Send Verification Code via WhatsApp

1. Create Authentication Message Templates

Step 1: Register Expediusly Account

Step 2: Create WABA

Click below to view the detailed guidance.

Create a WhatsApp Business API Account | Help Center

  • Click Home > Templates > + Add Template

Step 3: Create Authentication Message Template

  1. Create message template
  • Click Home > Templates > + Add Template, then create your template
  1. Setting up template
  • Select Category "Authentication", and name the template and select the template language

    • Please note: The template name must be unique. Names only support lowercase letters a-z, 0-9, and underscores (). Once submitted, the template cannot be changed.


Page for naming the template, selecting the template type, and template language

  • Choose the sending method:

    • Copy code
    • Autofill-One tap
    • Autofill-Zero tap

Choosing different sending methods here will result in variations in the interface buttons and usage methods that the user receives. Overall, zero-click verification codes offer the best user experience, making them the preferred solution. However, this button is currently only supported on Android devices outside of India, and implementing such a button requires changes to your app's code to perform a "handshake." Additionally, the app's signing key hash needs to be modified. A specific comparison is as follows:

  • Add a security disclaimer and an expiration time warning for the verification code (optional).

  • Setting up message validity period

It is recommended to set a custom validity period, allowing you to choose between 1-10 minutes as the message's validity period. Once set, your authentication message must be delivered within this timeframe. If the message is not delivered to the user's device within this period, it will be withdrawn, you will not be charged, and your customer will not see the message. If you do not set a custom validity period, the standard WhatsApp message validity period (24 hours) will apply. This means you might incur additional charges for invalid messages sent after the timeout.

  • Click Submit Template

    • Generally, the verification code template will be displayed as approved within a few minutes after submission. When the status shows "active", it means the template status is activated and ready to send.

  • When the template status shows "Active-Quality pending", it means that this message template has been activated and ready to be sent.

Step 4: Send OTP Messages Using the API

Next, you can send OTP messages through API

Click to view API Docs

API request reference: WhatsApp Messaging Examples

Step 5: Receive Webhook Notifications

1.Configure the Callback URL

Click Developers > Webhooks ,then configure Webhooks。

Create a Webhook endpoint and enter the callback URL. Notifications regarding the status of the message will be sent to your Webhook callback.


2.Monitor OTP Messages Status

For each message you send, notifications regarding the status of the message will be sent to your Webhook callback. You can determine whether your verification code was successfully sent based on the feedback received.

Best practice for WhatsApp OTP

1.Front-End Interface Design

Using WhatsApp to send OTP is a new method. To ensure that your users have an optimal experience during the verification code process, we offer some UI design suggestions:

2.Check if the user has WhatsApp installed.

To improve user experience and default to using WhatsApp, you can implement a check to determine if the user has the WhatsApp application installed on the same device running your app. If WhatsApp is detected, you can proceed to submit the WhatsApp verification code. If it is not detected, you can switch to sending the OTP via SMS.

For detecting whether the app is installed, you can refer to:

Here is an example implementation for detecting WhatsApp on Android:

fun PackageManager.isPackageInstalled(packageName: String): Boolean {
  return try {
    getPackageInfo(packageName, PackageManager.GET_ACTIVITIES)
    true
  } catch (e: NameNotFoundException) {
    false
  }
}

fun isWhatsAppInstalled : Boolean() {
    val whatsAppPackageName = "com.whatsapp"
    val whatsAppBusinessPackageName = "com.whatsapp.w4b"
    return getPackageManager().isPackageInstalled(whatsAppPackageName) || getPackageManager().isPackageInstalled(whatsAppBusinessPackageName)
}

3.Set Up an Auto-Resend Policy

Generally, auto-resend policies fall into two categories:

1. Immediate SMS Resend for Failure (Highly Recommended)

Failed: Indicates that the WhatsApp message submission has failed. If the receipt shows a failure, immediately resend the OTP via SMS to ensure a smooth customer experience.

2. SMS Resend for Delayed Delivery Status (Optional)

We recommend designing a strategy for handling timeouts when the delivery status is not received. For instance, set a timeout period: if the WhatsApp OTP message is successfully submitted (sent) but the delivery status update is not received within the timeout period, automatically resend the same OTP via SMS. We suggest a timeout period ranging from 15 to 60 seconds, depending on how you balance cost and customer experience.

Special Verification Method: Inbound Verification

In addition to the commonly used method of businesses proactively sending verification codes, there is a special inbound verification method where user verification is completed through users actively sending inbound messages. This method is similar to the third-party login experience on WeChat. The advantages of this method include:

  • Lower Costs: For example, in Indonesia, conversations initiated by users are charged at a rate that is at least one-third cheaper than those initiated by businesses.

  • 24-Hour Free Interaction Window: Since the conversation is initiated by the user, it provides a 24-hour free interaction window. During this period, businesses can send marketing or notification messages to the customer without incurring additional costs.

Below is a case study of the Shopee app in Southeast Asia: 👇