1msg official logo

WhatsApp Business API for otp verification

The scenario sends the user a WhatsApp authentication template with a one-time verification code in the message body and a copy-code button.

Use case overview

The scenario sends the user a WhatsApp authentication template with a one-time verification code in the message body and a copy-code button. The user can tap the button to copy the code and paste it into your app or portal.

Template example

{{1}} is your verification code. For your security, do not share this code with anyone.

[Copy code]

Authentication templates require the OTP in two API places — body and copy-code button. Body-only sends return sent: false.

Variables and purpose

  • {{1}} — one-time verification code (digits)

Filled-in example

123456 is your verification code. For your security, do not share this code with anyone.

[Copy code]

When to use it

  • login and registration
  • step-up verification
  • agencies and integrators

Business value

  • User requests login, registration, or step-up verification
  • System generates a one-time code and resolves the recipient phone
  • Personalised authentication template is built with the code in body and button
  • WhatsApp message is delivered to the user
  • User copies or reads the code and submits it for verification

Workflow

  1. The user starts login, registration, or step-up verification in your app or portal.
  2. Your backend generates a one-time code and resolves the user's WhatsApp number.
  3. A template message is built with the code in the body and the same value in the copy-code button parameter.
  4. The user receives the WhatsApp message and copies or reads the code.
  5. Your backend validates the submitted code and completes the flow; delivery errors are handled per platform rules.
  6. Delivery progress is reported asynchronously — typically sent, then delivered (or failed/undelivered).
  7. Your system receives status via webhook (hooks[]) or polls GET …/hookInfo?messageId=<id> and handles failures if needed.

Technical implementation

Prerequisites

  • A 1MSG account with WhatsApp Business API connected and an approved authentication template (copy-code button).
  • User phone number in international format (without + and spaces).
  • Your backend generates the OTP, sends it via the API in both body and button parameters, and verifies the code when the user submits it.

Code examples

Node.js

#!/usr/bin/env node

// === Configuration (replace "___" placeholders) ===

const API_BASE_URL = "https://api.1msg.io"; // production 1MSG API base URL
const CHANNEL_ID = "___";                   // channel ID from 1MSG dashboard
const API_TOKEN = "___";                    // channel JWT token (Bearer)

const TEMPLATE_NAME = "___";                // approved template name
const TEMPLATE_NAMESPACE = "___";           // template namespace (422 without it)
const TEMPLATE_LANGUAGE = "___";            // template language code, e.g. "en"



// === Test data ===
const TEST_PHONE = "___";            // client phone in international format
const TEST_CODE = "___";    // {{1}} otp code

function normalizePhone(phone) {
  return String(phone).replace(/\D/g, "");
}

function assertConfigured(values) {
  for (const [key, value] of Object.entries(values)) {
    if (value === "___" || value === "" || value === undefined || value === null) {
      throw new Error(`Missing configuration value: ${key}`);
    }
  }
}

async function sendTemplateMessage({ phone, code }) {
  assertConfigured({
    CHANNEL_ID,
    API_TOKEN,
    TEMPLATE_NAME,
    TEMPLATE_NAMESPACE,
    TEMPLATE_LANGUAGE,
    phone,
    code,
  });

  const url = `${API_BASE_URL}/${CHANNEL_ID}/sendTemplate`;

  // params carries body and button blocks.
  const requestBody = {
    phone: normalizePhone(phone),
    template: TEMPLATE_NAME,
    namespace: TEMPLATE_NAMESPACE,
    language: {
      policy: "deterministic",
      code: TEMPLATE_LANGUAGE,
    },
    params: [
      {
        type: "body",
        parameters: [
          { type: "text", text: String(code) }, // {{1}} otp code
        ],
      },
      {
        type: "button",
        sub_type: "url",
        index: "0",
        parameters: [{ type: "text", text: String(code) }],
      },
    ],
  };

  const res = await fetch(url, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${API_TOKEN}`,
    },
    body: JSON.stringify(requestBody),
  });

  const raw = await res.text();
  let data;
  try {
    data = JSON.parse(raw);
  } catch {
    data = null;
  }

  if (!res.ok || !data || data.sent !== true) {
    console.error("Send failed. API response:");
    console.error(raw);
    process.exit(1);
  }

  console.log("Message sent to client.");
  console.log("API response:", raw);
  return data;
}

if (require.main === module) {
  sendTemplateMessage({
    phone: TEST_PHONE,
    code: TEST_CODE,
  }).catch((err) => {
    console.error("Execution failed:", err.message);
    process.exit(1);
  });
}

module.exports = { sendTemplateMessage };

Immediate API response (synchronous)

  • HTTP 2xx and JSON "sent": true mean 1MSG accepted the message for sending — not that it already reached the customer's phone.
  • Save the `id` field from the response (value looks like wamid.…). Use it to correlate delivery callbacks or polling.
  • The response may also include message and description — informational only.

Delivery status (asynchronous)

  • Register a webhook (POST …/webhook) so 1MSG POSTs delivery updates to your HTTPS endpoint in a separate `hooks[]` payload (sent, delivered, read, or failed/undelivered when applicable).
  • Optionally poll: GET {base}/{channel}/hookInfo?messageId=<id from sendTemplate>.
  • In practice, delivery often completes within a few seconds — but that is not guaranteed by the API contract.

Common errors

  • Invalid or non-normalized phone number
  • Unapproved or missing template name / namespace
  • No customer opt-in for WhatsApp business messages
  • Template variable count mismatch (422 from API)
  • Delivery failure — check status webhook and retry policy

FAQ

  • Do I need an approved template? Yes — cold-start WhatsApp messages require a Meta-approved template.
  • Can I customize the message text? Body variables are dynamic; fixed text and button labels are set in the Meta template.
  • How do I check delivery? sent: true only confirms acceptance. Track delivery via webhook hooks[] or GET …/hookInfo?messageId=<id>.
  • What if the message is not delivered? Log the failed/undelivered hook, verify opt-in and template status, then retry or fall back to another channel.
  • Can I connect this to my CRM or backend? Yes — trigger the API call from your platform webhook or event handler.

CTA

Ready to use otp verification? Connect your 1MSG channel and run the code examples above.

Related

Build WhatsApp automation in minutes

Use 1MSG to automate this workflow and try it with our free demo.

Try the demo →