Why Whatsapp OTP?
Businesses use one-time passwords (OTPs) to verify user identity during logins, online purchases, and other transactions.
Because of the added security it provides, many businesses are using WhatsApp for OTP verification and 2FA. The traditional SMS OTP implementation may be vulnerable to some attacks. security flaws
Whatsapp OTP is the ideal alternative because of the following factors:
End-to-end encrypted; encrypted between the business endpoint and the user’s device.
High delivery rates.
Lower cost than SMS OTP ( ILDO / International SMS)
Ability to track and be notified when identity/ownership changes for phone numbers on Whatsapp.
Easy integration with a chatbot for helping users with authentication.
Steps to send OTP messages via WhatsApp Business API
You have a phone number enabled with Whatsapp Business API at Exotel. ( if you do not have an Whatsapp business account you can write to firstname.lastname@example.org or call us at 08088-919-888 to enable your WhatsApp number)
You have access to the META Business manager dashboard for template whitelisting.
You already have a mechanism to generate & detect OTPs.
Step 1: Whitelist an OTP message template in your WABA using the META Business Manager Dashboard.
In your Whatsapp business account (WABA) dashboard, navigate to the “Message templates” section and click on “Create message templates”.
Select the “one-time password” template category
Enter a Name for the template.
Select the language(s) you want to use for the OTP message.
Click on continue.
Construct your message template as per your liking by utilizing the Header, Footer, and Body options available. More details on template creation are here.
Submit the template for approval.
Step 2: Sending the OTP template message via Whatsapp API
Make a POST request to /messages endpoint with your approved OTP template in step 1.
Replace the variable placeholder for OTP with an OTP generated from your system.
For tracking the delivery status of messages, follow the steps mentioned here.