Authentication Templates
Last updated
Last updated
Authentication templates enables businesses to authenticate users with one-time passcodes (usually 4-8 digit alphanumeric codes), occurring at multiple steps in the login process (e.g., account verification, account recovery, integrity challenges).
If your application offers users the option to receive one-time passwords or verification codes via WhatsApp, you must use an authentication template.
It is appropriate to use an authentication template when providing an authentication code to the user.
Sample for Authentication WhatsApp template Message
"{{1}} is your verification code."
"{{1}} is your verification code. For your security, do not share this code."
"{{1}} is your verification code. This code expires in 15 minutes."
Authentication templates include optional add-ons like security disclaimers and expiry warnings. In addition, authentication templates must have a one-time password button (copy code or one-tap). The presets in the authentication message template fixed text are:
Fixed preset text: <VERIFICATION_CODE> is your verification code.
An optional security disclaimer: For your security, do not share this code.
An optional expiration warning: This code expires in <NUM_MINUTES> minutes.
Either a one-tap autofill button, a copy code button, or no button at all if using zero-tap.
URLs, media, and emojis are not supported. Since authentication templates with OTP buttons only consist of preset text and buttons, their risk of being paused is minimized.
Authentication templates must include either a copy code or one-tap autofill button. Buttons behave differently when tapped by a user:
A copy code button copies the one-time password or code to the user's clipboard. The user can then manually switch to your app and paste the password or code into your app's interface.
A one-tap autofill button automatically loads and passes your app the one-time password or code.
Handshake and App Signing Hash
One-tap buttons are the preferred solution as they offer the best user experience. However, one-tap buttons are currently only supported on Android, requires changes to your application in order to perform a "handshake" with Meta, and your app's signing key hash.
To create an authentication Whatsapp template,
Go to WhatsApp Templates under Settings in Gallabox left navigation. Click on "+Create New Template".
Provide the WhatsApp template name, choose the category as "Authentication Template", allow category change as "No", choose the WhatsApp Channel in Gallabox, and choose the language in which you want to send the WhatsApp Template.
Choose how customers can send the code from WhatsApp to your app - Zero Tap Setup, One-Tap Setup or by copying code. if you go with Zero-Tap setup or One-Tap setup, you will need to set up the app. Below are the details on how you could do that:
For Content, check the box to add the security information and provide a time limit to use the OTP.
You can customize the button text for both autofill and copy code. Even when zero-tap is turned on, buttons are still needed for the backup code delivery method.
Once everything is done, submit the WhatsApp Template for approval. The WhatsApp Template will be approved by META within 24 hours.
Authentication template can be sent only via Bot and Dev API.
Users can only send the authentication template to recipients within their own country; attempts to send it internationally will fail.
| Config | Description | Sample Value |
|---|---|---|
<PACKAGE_NAME>
Your Android app's package name.
'com.example.myapplication'
<SIGNATURE_HASH>
Your app signing key hash. See Meta's Official documentation for App Signing Key Hash.
'K8a%2FAINcGX7'
