What is an Authentication Templates?
It allows businesses to send OTP or Delivery code messages to authenticate users through one-time passcodes, typically digit alphanumeric codes without users initiating the conversation over WhatsApp.
This is launched as a Template message under the category of Authentication.
What are the Use Cases?
Authentication templates are appropriate to use when:
Providing an authentication code to the user on WhatsApp
Verifying account or Password Reset
Transaction Confirmation
Password Reset
Two-factor authentication for Apps, or any business services
Delivery Codes
Authentication Message Components
Sample Authentication Messages:
Components
Fixed preset text: <VERIFICATION_CODE> is your verification code. Please note that you cannot edit or customize the Authentication message.
An optional security disclaimer: This is a preset text that gets added to your template message to display the security of your security, do not share this code.
Optional expiration warning: This is an optional present text that gets added to your message template as a footer to display the Code expiry time. This code expires in <NUM_MINUTES> minutes.
Buttons: The supported buttons are:
Copy Code: Enables users to copy the code to the clipboard for manual entry.
One-Tap Autofill: Allows users to autofill the code with a single tap.
Zero-Tap (not a button): Seamlessly integrates code delivery within the app, currently supported on Android.
Authentication Template Message Features
Authentication templates include optional add-ons like security disclaimers and expiry warnings.
In addition, authentication templates must have a one-time password button (copy code or one-tap).
Template Buttons
Copy Code: Copy code authentication templates allow you to send a one-time password or code along with a copy code button to your users.
User Interaction: When a WhatsApp user taps the copy code button, the WhatsApp client copies the password or code to the device's clipboard. The user can then switch to your app and paste the password or code into your app.
Limitations: URLs, media, and emojis are not supported.
One-time Autofill Button: Includes either a copy code or a one-tap autofill button which sends a one-time password with a one-tap autofill button.
User Experience: When a WhatsApp user taps the autofill button, WhatsApp triggers an activity that opens your app and delivers the password or code.
Limitations: Only supported on Android devices. Non-Android devices will see a copy code button instead.
Important: Read More requirements and how to integrate your App to use the Autofill functionality here: One-Tap Autofill - WhatsApp API
Zero Tap Button: Allows users to receive and use one-time passwords without leaving the app.
Technical Integration: The app captures the password automatically through a broadcast receiver, which requires integration.
User Experience: The password or code appears in the app automatically.
Limitations: Only supported on Android devices. Non-Android devices will see a copy code button instead.
Important: Read More requirements and how to integrate your App to use the Autofill functionality here: Zero-Tap - WhatsApp API
Note: URLs, media, and emojis are not supported. Because authentication templates with OTP buttons only consist of preset text and buttons, their risk of being paused is significantly minimized.
Time To Live (TTL)
Time-to-Live (TTL) is the duration for which Meta will attempt to deliver a message to a WhatsApp user before giving up if the message remains undelivered. Default TTL Values
General Messages: Standard WhatsApp messages typically have a TTL of 30 days.
Authentication Templates: Authentication templates have a shorter default TTL of 10 minutes.
How Does TTL Work:
Meta continuously attempts to deliver the message to the recipient until the TTL expires. If the message cannot be delivered within the TTL period, Meta stops retrying and the message is dropped from the queue.
Meta does not send you any callback notification if a message is not delivered after TTL expires.
TTL Expiry Webhook: Enhancement by Exotel, we provide an enhanced experience by enabling this onto our webhook notifications.
We send a webhook update when a message fails to be delivered within the TTL with a specific error code, indicating that the message has been dropped.
This helps businesses monitor message delivery statuses and take timely actions if necessary.
Best Practices
Confirm User’s WhatsApp Number: Confirm the user's WhatsApp phone number before sending the one-time password or code to that number.
Communicate Delivery Method: Make it clear to your users that the password or code will be delivered to their WhatsApp phone number, especially if you offer multiple ways for the user to receive password or code delivery.
Clarify Code Capture: When the user pastes the password or code into your app, or your app receives it as part of the one-tap autofill button flow, make it clear to the user that your app has captured it.
Set Appropriate TTL: Set a TTL that matches or is less than your code expiration time to ensure timely delivery and security.
Authentication International Rates
Authentication-International Rates
Specific countries have an authentication-international rate like India & Indonesia.
If you open an authentication conversation with a WhatsApp user from such a country and meet the eligibility criteria, you will be billed the authentication–international rate (which is different than the normal domestic rate).
Criteria for Authentication-International Rates:
Your business is eligible for authentication-international rates, doing more than 750K conversations in a rolling period.
Your business is based in another country than that of the countries that have Authentication-International Rates.
The conversation was opened on or after your start time for that country.
Example: If your business is based in Indonesia and you open an authentication conversation with a user in Indonesia, you will not be billed the authentication-international rate. However, if your business is based in India, you will be billed the authentication-international rate if you meet all criteria.
Eligibility For Authentication-International Rate Card
Usage: If your business opens more than 750K conversations in a moving 30-day period across all of your WhatsApp Business Accounts with users whose country calling codes are for a country that has an authentication-international rate.
In India, the eligibility check is based on a 180-day period before the launch date.Primary Business Location:
Authentication International Rates are only applicable for certain regions and depend on two parameters, Business Location & User Location.
Hence Meta has introduced new Business settings for Primary Locations.
Meta will attempt to determine your primary business location using publicly available information or ask you to update it from your Meta Business Settings page under the Business Info page, here: https://business.facebook.com/settings/info?business_id=<business-id>
Note: The businesses registered in the India or Indonesia region are requested to update the Primary Business Location to avoid getting charged for International Rates.
Start Time: Once deemed eligible based on the above 2 points, Meta will set your start times 30 days out for each country that has an authentication-international rate from the date of eligibility.
Notification: Meta will send an email to notify the business, once they are eligible for the Authentication-International Rates and the Primary Location.
Get Notified once your business is eligible for Authentication-International Rates
Meta will notify you of the International Rate Eligibility once you are eligible
Meta will send you an eligibility email (to all teh admins added under you WABA) that includes these start times and the country that they set as your primary business location (if they were able to determine the country).
Please make sure that all your users or managers are added to your WABA accounts as Admins to receive such important updates.
This provides you with 30 days notice before authentication-international rates apply. Webhooks will also be triggered that include your start times, and your primary business location.
Note: The eligibility is permanent. Once your business is deemed eligible, all authentication conversations opened on or after your start time will be charged the authentication-international rate in markets where authorization-international rates apply.
How to Create the Authentication Templates
Via WhatsApp Manager Dashboard.
Access Your WhatsApp Business Account: Log in to your WhatsApp Business account.
Navigate to Templates: Go to the Templates section.
Create New Template: Select ‘Create New Template’ and choose ‘Authentication’ as the template type.
Fill in Template Details: Select the required template details and configurations like Security Text, and Expiry Text.
Add Buttons: Choose to add either a one-tap autofill button, a copy code button, or no button for Zero Tap.
Set Time-To-Live: Optionally set the TTL by including the property with a value between 60 and 600 seconds or in minutes on the Meta UI.
Review and Submit: Save the template and submit it for approval.
Via Create Template APIs
Use the Create Templates API to create & submit templates to WhatsApp for approval. The API supports both single and bulk creation.
POST
Replace <your_api_key> and <your_api_token> with the API key and token created by you.
Replace <your_sid> with your “Account sid”
Replace <subdomain> with the region of your account
<subdomain> of Singapore cluster is @api.exotel.com
<subdomain> of Mumbai cluster is @api.in.exotel.com
<your_api_key> , <your_api_token> and <your_sid> are available in the API settings page of your Exotel Dashboard
Sample API Request for Authentication Template with Copy Code button
{
"whatsapp": {
"templates": [
{
"template": {
"category": "AUTHENTICATION",
"components": [
{
"type": "BODY",
"add_security_recommendation": true
},
{
"type": "FOOTER",
"code_expiration_minutes": 10
},
{
"type": "BUTTONS",
"buttons": [
{
"type": "OTP",
"otp_type": "COPY_CODE"
}
]
}
],
"name": "auth_template_copy_code",
"language": "en"
}
}
]
}
}
For more sample requests, please go to our Developer documentation.
Preview the Authentication Templates
After creating the template, it is equally important to review the message content before start using it. You can preview the template on the WhatsApp Manager Dashboard while creating the template or Log In to the Exotel Messaging console.
Via WhatsApp Manager Dashboard
Access Your Templates: Go to the Templates section in your WhatsApp Business account.
Select Template to Preview: Choose the template you wish to preview.
Preview Message: Use the preview option to see how the message will appear to the user, including any buttons and optional text.
For Exotel Messaging Dashboard
Log In to Messaging Console: Log in to the Exotel console here and click on the WhatsApp option available on the LHS navigation panel.
You can refer to these steps in case you are not able to navigate the WhatsApp console: hereAccess Your Templates: Go to the Templates section in your Exotel messaging console seen on the LHS navigation bar.
Select the WABA ID: Choose the correct WABA ID from the dropdown.
Select Template to Preview: Choose the template you wish to preview.
Preview Message: Use the preview option to see how the message will appear to the user, including any buttons and optional text.
Send the Authentication Templates
Via Send Message Template APIs
This API can send messages to a single number with a message content or different numbers with different message contents for each number. To send message through Exotel API, you will need to make a HTTP POST request to
POST
Replace <your_api_key> and <your_api_token> with the API key and token created by you.
Replace <your_sid> with your “Account sid".
Replace <subdomain> with the region of your account
<subdomain> of Singapore cluster is @api.exotel.com
<subdomain> of Mumbai cluster is @api.in.exotel.com
<your_api_key> , <your_api_token> and <your_sid> are available in the API settings page of your Exotel Dashboard
Sample API Request
{
"custom_data": "ORDER123456",
"status_callback": "status_callback_url",
"whatsapp": {
"messages": [
{
"from": "{{FromNumber}}",
"to": "{{ToNumber}}",
"content": {
"type": "template",
"template": {
"name": "auth_template_copy_code",
"language": {
"code": "en"
},
"components": [
{
"type": "body",
"parameters": [
{
"type": "text",
"text": "123456"
}
]
},
{
"type": "button",
"sub_type": "url",
"index": "0",
"parameters": [
{
"type": "text",
"text": "123456"
}
]
}
]
}
}
}
]
}
}
For more sample requests, please go to our Developer documentation.
Checklists after sending the template messages.
Initiate the Message Send Request: Use your app to initiate a message send request with the chosen authentication template, and integrate the API with your system.
Monitor Delivery: Monitor the message delivery status through the webhook updates.
Handle User Interaction: Ensure your app can handle user interactions with the copy code button or one-tap autofill button.
Manage Failures: If a message fails to deliver within the TTL, handle it appropriately by considering alternative delivery methods or notifying the user.