Profile
Update privacy
Update privacy settings (last seen, online, picture, status, read receipts, calls, groups)
POST
Update privacy
Auth:
Envelope:
TokenAccount or TokenInstance • Rate limit: Global (100/min) • Idempotent: yes (setting the same value is a no-op)
Description
Updates one or more privacy settings. Partial update, only the fields you send are changed. At least one of the three subsections (visibility, privacy, permissions) must be sent. The response returns the complete settings after the update.
Examples
Fully restrictive
Applies a closed-down privacy profile in a single call: hideslastSeen, restricts status / picture to contacts, turns off read receipts, and limits calls to known contacts. Each subsection sends one field, totaling several stanzas on WhatsApp.
Only groupAdd
Updates onlypermissions.groupAdd to contacts, preventing strangers from adding the account to groups. All other settings remain unchanged.
Disable read receipts
Setsprivacy.readReceipts to none to stop sending the “blue double check”. The account stops confirming reads, and also stops seeing other people’s confirmations (WhatsApp’s reciprocal effect).
Only lastSeen and online
HideslastSeen and ties online to the same level (match_last_seen). Result: nobody sees when the account was last online, nor whether it’s active right now.
Success response
After applying the updates, the handler re-runsGetPrivacySettings and returns the complete current snapshot in settings, grouped into visibility (lastSeen, status, profile, online), privacy (readReceipts), and permissions (callAdd, groupAdd). Use the response as the source of truth for the post-update state, it’s what WhatsApp confirmed, not just what you sent.
200 OK
Path parameters
Instance name.
Headers
TokenAccount or TokenInstance.application/jsonRequest body
Each subsection is optional, but at least one must be present.Subfields:
lastSeen, status, profile, online.Subfields:
readReceipts.Subfields:
callAdd, groupAdd.Accepted values per field
| Field | Values |
|---|---|
lastSeen / status / profile | all / contacts / contact_blacklist / none |
online | all / match_last_seen |
readReceipts | all / none |
callAdd | all / known |
groupAdd | all / contacts / contact_blacklist |
Notes
- Operations are not transactional: if the third
SetPrivacySettingfails, the first two have already been applied, the client gets a500but the partial state persists. Verify viaGETafter errors. - Each field triggers a separate stanza, an update with 7 fields makes 7 calls + 1 final
GetPrivacySettings= 8 stanzas. Latency can add up. - The response always returns the complete current settings (not just the changed fields).
Errors
| HTTP | Message |
|---|---|
| 400 | At least one privacy setting must be provided |
| 400 | Invalid lastSeen value: <value>. Valid values: all, contacts, contact_blacklist, none |
| 400 | Invalid status value: <value>. Valid values: all, contacts, contact_blacklist, none |
| 400 | Invalid profile value: <value>. Valid values: all, contacts, contact_blacklist, none |
| 400 | Invalid online value: <value>. Valid values: all, match_last_seen |
| 400 | Invalid readReceipts value: <value>. Valid values: all, none |
| 400 | Invalid callAdd value: <value>. Valid values: all, known |
| 400 | Invalid groupAdd value: <value>. Valid values: all, contacts, contact_blacklist |
| 400 | Instance is not connected to WhatsApp |
| 500 | failed to update <field> privacy: <reason> |