WhatsApp Business Platform > On-Premises API > Reference

We are sunsetting On-Premises API. Refer to our On-Premises API Sunset document for details, and to learn how to migrate to our next-generation Cloud API.

External

/v1/certificates/external

Use this edge to upload, retrieve, delete, and reset your Certificate Authority (CA) Certificates.

Before You Start

You must use an admin account to upload and delete all certificates.

Retrieving

Make GET calls to this endpoint to retrieve a CA certificate stored in the WhatsApp Business API client.

Example

Request:

GET /v1/certificates/external/ca

Response:

Content-Type: text/plain
Content-Length: content-size

certificate

If a CA certificate is not found, then a 404 response code is returned with no body.

Uploading

Make POST calls to upload a CA certificate. Make sure that the uploaded certificate contains the following sections in one file and in the same order as displayed here:

Private key
Certificate
One or more intermediate CA certificates — The WhatsApp Business API client needs at least one intermediate CA certificate, otherwise, upload fails.

Example

To upload the certificate to WhatsApp Business API client, use the following API request, which contains the Content-Type of text/plain.

POST /v1/certificates/external
  Content-Type: text/plain
  Content-Length: content-size

certificate

If using cURL, the command looks like this:

curl -X POST \
  https://your-webapp-hostname:your-webapp-port/v1/certificates/external \
  -H 'Authorization: Bearer your-auth-token' \
  -H 'Content-Type: text/plain' \
  --data-binary @your-path-to-certificate.pem

If a certificate already exists, it is overwritten. You must restart the web server, that is, all Webapp container instances, once the certificate is uploaded.

You should be extremely cautious to only update the certificate with a valid (i.e., proper & correct) certificate. Otherwise, the web server fails to restart (as the API endpoint is down) and requires manual intervention to recover from the situation.

The response to your API call looks like this:

null

Resetting

When uploading a CA certificate to the WhatsApp Business API client, if the certificate is invalid for some reason, the Webapp containers will fail to start on reboot as the API endpoint will be down. To recover from this situation, you need to drop the certs database table.

To drop the certs database table:

Stop the Webapp container:
```
docker stop your-webapp-container-id
```

Connect to MySQL via Docker in the command line:

docker exec -it your-mysql-container-id mysql -uroot -p

Enter your MySQL password when prompted (as per mysql.conf).
Check whether the certs table exists:
```
show tables in waweb;
```
Drop the certs table:
```
drop table waweb.certs;
```
Exit MySQL:
```
exit;
```
Restart the Webapp container:
```
docker restart your-webapp-container-id
```
Log into MySQL again using above steps to make sure the certs table now exists.

Deleting

Deleting certificates is not supported. We could support this in the future if there is a use case we have overlooked.