Skip to main content
Version: 2.0

Fetch Protected Media API

Overview

The Protected Media API is used to fetch protected media using a media token.
This endpoint is secured and requires a valid Bearer token in the request header along with a mediaToken query parameter.

Base URL

https://smartta.aclwhatsapp.com/ipm-api

Endpoint Details

Fetch Protected Media URL

/api/v2/protected/media

HTTP Method

GET

Authentication

This API uses Bearer Token Authentication.

Header

Header NameValue Format
AuthorizationBearer <TOKEN>

Query Parameters

ParameterTypeRequiredDescription
mediaTokenStringYesJWT token containing media metadata and expiry

Sample Curl

curl --location 'https://smartta.aclwhatsapp.com/ipm-api/api/v2/protected/media?mediaToken=<mediaToken>' \
--header 'Authorization: Bearer <Keycloak Token>'

Response

  • Success Response — Media Stream

    • If the media is successfully resolved and streamed, the API returns raw media bytes.
    • HTTP Status 200 OK
    • Response Body Binary Media Stream
      • The response body contains raw bytes of the requested media (image/video/audio).
      • No JSON wrapper is returned in this case.

  • Error Response

    • 401 Unauthorized
    • Missing or invalid Authorization header token
    {
    "code": "401",
    "title": "Request Authentication Failed! Bearer token is not valid",
    "details": "Full authentication is required to access this resource"
    }
    {
    "code": "401",
    "title": "Request Authentication Failed! Bearer token is not valid",
    "details": "An error occurred while attempting to decode the Jwt: Jwt expired at 2026-01-05T22:02:05Z"
    }
    {
    "code": "401",
    "title": "Request Authentication Failed! Bearer token is not valid",
    "details": "Invalid unsecured/JWS/JWE header: Invalid JSON object"
    }
    • Missing or invalid mediaToken
    {
    "code": 401,
    "error": "Invalid sender number",
    "error_description": "Not authorized to send message using this sender"
    }