Device Onboarding and Session Control

Provision projects and devices through Dashboard Mantap!, then run high-volume runtime messaging directly through WA Gateway.

Who Owns What in Device Lifecycle

  • Use Dashboard Mantap! for setup actions: create project, rotate/reveal API key, create device, disconnect, regenerate QR.
  • Use this page as technical reference for underlying WA Gateway device lifecycle behavior.
  • For internal Onebrick operation through Mantul, engineer calls with device_id; app token and project mapping are resolved by backend services.

Runtime Device Endpoints (Technical Reference)

  • POST /devices - create device and generate QR.
  • GET /devices - list devices for current app.
  • POST /devices/{device_id}/qr - regenerate QR (when not connected).
  • POST /devices/{device_id}/disconnect - disconnect current session.
  • DELETE /devices/{device_id} - destroy device and archive related activity.

Direct Integration Prerequisites

  • Base URL: https://wa.onebrick.io
  • Headers for direct runtime calls: Authorization: Bearer <app_token>
  • For Mantap internal management, app token is handled by backend managed-key flow; do not inject token manually from browser UI.
  • Device name must be unique within the same app while the device is active.
  • QR pairing must complete before message send and runtime queries become useful.

Fastest Safe Path to a Connected Device

  1. Create device.
  2. Scan the QR quickly before expiry.
  3. Wait for device_connected webhook event.
  4. Start using /messages and consume webhook events (message and receipt are sent automatically after runtime activity).

Copy-Paste Device Flow

Create device

curl -X POST "https://wa.onebrick.io/devices" \
  -H "Authorization: Bearer APP_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "device_name": "Customer Service Main"
  }'

List devices

curl -X GET "https://wa.onebrick.io/devices" \
  -H "Authorization: Bearer APP_TOKEN"

Regenerate QR after disconnect or expiry

curl -X POST "https://wa.onebrick.io/devices/DEVICE_ID/qr" \
  -H "Authorization: Bearer APP_TOKEN"

Status States You Should Monitor

Common status values in lifecycle payloads: qr_generated, connected, disconnected, destroyed, and expired.

If QR regeneration returns conflict, the previous QR is still active or the device is still connected; disconnect first or wait until expiry.

Connection sanity check order: gateway /health -> device status connected -> message send retry -> disconnect + relink if still failing.

Internal endpoints for device lifecycle are protected with whitelist checks for approved Onebrick hosts/IP ranges and trusted internal sources.

That whitelist scope is for internal device-control routes only; webhook callback receiver still needs its own signature validation and optional ingress source filtering.