Wwise Version
arrow_right Table of Contents
Wwise SDK 2021.1.6
Preparing to use the Wwise Authoring API

The Wwise Authoring API is normally enabled by default. We recommend you take a look at its preferences before you start. You will find important security settings, and you will be able to confirm that Wwise Authoring API is enabled:

To enable Wwise Authoring API:

  • In Wwise, select Project > User Preferences. (Default shortcut: Shift + U)
  • In the Wwise Authoring API group box, select Enable Wwise Authoring API.
  • Click OK.

This means you can now use WAAPI.

Network Security

Since WAAPI allows you to control Wwise remotely, it must be used in a secure environment in order to prevent other people from gaining control of your computer. If it is not configured correctly, it could present a security risk.

Note: If you are connecting to WAAPI through a browser, both the IP address and origin of the web server must be added for the connection to be allowed. Refer to Preventing Cross-Site Scripting.

Blocking access to WAAPI ports

WAAPI provides access to two ports for WAMP and HTTP (by default: 8080 and 8090). For greater security, we recommend you block remote computers from accessing those ports, by using a Firewall. If you wish to allow remote computers to access WAAPI, we recommend adding them in a white list, instead of allowing any remote connection.

Restricting access to WAAPI to specific IP addresses

By default, WAAPI will only accept connections coming from localhost ( or ::1).

Accessing WAAPI from a remote computer will therefore fail, unless you add its IP address in the User Preferences. To allow an IP address to connect to WAAPI:

  • Click Project > User Preferences, from the main Wwise menu.
  • Add the IP address to the Allow connections from field. For example:
    •, using an IPv4 address; or
    • 2001:db8::, using an IPv6 address.
  • Click OK.
Caution: You can add * to allow connections from any IP address. But, this is insecure and, therefore, unrecommended.

Preventing Cross-Site Scripting

WAAPI provides a security layer against cross-site scripting. Otherwise, when you visit a webpage that contains JavaScript code, for example, that code could theoretically gain access to Wwise by connecting from the loaded webpage. In that scenario, the firewall is not enough.

This WAAPI security layer relies on your browser security settings. By default, WAAPI will only accept connections from local software or, in the case of browsers, only when opening HTML files on the local file system.

Using WAAPI in a webpage loaded from another host will fail, unless you add the host in the User Preferences. To add a host as a valid origin for WAAPI:

  • Click Project > User Preferences, from the main Wwise menu.
  • Add your host URI to the Allow browser connections from origins field. For example:
  • Click OK.
Caution: You can add * to allow connections from webpages of any origin. But, this is insecure and, therefore, unrecommended.

See Using the Command Line for information on using "-Waapi" commands from the command line.

Note: Using Multiple Clients

WAAPI supports usage from multiple connections at once. The current maximum number of active connections to WAAPI is 20 for WAMP, with another 20 for HTTP POST.

Using WAAPI on Mac

WAAPI uses Windows-style paths to access files, with the root folder "/" represented by drive Z and the home folder drive Y. For example, in order to load project "/Volumes/path/to/MyProject.wproj", you must use path "Z:\Volumes\path\to\MyProject.wproj".

In case of doubt, you can refer to the project path as displayed in the recent projects in Wwise.

Next Steps

You can now try out WAAPI according to one of the WAAPI Samples, which show you how to get WAAPI running for your preferred language and protocol.

See also