User-facing API (most endpoints)
Send the Clerk session JWT:https://api-v2.watchcollect.com in production.
WAHA webhook (server-to-server)
WAHA posts inbound WhatsApp traffic toPOST /v2/webhooks/waha. That route does not use Clerk. Instead WAHA sends:
userId (the Clerk user id) as a query parameter so events attach to the right tenant.
Configure URL, secret, and query usage exactly as in WAHA webhook. Normal mobile/web clients never send this secret.
Machine-readable errors
Error responses are JSON objects whose fields are described under shared schemas in the API reference (for exampleErrorResponse). Prefer inspecting status and parsing the documented body shape rather than matching raw strings.