Updates & Shipping

This page covers keeping a Loopwave deployment current and, for vendors, shipping it as a protected licensed product.

Updating a deployment

Back up first
Back up your MongoDB database and the WhatsApp data directory (AUTH_DIR) together before any update.
Deploy the new build
Replace the application build and restart the API and dashboard.
Confirm health
Check the dashboard loads, your numbers reconnect to ready, and recent messages flow. The API exposes a simple health check at /api/health and a version at /api/version.

Never delete the AUTH_DIR during an update. Wiping it logs out every connected number, forcing a fresh QR scan for each one.

Schema evolution

Loopwave’s data models carry a schemaVersion field, so the app can evolve document shapes safely across versions without breaking existing data.

Shipping as a licensed product

If you distribute Loopwave to tenants, protect your build:

Ship compiled output, not raw source. Distribute the compiled build (or a binary) to make reverse-engineering harder — never raw source code.
Run in enforce mode. Set LICENSE_MODE=enforce in shipped builds so writes lock on an invalid license. See Licensing.
Set your own LICENSE_PUBLIC_KEY. Generate a production Ed25519 keypair, embed the public key in every shipped build, and keep the private signing key in a vault — never on a customer server.
Issue one key per customer, optionally domain-bound and time-limited.

The offline-verifiable license means a tenant can read their entitlements but can’t forge a longer expiry, because only your private key can sign a valid token.

Shipping checklist

Generate a production keypair; set LICENSE_PUBLIC_KEY.
Set LICENSE_MODE=enforce.
Set a strong, unique JWT_SECRET.
Serve over HTTPS with WEB_ORIGIN set to the tenant’s domain.
Keep AUTH_DIR and MongoDB on persistent, backed-up storage.
Ship compiled output; keep the private license key off the customer server.

Troubleshooting→

Fixes for the most common connection and inbox issues.