How to Send OTP on WhatsApp-Complete Setup Guide

You must have waited long for SMS OTPs and never received one. Slow delivery, poor reliability, and rising costs make it hard to maintain a good user experience in SMS delivery. 

WhatsApp OTP solves that.

It sends verification codes directly through WhatsApp, providing a faster, encrypted, and easy-to-automate process. 

Businesses are considering them as a go-to channel for login, payment, and account verification.

This blog explains what a WhatsApp OTP is and the simple setup process for sending it through the WhatsApp Business API, from obtaining template approval to full API integration.

What is WhatsApp OTP?

A WhatsApp OTP (One-Time Password) is a short, time-sensitive code sent through WhatsApp to verify a user’s identity. It works just like an SMS OTP: the user receives a 4–6 digit code to confirm a login, transaction, or registration, but with faster delivery and stronger security.

Each OTP is sent as an encrypted message through WhatsApp’s secure network. These OTPs can’t be intercepted or misused. Users receive it instantly within the app they already use daily.

This code arrives as a private message from a verified business account; users can trust it’s legitimate. 

The speed, security, and simplicity are what make WhatsApp OTP a better alternative to SMS or email-based authentication.

WhatsApp OTP vs SMS OTP vs Email OTP

All OTPs have the same goal: to verify users. 

The difference lies in how quickly they arrive and how securely they’re delivered.

Why is SMS OTP becoming obsolete?

In 2019, hackers gained access to Twitter CEO Jack Dorsey’s account using a SIM-swap attack, a known flaw in SMS-based verification. WhatsApp’s encrypted delivery system prevents such attacks significantly more compared to SMS.

Also Read: SMS Marketing Tools vs WhatsApp Broadcasts: When to Use Each for Maximum Impact?

Why Businesses Prefer WhatsApp OTP?

WhatsApp OTP offers better speed, reliability, and security. Messages reach users in seconds, are encrypted end-to-end.

On top of that, users know these are received from verified business accounts that people already trust.

For businesses, this means fewer failed deliveries, fewer support tickets, and lower costs, often 40–60% less than SMS at scale.

Requirements to Send WhatsApp OTP

You can’t send OTPs using the standard WhatsApp Business App. Authentication messages require the WhatsApp Business API, which can be either the Cloud API (managed by Meta) or the On-Premises API (managed by a third-party provider).

To get started, you’ll need:

• Business registration: A verified business entity connected to your Facebook Business Manager account, with valid documentation for Meta’s review.
  
• Verified business number: A phone number not previously used on WhatsApp, formatted correctly for your country, and able to receive a verification code during setup.
  
• Approved message templates: WhatsApp doesn’t allow generic OTP messages. Templates must include a verification variable ({{1}}), a short security disclaimer, and optionally an expiry note. You can also add a copy-code or one-tap autofill button for convenience.

Once submitted, templates are usually approved within 15 minutes to 24 hours. After approval, your account can start sending real-time, encrypted authentication messages through WhatsApp.

How to Send WhatsApp OTP?

Once your WhatsApp business is verified and templates are approved, setting up WhatsApp OTP is a straightforward process.

Step 1: Create your authentication template

Start by drafting a short, secure message template. It should include a verification variable ({{1}} for the OTP code), a clear security note, and an optional expiry time.

Example:

{{1}} is your verification code.

For your security, do not share this code.

This code expires in {{2}} minutes.

Avoid emojis, links, or media attachments as WhatsApp rejects templates with those elements. 

You can also add a “Copy Code” or one-tap autofill button for a smoother user experience. 

Submit the template via Meta Business Suite → WhatsApp Manager → Message Templates.

Step 2: Integrate WhatsApp API

Next, connect your verified number to the WhatsApp Cloud API, Meta’s official interface for sending authentication messages.

Use the following endpoint and access token for configuration:

ACCESS_TOKEN=”your_access_token”

WHATSAPP_API_URL=”https://graph.facebook.com/v18.0/YOUR_PHONE_NUMBER_ID/messages”

This setup allows your system to send approved OTP templates directly to users through WhatsApp’s secure network.

If you prefer a simpler route, connect through a Business Solution Provider (BSP) such as Wati. BSPs manage the backend API integration for you, so you can handle everything, from template approval to delivery tracking through a single dashboard.

Step 3: Automate OTP delivery

Once your integration is active, it’s time to automate the OTP flow. When a user requests verification, your system should generate a unique code, store it briefly, and send it through WhatsApp using the approved authentication template.

Here’s what a basic API request looks like:

A successful response confirms message delivery:

How the flow works:

1. The user requests an OTP.
2. Your system generates a six-digit code and stores it temporarily (5–10 minutes).
3. The code is sent through the approved template using the API.
4. When the user submits the code, your system verifies it.
5. The code is then invalidated to prevent reuse.

This workflow ensures OTPs are unique, secure, and instantly delivered, giving users a smooth, verified authentication experience.

Here’s the complete video:

How to Enable WhatsApp OTP for Your Business?

Once your WhatsApp Business API is active and your authentication template is approved, follow these steps to go live with OTP verification:

Complete Business Verification

Verify your business through Meta Business Manager and link a phone number that’s not already registered on WhatsApp.

Get WhatsApp Business API Access

Apply for WhatsApp Cloud API via Meta or a Business Solution Provider (BSP) like Wati. Once approved, you’ll receive an access token and a phone number ID.

Create and Approve Authentication Templates

Draft a short OTP message template using variables (e.g., {{1}} for the OTP). Submit it for approval through WhatsApp Manager. Approval typically takes 15 minutes to 24 hours.

Set Up Backend Integration

Use the Cloud API endpoint to send OTPs programmatically:

https://graph.facebook.com/v18.0/{{PHONE_NUMBER_ID}}/messages

Configure webhooks to track delivery and status events, and implement backend logic to securely generate, send, and validate OTP codes.

Test and Automate

Test with sample numbers, validate delivery, and automate OTP generation through your existing login or signup workflows.

(Optional) Add SMS fallback logic if needed for regions with WhatsApp delivery restrictions.

Monitor and Optimize

Use analytics or BSP dashboards (like Wati) to track delivery rate, latency, and user completion time. Aim for >95% OTP delivery within 3 seconds.

WhatsApp OTP Best Practices and Delivery Rules

To keep authentication fast, secure, and compliant, follow these key practices when sending OTPs through WhatsApp.

• Keep messages short and consistent 

WhatsApp authentication templates can include up to 1,024 characters, but OTPs work best when brief, basically, one or two lines with clear security language. Avoid links, emojis, or media attachments, as these may cause template rejection.

• Use the right OTP format and expiry window

Stick to 4–8 digit numeric codes with an expiry time of 5–10 minutes. This keeps verification secure without frustrating users.

• Control how often users can request new codes

Limit OTP requests to three per user within a 10-minute period. This prevents abuse and improves delivery success rates.

• Monitor delivery and message quality

WhatsApp Cloud API delivers over 95% of OTPs within three seconds. Track delivery reports regularly. Failed or delayed messages often indicate network issues or outdated templates.

• Take advantage of linked device security

WhatsApp automatically hides OTPs on secondary devices like desktop or web. Codes only appear on the user’s primary phone, reducing the risk of interception or misuse. No extra setup is required as it’s built into the API.

The Smarter Way to Verify: WhatsApp OTP with Wati

WhatsApp OTP is a smarter, more reliable alternative to SMS and email. With 98% open rates, end-to-end encryption, and verified business profiles, it gives both brands and users instant trust in every interaction.

Wati helps you go live with secure WhatsApp OTP verification in under 30 minutes. You get the reliability of Meta’s infrastructure with the simplicity of a single dashboard. Book a demo with Wati to start sending secure WhatsApp OTPs today.

FAQs: How to Send OTP on WhatsApp-Complete Setup Guide