WAHA alternative

A WAHA alternative that isn't a WhatsApp client at all

WAHA's pitch is that you pick an engine: WEBJS, NOWEB, or GOWS, all behind one tidy REST API. The part the comparisons skip is that every one of those engines is a reverse-engineered WhatsApp client that pairs a linked device and lives on the surface Meta uses to detect automation. If you went looking for a WAHA alternative because of that, here is one that runs no engine at all.

Written for someone who landed here from a thread, is on a Mac, and wants the honest trade before swapping anything out.

See the no-engine path source on GitHub →

Direct answer — verified 2026-05-22

The alternative that skips the web protocol is to drive the official desktop app instead of running an engine that pretends to be one.

whatsapp-mcp-macos reads the macOS accessibility tree of the WhatsApp app on your Mac and posts synthetic clicks and keystrokes. No Docker, no engine, no QR pairing, no socket to WhatsApp servers. The trade versus WAHA: macOS only, the desktop app has to be running, around 15 messages per minute, and text only. In return your number never carries a bannable linked device.

Matthew Diakonov, Written with AI

Published May 22, 20267 min read

WAHA's three engines are three reverse-engineered clients

WAHA is a Node.js application that wraps community WhatsApp libraries behind one consistent REST API and webhook interface. The engines page lays out the choice:

WEBJS uses whatsapp-web.js and runs a real WhatsApp Web session inside headless Chrome via Puppeteer.
NOWEB drops the browser and talks to WhatsApp over a WebSocket using a fork of Baileys.
GOWS is a newer Golang WebSocket client, positioned as the future replacement for NOWEB.

The engine swap changes your resource bill and stability, not your relationship with Meta. Every engine authenticates the same way: scan a QR, become a linked device on the account, and speak the WhatsApp web protocol from then on. The linked-device session is exactly what Meta's anti-automation models watch. Picking GOWS over WEBJS is a CPU decision, not a ban-risk decision.

Where the socket ends up

Same outcome, a message reaches a recipient. The difference is who owns the socket talking to WhatsApp servers. With WAHA, your container owns it. With the accessibility path, the official app owns it, exactly as it does for a normal user.

Two ways to reach WhatsApp

Left: each WAHA engine owns a session pretending to be a client, and that is the thing Meta scores. Right: the desktop app owns the only socket on the machine; the MCP server only touches the app's window, never the network.

The anchor fact: NOWEB even disables reading your own data

Because a WAHA engine is a protocol client, it inherits the protocol's constraints. WAHA's NOWEB engine disables getting all contacts, retrieving all chats, and accessing chat message history by default. You have to opt into a "store" at session creation, and the docs warn that changing the store config after the QR scan can lose chat history.

The accessibility path has the opposite shape. There is no store and no protocol history toggle. It reads whatever the WhatsApp app has rendered, the same data macOS exposes to VoiceOver, and parses chat rows, sender, text, and timestamps straight off the screen. Its limit is the honest inverse: it sees only messages currently rendered, not the full server-side history a protocol client could page through.

WAHA engine vs WhatsApp MCP, side by side

Verify it yourself: WAHA's engine choice is documented at waha.devlike.pro/docs/how-to/engines, the NOWEB Baileys fork is at github.com/devlikeapro/Baileys, and the no-engine path is one Swift file in github.com/m13v/whatsapp-mcp-macos.

WAHA vs WhatsApp MCP, row by row

Both are real, in-production tools. Neither replaces the other; they sit on opposite sides of one decision, whether your process becomes a WhatsApp client.

Feature	WAHA (WEBJS / NOWEB / GOWS engines)	WhatsApp MCP (macOS accessibility)
What talks to WhatsApp	The engine you pick. WEBJS drives whatsapp-web.js in headless Chrome; NOWEB runs a Baileys fork over WebSocket; GOWS is a Golang WebSocket client. Each is a reverse-engineered client.	Nothing new. The genuine WhatsApp desktop app is the only client. WhatsApp MCP reads its accessibility tree and posts clicks and keystrokes.
Linked device on your account	Yes. Each session scans a QR and pairs a linked device, spending one of your four slots on a client Meta did not ship.	None. It drives the desktop app that is already linked. Nothing new pairs.
Detection surface	On it. The engine's socket or browser session is exactly what Meta's anti-automation models score. Ban risk is real, especially on new numbers.	Off it. No socket leaves the process. From Meta's side there is one genuine desktop session, the one you already use.
Where it runs	Anywhere Docker runs. Linux VPS, container, ARM box. Portability is the whole point.	macOS only (macOS 13+). It depends on the WhatsApp Catalyst app and the macOS Accessibility framework. No headless, no container.
Setup	docker run, expose port 3000, scan a QR, wire up webhooks. Plus a license for multi-session.	npm install -g whatsapp-mcp-macos, grant Accessibility permission once, add a stdio entry to your MCP host.
Throughput	High on paper. Hundreds per minute per session, bounded in practice by ban risk.	About 15 messages per minute per Mac. Strictly serial; it is typing into one focused window.
How an agent calls it	Your code calls a REST endpoint and parses JSON; inbound arrives on a webhook you host.	An MCP server over stdio. Claude, Cursor, or Windsurf call the 11 tools directly. No HTTP surface to host.
Honest fit	Multi-tenant SaaS, Linux deployments, disposable numbers, high-volume outbound where ban risk is priced in.	One human (or one agent for one human) on a Mac, sending the messages they would normally send from their personal account.

WAHA wins clearly on headless deployment, cross-platform, throughput, and inbound webhooks. If you need a Linux container sending business-shaped volume, it is the better tool. The accessibility path trades all of that for one thing: your account never carries a client Meta can flag.

When you should just use WAHA

WAHA is a genuinely good piece of software, and there are cases where it is the right answer and this is not. If you need a headless Linux or Docker deployment with no Mac in the loop, the accessibility path does not exist for you. If you are running multi-tenant SaaS, sending from disposable or business numbers where ban risk is priced in, or you need an inbound webhook pipeline and hundreds-per-minute throughput, WAHA's engine model is built for exactly that.

The honest framing: treat any WAHA-engine account as disposable. Plan for the case where it logs out, design a re-pair path, and never run it on the personal number you cannot afford to lose. There is a deeper architecture breakdown across Baileys, Evolution API, and wppconnect at self-hosted gateway vs accessibility APIs.

When the no-engine path is the better swap

One human, or one AI agent acting for one human, sending conversational messages to known contacts from a Mac that already has WhatsApp Desktop signed in. Solo founders routing inbound from their personal WhatsApp. An agent triaging your group chats overnight. Personal-account automation you would never put on a WAHA engine because the number matters too much.

The pull here is removed surface, not feature parity. No engine choice. No QR re-pair flow. No anti-ban middleware. No webhook server to host. No second number to keep alive. Your agent reads from and writes to the same WhatsApp app you already use, with synchronous confirmation that the message bubble appeared, and the only operational concern is granting Accessibility permission to the right binary. The full walkthrough lives on the install page, and the architectural deep dive is at WhatsApp automation without the web protocol.

Stuck between a WAHA engine and a Mac?

If your use case is on the line between a self-hosted engine and the no-client path, talk it through with the person who built the accessibility server.

Questions people ask when leaving WAHA

Frequently asked questions

What is WAHA actually doing under the hood?

WAHA is a Node.js application that wraps community WhatsApp libraries behind one REST API and webhook interface. You choose an engine: WEBJS uses whatsapp-web.js driving a real WhatsApp Web session in headless Chrome via Puppeteer; NOWEB talks to WhatsApp over a WebSocket using a fork of Baileys (github.com/devlikeapro/Baileys); GOWS is a newer Golang WebSocket client. Whichever you pick, your WAHA container authenticates by scanning a QR and becomes a linked device on the account. That linked device, and its socket or browser session, is what speaks the WhatsApp web protocol on your behalf.

How is WhatsApp MCP an alternative if WAHA can run on Linux and this is macOS only?

It is an alternative on architecture, not on deployment target. WAHA's value is that any engine talks the web protocol so it can run headless anywhere. The cost is that your account carries a reverse-engineered linked device that Meta can detect and ban. WhatsApp MCP makes the opposite trade: it never becomes a client, so there is nothing on the protocol layer for Meta to flag, but it needs a real macOS session with the desktop app open. If your blocker is 'I do not want my personal number on a bannable linked device,' this is the alternative. If your blocker is 'I need a headless Linux container,' WAHA (or Meta's Cloud API) is the right tool and this page says so plainly.

Does switching WAHA from WEBJS to NOWEB or GOWS lower the ban risk?

Not structurally. The engines differ on resource use and stability: WEBJS runs a full headless Chrome (heavy), while NOWEB and GOWS skip the browser and talk WebSocket directly (lighter). But all three authenticate as a linked device and put a non-official client on your account. The thing Meta's anti-automation models score is the linked-device session itself, not which library produced it. Picking GOWS over WEBJS changes your CPU bill, not which side of the detection surface your account lives on.

What can WhatsApp MCP read that NOWEB disables by default?

WAHA's NOWEB engine disables getting all contacts, retrieving all chats, and accessing chat message history by default; you have to enable a store at session creation, and the docs warn that changing store config after the QR scan can lose chat history. WhatsApp MCP has no store and no protocol-level history problem. It reads whatever the WhatsApp app has rendered: it walks the accessibility tree (the same data macOS exposes to VoiceOver), parses chat rows, sender, text, and timestamps, and returns them. The limit is the opposite kind: it only sees messages currently rendered on screen, not the full server-side history a protocol client could page through.

Will using WhatsApp MCP get my number banned the way a WAHA engine can?

The usual ban trigger for unofficial automation, a reverse-engineered client handshake, is simply not present, because the only client on your account is the genuine Meta-signed desktop app. There is no engine, no linked device, no socket from this process. That said, account-level activity still matters on any path: mass-messaging strangers or robotic timing can draw enforcement no matter how the typing happens. Keep volume human and stay within WhatsApp's consumer terms at https://www.whatsapp.com/legal/terms-of-service.

WAHA has webhooks for inbound. Does WhatsApp MCP?

No webhook server, by design. WAHA pushes inbound events to an HTTPS endpoint you host. WhatsApp MCP is a stdio MCP server with no inbound network surface; your agent reads new messages by calling whatsapp_list_chats or whatsapp_read_messages on demand. That is a worse fit for an always-on event pipeline and a better fit for an agent that triages your inbox when you ask it to. Pick by whether you need push or pull.

Can I run both? WAHA for some accounts and WhatsApp MCP for my personal one?

Yes, and it is a sensible split. Point one MCP entry at the local accessibility server for your personal account (drafting replies, reading group chats, triage) and run WAHA in Docker for disposable or business-shaped numbers where ban risk is acceptable. The two target different sending identities and volume profiles, so they do not step on each other. There is a deeper architecture breakdown at /alternative/self-hosted-whatsapp-gateway-vs-accessibility-apis on this site.