Why Whatsapp OTP?
Businesses use one time passwords (OTPs) to verify user identity at the time of logins, online purchases and to authenticate other transactions.
Many businesses are adopting WhatsApp for OTP verifications & 2FA due to the added security it provides. The traditional SMS OTP implementation may be susceptible to some security flaws
Whatsapp OTP is the ideal alternative because of the following factors:
End-to-end encrypted; encrypted between business endpoint and the user’s device.
High delivery rates.
Lower cost than SMS OTP ( ILDO / International SMS)
Ability to track and be notified when identity/ownership changes for phone numbers on Whatsapp.
Easy integration with a chatbot for helping users with authentication.
Steps to send OTP messages via WhatsApp business API
You have a phone number enabled with Whatsapp Business API at Exotel.
You have access to the META Business manager dashboard for template whitelisting.
You already have a mechanism to generate & detect OTPs.
Step 1: Whitelist a OTP message template in your WABA using the META Business manager dashboard.
In your Whatsapp business account (WABA) dashboard , navigate to the “Message templates” section and click on “create message templates”.
Select the “one-time password” template category
Enter a Name for the template .
Select the language(s) you want to use for the OTP message.
Click on continue.
Construct your message template as per your liking by utilizing Header,Footer, Body options available. More details on template creation here.
Submit the template for approval.
Step 2 : Sending the OTP template message via Whatsapp API
Make a POST request to /messages endpoint with your approved OTP template in step 1.
Replace the variable placeholder for OTP with a OTP generated from your system.
For tracking the delivery status of messages follow the steps mentioned here.