Send OTP using WhatsApp: A Step-by-Step Guide
Easily send One-Time Passwords (OTP) on WhatsApp with our simple guide. Learn how to send OTP on WhatsApp for secure verification process.
One Time Password (OTP) is a brief code that can be used in applications for user security authentication.
OTP is available to safeguard user personal information while logging into the application. The data only becomes active after a short period due to its nature to ensure data security.
The confidentiality of the OTP code that you send must also be maintained by you as an application service provider.
The OTP code is typically sent via SMS service. Just
sending the OTP through SMS has a lot of security flaws when it comes to data.
For that reason, it would be a good idea to start considering transitioning to sending OTP codes utilizing the WhatsApp Business API.
OTP on WhatsApp: How to Send OTP?
The most popular communication platform in the world is WhatsApp.
Compared to SMS and other related services, it offers safe and secure communication.
You may use WhatsApp's security and procedures to your advantage as a business to send OTPs.
OTPs are necessary to validate logins and transactions. OTPs are sent via SMS by businesses.
But SMS OTP authentication is less secure than you would believe.
As a result, more companies use WhatsApp's encrypted OTPs.
Only the recipient will be able to read an OTP sent over WhatsApp because it is encrypted. This is one of the safest strategies to lessen spam, malware, and fraud threats.
Let's examine this.
Using WhatsApp Business APIs, ChatDaddy enables you to issue OTP to WhatsApp users. A WhatsApp Business solution called WhatsApp API was introduced by WhatsApp in 2018. Contrary to the WhatsApp Business App, WhatsApp APIs enable SMBs to integrate WhatsApp into their systems.
When your company's WhatsApp business number is approved, you can integrate it with your CRM to automatically deliver OTPs and reminders to clients on WhatsApp.
With the WhatsApp API, a phone verification flow with an OTP
You can send messages to any person who has a WhatsApp number using the WhatsApp API.
This provides countless opportunities to send various notifications or to check phone numbers.
This tutorial will demonstrate how to create an OTP flow that uses WhatsApp as the sender provider to verify phone numbers.
- The existence of a Facebook Business Manager account. Here, one can be made.
- a functioning phone number and a WhatsApp Business account.
- A live account on ChatDaddy.
A description of the flow that we're creating
The flow will be organized as follows:
- The phone number will be needed in the initial step.
- We'll generate an OTP after the user enters their phone number and transmit it using the WhatsApp API.
- The verification code must be provided by the user.
- We will determine whether the verification code is valid when the user enters it. We will display a thank you message if it is legitimate, and an error message if it is not.
1. Make the app and set it up in your Business Manager
If you don't already have one, you must create one by selecting the "Business" type in your Facebook Business Manager:
You will find your testing phone number and temporary access token here, which we will use in the following parts.
If you select WhatsApp > Configuration > Manage phone numbers, you can add your phone number.
Make a template for a message
Using the WhatsApp API, you can send free text messages, however, in this case, we're going to develop a template:
After clicking "Create Message Template," select "One-Time Password," give it the name "OTP," and then complete the template as follows:
- Verification code in the header
- Bodily: Hello! I'm using the WhatsApp API to test an OTP flow. Your verification code is 1.
- Put your brand name in the footer; we're using "Arengu Testing".
This is the syntax that WhatsApp API utilizes to dynamically change those variables with the values we supply to the API; you may have noticed that we use the variable "1."
Producing an everlasting access token
Remember to create a permanent access token before switching to a production environment; otherwise, the temporary one will expire in 24 hours.
Go to Users > System users in your Business Manager settings, click "Add," give the user whatever name you want, and select the "Admin" user role to create the permanent token.
Make sure the "WhatsApp Business Management," "WhatsApp Business Messaging," and "Business Management" permissions are enabled before clicking "Generate new token":
Next, make a copy of the access token that was produced because we'll need it to set up the WhatsApp API:
2. Create a form that requests a phone number and a verification code
Let's begin by including a "Phone" field in the first form step:
To make referencing the field ID's value easier, rename it to "phone."
Mark it as necessary.
To provide customers the option of choosing their country code, enable "Country Picker." Based on the user's IP addresses, we automatically select the nation by default.
Let's add a "Number" field in step two:
- To make referencing the field's value easier, rename the field ID to "verification code."
- Mark it as necessary.
A "Rich text" block can be included as well to provide descriptions and direction for the user. Observe that you can use field values from earlier phases by clicking the addition sign, like in the example above:
Please enter the four-digit verification code received to fields. phone.
The 30-minute code validity period.
Finally, add the following text to the settings for the closing screen as a thank-you message:
3. Utilize the WhatsApp API to generate and send the OTP
Create the first flow that will be executed between steps 1 and 2 by going to the flows tab:
- Let's begin including the operation "Generate one-time password":
- To make referencing the generated value easier, rename the action ID to "generate OTP".
- Add "input.body.phone.number" to the input labelled "Reference value."
- Set the "Code length" value to 4 digits.
To make referencing the generated value easier, rename the action ID to "sendMessage".
- Connection: To create a WhatsApp connection in the vault, click the + sign under the "Connection" field, and then enter the temporary or permanent access token you created in the previous step.
- Copy the phone number ID from WhatsApp > Getting started setup and paste it in as the sender phone ID in the previous section.
- Add the form's "input.body.phone.internationalNumber" variable to the recipient's phone number.
- Choose "Template" from the pulldown menu for the message type.
- Create the template and component objects using the message object and payload below.
Take note of the payload's following details:
- Since we had generated it in the part before, we're using "OTP" as the template name.
- We share the same language code that you did when you made this template.
- We pass the created OTP, which will swap out the number one in our WhatsApp template, inside the "components" parameter.
Add an "If/Then" statement:
- In the first input, include "sendMessage.success."
- Fill up the second input with "is true."
Finally, finish this flow by adding two more steps:
- With the value of "sendMessage.body.error.message," display the error message. In the event of an error, this will return the WhatsApp API's output message.
- Selecting the second step of the produced form will jump to that stage.
4. OTP-check the WhatsApp number
We'll begin by including a "Verify one-time password" action in this final flow:
- To make referencing the generated value easier, rename the action ID to "verify OTP".
- Add the following to the "Reference value" input: input.body.phone.number.
- Increase the "Code value" input's "input.body.verification code" value.
Add an "If/then condition" action that will assess the results of the OTP verification after that:
- VerifyOtp.valid should be the first input value.
- Fill up the second input with "is true."
Two additional steps are needed to finish this flow:
- The error message "Your verification code is invalid" should be displayed. Please study it and give it another go.
- Send in the form to have the "thank you" message you configured in the previous section displayed.
Why use Whatsapp OTP?
One-time passwords (OTPs) are used by businesses to authenticate various transactions and to confirm user identity during logins and online purchases.
Due to the additional security it offers, many organizations are using WhatsApp for OTP verifications and 2FA.
The conventional SMS OTP approach may have certain security issues.
Whatsapp OTP is the ideal alternative because of the following factors:
- End-to-end encryption; encryption between the user's device and the business endpoint.
- High delivery rates.
- A cheaper alternative to SMS OTP (ILDO/International SMS)
- tracking and notification of changes in ownership or identity for Whatsapp phone numbers
- Simple connection with a chatbot to assist users in logging in.
How Do I Send My OTP Using A Dedicated WhatsApp Number?
Applying for WhatsApp API and receiving approval on your number are prerequisites for sending OTP using a dedicated number.
Once it has been approved, you can send OTP messages using a two-way communication-capable dedicated phone number.
Clare.AI will handle and advise organizations to gain permission for WhatsApp Business APIs.
Setup Time: If Facebook Business Manager is verified, 30 minutes.
(Depends on how the Facebook Official Team is doing with business verification; this typically takes 1-3 weeks.)
- SMS Text Message Number (Should not have a WhatsApp account, this number is non-transferable)
Use the phone number that has been registered with WhatsApp Business to complete these procedures if you want to remove the WhatsApp account associated with your number.
- Business Display Name (Should have an obvious association with Business) (Should have a clear relationship with Business).
To know about the Display Name, please read the recommendations for choosing a Display name For WhatsApp Business.
- Facebook Business Manager ID (should be validated by uploading business documentation) (should be verified by uploading business documents)
Please click here to create a Facebook Business if you don't already have one.
Please follow these instructions to receive Facebook business verification for your Facebook page.
How to use a shared number to send an OTP on WhatsApp?
You can register with a WhatsApp BSP (Business Solution Provider) like ChatDaddy that offers this feature if you want to send OTP using Shared Number.
Using Shared numbers to send OTPs is supported by WATI.
You can do this by doing these actions:
- Sign up for an account Here.
- To learn more about the /sendTemplateMessage API, go to API Docs.
- To send the OTP to the user's number, utilize your code to invoke the /sendTemplateMessage API.
In the trial account, ChatDaddy allows you to send OTP messages up to a predetermined cap.
You can purchase credits to send OTPs on WhatsApp if you'd want to send additional OTP messages.
Conclusion | WhatsApp OTP
OTP is secure and guards your customers' private information.
You can conceal the OTP setting on the ChatDaddy dashboard to retain privacy. However, to hide the variable and make it read-only for the customer, you must put hide variables in the body.
You can use the same API as the API to deliver WhatsApp OTP using ChatDaddy.
Simply follow the steps listed below to send OTP messages using WhatsApp APIs after your account has been approved:
- On the ChatDaddy Dashboard's Broadcast tab, submit a template for review.
- Your one-time verification code is "OTP" in the template format.
- Wait for the template to be approved. The approval process usually takes 10 to 30 minutes.
- The one-time verification code can be activated using the /sendTemplateMessage API.
That's it. On WhatsApp, you can use this method to send OTPs to your clients.
Please contact us if you require any other help.
We'll be glad to assist.
FAQs | WhatsApp OTP
Q: How do I transmit an online OTP?
A: The user must enable two-factor authentication, input their registered mobile number, and select "Send OTP" from the application or website they wish to access to get an OTP via SMS. An OTP will be in your SMS inbox shortly.
Q: OTP bypass: What is it?
A: When visiting any application or website, OTP bypass refers to the use of a phony OTP verification process. OTP bypass enables users to safeguard their original contact information and stop receiving spam emails. With OTP bypass, you may browse any website without worrying about the unsolicited emails that usually follow next.
Q: What is SMS cloud OTP?
A: The cloud OTP is electronically provided along with the prescriptions, saving the physician from having to type the passcode in. The cloud OTP is supplied electronically through the cloud, preventing typos even if the provider must still type in the password.
Q: What business sends OTP messages?
A: The best OTP SMS provider in India is Fast2SMS. It is one of India's top and quickest OTP bulk SMS providers. Fast2SMS offers bulk SMS OTP through a protected gateway, and we guarantee that all of your transactions are completely secure.
Q: I don't have a network, how can I acquire OTP?
A: to issue a new phone number, call customer service or block the lost phone number. You can visit the Nearest Care Center with the missing network SIM. Additionally, the Adhaar card is necessary for this operation, and you can use that number and quickly obtain an OTP after a few hours.
Q: What is the OTP complete form?
A: One-time password (OTP) systems provide a means for signing on to a network or service using a unique password that can only be used once, as the name suggests. The least secure and most widely used authentication method is the static password.
Q: Are hackers able to defeat OTP?
A: Like any security measure, 2FA isn't impermeable entirely. It is the responsibility of the user to be watchful, spot any hacking efforts, and take appropriate action where necessary. Hackers have developed clever methods to intercept OTP SMS messages.
Q: How do OTP tokens function?
A: Tokens with one-time passwords are frequently used in two-factor and multifactor authentication. By introducing a second, dynamic credential, the usage of one-time password tokens strengthens a conventional ID and password system. An OTP token can create a PIN synchronously or asynchronously, depending on the vendor.
Q: Whose OTP was it?
A: What Is an SMS OTP? OTP, or One-Time Password, SMS is a brief message that is sent to the registered mobile phone number of the user who has made the request and contains a one-time auto-generated password.
Q: If I don't have my SIM card, how can I get an OTP?
A: You can get a new SIM card from your service provider if you've lost your SIM card and require an OTP. Your account information and ID must be provided. Once you have received your new SIM card, you can use it to send and receive SMS after activating it.
Q: What is an OTP code of 4 digits?
A: OTP, also known as a one-time pin or dynamic password, is a four- or six-digit code. It is a type of security password that works for payments or single-use transactions on mobile devices, one computer, and so on.