Skip to main content
POST
/
api
/
profile
/
privacy
/
:instance
Update privacy
curl --request POST \
  --url https://api.example.com/api/profile/privacy/:instance \
  --header 'Content-Type: <content-type>' \
  --header 'token: <token>' \
  --data '
{
  "visibility": {},
  "privacy": {},
  "permissions": {}
}
'

Documentation Index

Fetch the complete documentation index at: https://docs.ryzeapi.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Auth: TokenAccount or TokenInstanceRate limit: Global (100/min) • Idempotent: yes (setting the same value is a no-op)

Description

Updates one or more privacy settings. Partial update, only the fields you send are changed. At least one of the three subsections (visibility, privacy, permissions) must be sent. The response returns the complete settings after the update.

Examples

Fully restrictive

Applies a closed-down privacy profile in a single call: hides lastSeen, restricts status / picture to contacts, turns off read receipts, and limits calls to known contacts. Each subsection sends one field, totaling several stanzas on WhatsApp. 
curl -X POST "https://ryzeapi.cloud/api/profile/privacy/$Instance_Name" \
  -H "token: $Token_Instance" \
  -H "Content-Type: application/json" \
  -d '{
    "visibility": {
      "lastSeen": "none",
      "status": "contacts",
      "profile": "contacts",
      "online": "match_last_seen"
    },
    "privacy": {
      "readReceipts": "none"
    },
    "permissions": {
      "callAdd": "known",
      "groupAdd": "contacts"
    }
  }'

Only groupAdd

Updates only permissions.groupAdd to contacts, preventing strangers from adding the account to groups. All other settings remain unchanged. 
curl -X POST "https://ryzeapi.cloud/api/profile/privacy/$Instance_Name" \
  -H "token: $Token_Instance" \
  -H "Content-Type: application/json" \
  -d '{
    "permissions": { "groupAdd": "contacts" }
  }'

Disable read receipts

Sets privacy.readReceipts to none to stop sending the “blue double check”. The account stops confirming reads, and also stops seeing other people’s confirmations (WhatsApp’s reciprocal effect). 
curl -X POST "https://ryzeapi.cloud/api/profile/privacy/$Instance_Name" \
  -H "token: $Token_Instance" \
  -H "Content-Type: application/json" \
  -d '{
    "privacy": { "readReceipts": "none" }
  }'

Only lastSeen and online

Hides lastSeen and ties online to the same level (match_last_seen). Result: nobody sees when the account was last online, nor whether it’s active right now. 
curl -X POST "https://ryzeapi.cloud/api/profile/privacy/$Instance_Name" \
  -H "token: $Token_Instance" \
  -H "Content-Type: application/json" \
  -d '{
    "visibility": {
      "lastSeen": "none",
      "online": "match_last_seen"
    }
  }'

Success response

After applying the updates, the handler re-runs GetPrivacySettings and returns the complete current snapshot in settings, grouped into visibility (lastSeen, status, profile, online), privacy (readReceipts), and permissions (callAdd, groupAdd). Use the response as the source of truth for the post-update state, it’s what WhatsApp confirmed, not just what you sent.
200 OK
{
  "success": true,
  "message": "Privacy settings updated successfully",
  "settings": {
    "visibility": {
      "lastSeen": "none",
      "status": "contacts",
      "profile": "contacts",
      "online": "match_last_seen"
    },
    "privacy": {
      "readReceipts": "none"
    },
    "permissions": {
      "callAdd": "known",
      "groupAdd": "contacts"
    }
  }
}

Path parameters

instance
string
required
Instance name.

Headers

token
string
required
TokenAccount or TokenInstance.
Content-Type
string
required
application/json

Request body

Each subsection is optional, but at least one must be present.
visibility
object
Subfields: lastSeen, status, profile, online.
privacy
object
Subfields: readReceipts.
permissions
object
Subfields: callAdd, groupAdd.

Accepted values per field

FieldValues
lastSeen / status / profileall / contacts / contact_blacklist / none
onlineall / match_last_seen
readReceiptsall / none
callAddall / known
groupAddall / contacts / contact_blacklist

Notes

Validation stops at the first error. If you send visibility.lastSeen = "X" (invalid) + visibility.status = "contacts" (valid), nothing is applied, the handler aborts on the first invalid field. Validate enums on the client before calling.
  • Operations are not transactional: if the third SetPrivacySetting fails, the first two have already been applied, the client gets a 500 but the partial state persists. Verify via GET after errors.
  • Each field triggers a separate stanza, an update with 7 fields makes 7 calls + 1 final GetPrivacySettings = 8 stanzas. Latency can add up.
  • The response always returns the complete current settings (not just the changed fields).

Errors

HTTPMessage
400At least one privacy setting must be provided
400Invalid lastSeen value: <value>. Valid values: all, contacts, contact_blacklist, none
400Invalid status value: <value>. Valid values: all, contacts, contact_blacklist, none
400Invalid profile value: <value>. Valid values: all, contacts, contact_blacklist, none
400Invalid online value: <value>. Valid values: all, match_last_seen
400Invalid readReceipts value: <value>. Valid values: all, none
400Invalid callAdd value: <value>. Valid values: all, known
400Invalid groupAdd value: <value>. Valid values: all, contacts, contact_blacklist
400Instance is not connected to WhatsApp
500failed to update <field> privacy: <reason>
Envelope: 
{
  "success": false,
  "error": { "message": "Invalid lastSeen value: everyone. Valid values: all, contacts, contact_blacklist, none" }
}