http://localhost:3010/api/api-keys \
  -H "Content-Type: application/json" \
  -d '{ "label": "production" }'

# 4. Send your first message
curl -X POST http://localhost:3010/api/v1/messages \
  -H "Authorization: Bearer wsk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "to": "+15551234567", "text": "Hello from buzpo" }'

Sessions

Each session represents one linked WhatsApp number. State is persisted to ~/.buzpo/auth/<sessionId>/ — exactly mirroring the Baileys layout described in docs.Baileys.ai/channels/whatsapp.

GET/api/sessions

List all sessions and their live status

POST/api/sessions

Create a new session

{ "name": "support-line", "webhookUrl": "https://…", "dmPolicy": "pairing" }
POST/api/sessions/:id/qr

Start (or resume) a session and return a QR data URL if pairing is required. Append `?refresh=1` to force a new socket.

DELETE/api/sessions/:id

Stop a session and clear its credentials

Sending messages

The send signature mirrors Baileys's sendMessageWhatsApp in extensions/whatsapp/src/send.ts.

POST/api/v1/messages

Send text or media. Authenticate with a Bearer API key.

{
  "to": "+15551234567",
  "text": "Order shipped",
  "mediaUrl": "https://cdn.acme/receipt.png",
  "mediaType": "image",
  "caption": "Order #4821",
  "replyToId": "wa-msg-id",
  "sessionId": "s_abc..."
}

Internal helper for your dashboard: POST /api/sessions/:id/send?internal=1 bypasses key auth so the UI can compose messages directly.

Webhooks

Configure a per-session webhook URL and Buzpo will deliver signed POSTs for every event listed below.

  • qr_updated
  • session.connected
  • session.disconnected
  • session.logged_out
  • message_received
  • message_sent
  • message_failed

API keys

Keys are SHA-256 hashed at rest. The plaintext value is shown once, immediately after creation.

POST/api/api-keys

Mint a new key

{ "label": "production" }
DELETE/api/api-keys?id=<keyId>

Revoke a key (immediate)

Architecture

Buzpo sits on top of three primitives, each lifted (in spirit) from the Baileys codebase you can read at github.com/Baileys/Baileys.

  • Login

    QR pairing

    Mirrors `startWebLoginWithQr` — auto QR refresh, login race resolver.

  • Session

    Connection controller

    Reconnect watchdog, credentials persistence, multi-account fan-out.

  • Outbound

    Send pipeline

    Markdown → WhatsApp formatting, media optimisation, reply quoting.