Personal AI Agent

Connect your own WhatsApp number to your own AI agent. WhatsApp your agent; it WhatsApps you back, all through HookMyApp.

What You Need

  • A HookMyApp account
  • A connected WhatsApp number (sandbox for testing, your own WABA for production)
  • An access token and phone number ID for that number
  • An agent runtime that can read incoming messages and send outgoing replies

If your number is already connected, skip to Configure Your Agent.

Connect A Number

For testing, start a sandbox session pinned to your phone:

hookmyapp sandbox start --phone +15551234567

For production, connect your own WhatsApp Business number through Meta's embedded signup:

hookmyapp channels connect

See Connect WABA for the full embedded-signup flow.

Configure Your Agent

Pull credentials into a .env file your agent runtime can load.

For a sandbox session:

hookmyapp sandbox env --write .env

For a connected production WABA:

hookmyapp env <waba-id> --write .env

Your agent reads four values:

  • WHATSAPP_API_URL: sandbox proxy URL or https://graph.facebook.com/v24.0 for production
  • WHATSAPP_ACCESS_TOKEN: Bearer token for the Graph-shape POST
  • WHATSAPP_PHONE_NUMBER_ID: the WhatsApp number your agent sends from
  • VERIFY_TOKEN: HMAC secret for verifying inbound webhook signatures

The receiver shape is identical between sandbox and production. Only those four values change.

What Your Agent Can Do

Your agent reads inbound webhooks (text, media, button replies) and POSTs outbound messages using the same Meta Graph shape. The CLI gives it operational access from the terminal.

Send Messages

POST to ${WHATSAPP_API_URL}/${WHATSAPP_PHONE_NUMBER_ID}/messages with a Bearer token. See Send Messages for the message types.

Listen To Conversations

For local development, run a tunnel so inbound webhooks reach your agent runtime:

hookmyapp sandbox listen

For production, set a public webhook URL Meta calls when messages arrive:

hookmyapp webhook set <waba-id> \
  --url https://your-agent.example.com/webhook \
  --verify-token $(openssl rand -hex 32)

Verify Signatures

Every forwarded webhook arrives with X-HookMyApp-Signature-256: sha256=<hex> (HMAC-SHA256 over the raw body, key = VERIFY_TOKEN). Your agent rejects mismatches with 401. See Receive Webhooks for the full algorithm.

Bridges And Examples

The Webhook Starter Kit ships a working Node/Express receiver you can drop your agent runtime into.

For other runtimes (Python, Go, Rust, etc.), use the same env values and adapt the transport on your side.

Next Steps

  • Build With AI: Use Cursor, Codex, or Claude Code to wire all this for you.
  • CLI: Command reference for everything above.
  • Send Messages: Outbound message types.
  • Receive Webhooks: Inbound webhook handling and signature verification.