Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.usetitan.app/llms.txt

Use this file to discover all available pages before exploring further.

The PHP SDK provides a typed client for the Titan WhatsApp API. It requires PHP 8.1 or later and uses named constructor arguments for configuration. Types are auto-generated from the OpenAPI spec. The SDK includes webhook signature verification and accepts both server API keys and client tokens.

Installation

composer require titan/sdk

Create a client

use Titan\TitanClient;

$client = new TitanClient('https://api.example.com', apiKey: 'titan_...');
Keep your API key on the server. Use client tokens for any code that runs in an untrusted environment.

Send a message

$resp = $client->messages()->send('default', [
    'chatId' => '[email protected]',
    'type' => 'text',
    'text' => 'Hello from PHP!',
]);
The first argument is the session name. The second is the message payload as an associative array. The response is a typed object matching the API’s JSON response shape.

Service domains

The client exposes every Titan API domain via a method call. PHP uses camelCase for all method names.
DomainMethod
Sessions$client->sessions()
Messages$client->messages()
Contacts$client->contacts()
Groups$client->groups()
Channels$client->channels()
Presence$client->presence()
Profile$client->profile()
Labels$client->labels()
Chats$client->chats()
Webhooks$client->webhooks()
Pairing$client->pairing()
LIDs$client->lids()
Media$client->media()
Client tokens$client->clientTokens()

Webhook verification

Use the Verifier class to validate the HMAC-SHA256 signature on incoming webhook deliveries. It returns true if the signature is valid and false otherwise. 
use Titan\Webhooks\Verifier;

$isValid = Verifier::verify($rawBody, $signatureHeader, $secret);
Pass the raw request body as a string, the value of the X-Webhook-Signature header, and your webhook secret. Check the return value before processing the event.
Always verify webhook signatures before processing events. Respond with a 400 or 401 status when verification fails.

Client tokens

To use a short-lived client token instead of a server API key, pass clientToken instead of apiKey: 
$client = new TitanClient('...', clientToken: 'titan_ct_...');

Full client token flow

use Titan\TitanClient;

// Server-side: mint a token
$server = new TitanClient('https://api.example.com', apiKey: 'titan_...');

$token = $server->clientTokens()->mint([
    'session' => 'default',
    'ephemeralId' => 'user-123',
    'ttl' => 900,
]);

// Restricted client: use the token
$browser = new TitanClient('https://api.example.com', clientToken: $token['token']);
See Client tokens for how to configure session rules and control what client tokens are allowed to do.

Types

Types are auto-generated from the OpenAPI spec into php/src/Generated/Types.php in the titan-api/sdks monorepo. A GitHub Actions workflow regenerates the file automatically whenever the spec changes. Import generated types directly: 
use Titan\Generated\Types\SendMessageRequest;
use Titan\Generated\Types\SessionStatus;

Deprecation warnings

The SDK reads Deprecation, Sunset, and Titan-SDK-Deprecation response headers on every API response. When any of these headers appear, the SDK triggers a PHP warning once per client lifetime using trigger_error:
  • Deprecation: true — the API version you are calling is deprecated.
  • Sunset: <date> — the API version will be removed on the given date.
  • Titan-SDK-Deprecation — your installed SDK version is outdated.
If you use a custom error handler (for example, one that routes errors to a logging service), PHP deprecation warnings from the SDK will flow through it automatically.