[GOWS] Error 463 on sendText — tctoken lifecycle not implemented in GOWS engine

[joaoAPina]

Describe the bug

Outbound messages sent via POST /api/sendText fail with HTTP 500 / error 463 when using the GOWS engine for specific contacts, even though the session is WORKING, inbound messages arrive normally, and messages sent directly from the physical device succeed.

We run 30 active WAHA instances (GOWS engine, different phone numbers). This is the first session we have ever seen this issue on. The failure affected 14 different contacts in that single session — all returning the same error 463 — while other instances continued operating normally. The issue occurs regardless of chatId format (@c.us or @lid).

---

Version

{
  "version": "2026.3.2",
  "engine": "GOWS",
  "tier": "PLUS"
}

---

Steps

To Reproduce:

1. Start a WAHA session using the GOWS engine — session reaches WORKING state
2. Confirm inbound messages are being received normally
3. Send a message from the physical device — succeeds
4. Call POST /api/sendText with a valid session and chatId
5. Receive HTTP 500 with "2 UNKNOWN: server returned error 463"

---

Expected behavior

POST /api/sendText should succeed for any contact reachable from the device, matching the behavior of the physical device and the WEBJS engine.

---

Requests - Responses

Request:

POST /api/sendText
{
  "session": "<session-id>",
  "chatId": "557398669599@c.us",
  "text": "Hello"
}

Response (HTTP 500):

{
  "error": "2 UNKNOWN: server returned error 463"
}

Tested with both @c.us and @lid chatId formats — both return the same error 463.

---

Docker Logs

Failed to send text message | status=500 | errorMessage="Request failed with status code 500" | session=<session-id> | chatId=557398669599@c.us

---

Screenshots

Session status in WAHA dashboard:

• Status: WORKING
• Account: authenticated and active
• Server: WAHA

---

Additional context

After investigating, we believe this is caused by the absence of the tctoken lifecycle in the GOWS engine.

WhatsApp now requires a valid privacy token (tctoken) in every outbound DM. When the token is missing or expired, the server rejects the message with error 463 (NackCallerReachoutTimelocked). This is not a session issue — the session is WORKING, receives messages, and the physical device sends without problems.

This was addressed in whatsmeow via:

• tulir/whatsmeow#1081 — full tctoken lifecycle: proactive fetch before send, 28-day expiration window, async token issuance after send
• tulir/whatsmeow#1104 — diagnostic APIs for account-level capping and reachout timelock

WEBJS does not reproduce this issue, suggesting the fix is already present there. GOWS appears to be missing the equivalent implementation.

Could the GOWS engine receive parity with the tctoken handling from whatsmeow PR #1081?

[Jaedson-Digiliza]

+1

@devlikepro any deadline for this fix?

[onicolasz]

+1

[devlikepro]

✅ Let's try dev image

Make sure to select the engine via the environment variable - WHATSAPP_DEFAULT_ENGINE=WEBJS|GOWS|NOWEB:

• devlikeapro/waha-plus:dev
• devlikeapro/waha-plus:dev-chrome
• devlikeapro/waha-plus:dev-arm

[Jaedson-Digiliza]

Didn't work

{
  "statusCode": 500,
  "timestamp": "2026-04-29T15:51:11.414Z",
  "exception": {
    "message": "2 UNKNOWN: server returned error 463",
    "code": 2,
    "details": "server returned error 463",
    "metadata": {},
    "name": "Error",
    "stack": "Error: 2 UNKNOWN: server returned error 463\n    at callErrorFromStatus (/app/node_modules/@grpc/grpc-js/build/src/call.js:32:19)\n    at Object.onReceiveStatus (/app/node_modules/@grpc/grpc-js/build/src/client.js:193:76)\n    at Object.onReceiveStatus (/app/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:367:141)\n    at Object.onReceiveStatus (/app/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:327:181)\n    at /app/node_modules/@grpc/grpc-js/build/src/resolving-call.js:135:78\n    at process.processTicksAndRejections (node:internal/process/task_queues:84:11)\nfor call at\n    at MessageServiceClient.makeUnaryRequest (/app/node_modules/@grpc/grpc-js/build/src/client.js:161:32)\n    at MessageServiceClient.SendMessage (/app/node_modules/@grpc/grpc-js/build/src/make-client.js:105:19)\n    at MessageServiceClient.SendMessage (/app/dist/core/engines/gows/grpc/gows.js:10502:30)\n    at node:internal/util:495:21\n    at new Promise (<anonymous>)\n    at node:internal/util:481:12\n    at WhatsappSessionGoWSPlus.sendText (/app/dist/core/engines/gows/session.gows.core.js:517:78)\n    at descriptor.value (/app/dist/core/abc/activity.js:9:35)\n    at process.processTicksAndRejections (node:internal/process/task_queues:103:5)"
  },
  "request": {
    "path": "/api/sendText",
    "method": "POST",
    "body": {
      "chatId": "<number>@c.us",
      "text": "<message>",
      "session": "<session>"
    },
    "query": {}
  },
  "version": {
    "version": "2026.4.3",
    "engine": "GOWS",
    "tier": "PLUS",
    "browser": null,
    "platform": "linux/x64",
    "worker": {
      "id": null
    }
  }
}

[m0d02x]

+1