WhatsApp Authentication Doc

WhatsApp Business API Setup

Connect WhatsApp Business API to enable rich messaging with your customers through WhatsApp.

Overview

WhatsApp Business API Authentication connects your Cloud-PBX to WhatsApp's messaging platform using Meta (Facebook) Business credentials.

Requirements:

Facebook Business Manager account
Verified business
WhatsApp Business API access
Dedicated phone number
Webhook endpoint

Configuration Steps

Create Facebook Business Manager Account

Go to business.facebook.com
Click Create Account
Enter business name and details
Verify business email
Complete business verification:
- Business documents (registration, tax ID)
- Business address
- Website or social media presence
- Business phone number

Verification Time

Business verification can take 1-5 business days.

Apply for WhatsApp Business API Access

In Facebook Business Manager, go to Business Settings
Click Accounts → WhatsApp Accounts
Click Add → Create a WhatsApp Business Account
Fill application:
- Business name
- Business use case
- Expected message volume
- Customer opt-in method
Accept WhatsApp Business Policy
Submit application

Approval typically within 24-48 hours

Register Phone Number

In WhatsApp Manager, click Phone Numbers
Click Add Phone Number
Enter phone number (must not be on personal WhatsApp)
Choose verification method (SMS or voice call)
Enter verification code
Set display name
Complete registration

Phone Number Requirements:

Not registered on WhatsApp before
SMS/voice capable
Dedicated business line
Not banned/restricted

Generate API Credentials

Go to WhatsApp Manager → API Setup
Copy Phone Number ID
Copy WhatsApp Business Account ID
Generate Access Token:
- Navigate to System Users (in Business Settings)
- Create system user: "Cloud-PBX Integration"
- Assign assets (WhatsApp account)
- Generate token with permissions:
  - whatsapp_business_messaging
  - whatsapp_business_management
Store credentials securely

Credentials Needed:

Phone Number ID
WhatsApp Business Account ID
Access Token (permanent token recommended)

Configure Cloud-PBX

Navigate to Messaging → WhatsApp → Authentication
Enter credentials:
- Phone Number ID: From Step 4
- Business Account ID: From Step 4
- Access Token: From Step 4
- Phone Number: Your WhatsApp number (+15551234567)
Click Verify Connection
Save configuration

Connection Verified

Your Cloud-PBX is now connected to WhatsApp!

Set Up Webhooks

Configure WhatsApp to send incoming messages to Cloud-PBX:

In WhatsApp Manager, go to Configuration → Webhooks
Click Edit
Callback URL: https://your-pbx-domain.com/api/messaging/whatsapp/webhook
Verify Token: Generate random string (save it)
Subscribe to webhook fields:
- messages (incoming messages)
- message_status (delivery/read receipts)
- message_template_status_update (template approvals)
Save configuration
In Cloud-PBX:
- Go to Messaging → WhatsApp → Webhooks
- Enter Verify Token (same as Step 4)
- Save
In WhatsApp Manager, click Verify and Save

Webhook Security:

WhatsApp signs requests with SHA-256
Cloud-PBX validates signature automatically
Only accept requests from WhatsApp IPs

Create Business Profile

Go to WhatsApp Manager → Profile
Complete business profile:
- Display Name: Your business name
- About: Brief description (max 139 chars)
- Profile Photo: Logo (min 640x640px)
- Business Description: Detailed description
- Address: Business address
- Business Hours: Operating hours
- Email: Customer contact email
- Website: Business website
- Category: Business category
Submit for verification (green badge)
Save profile

Verified Badge

Green verified badge appears after Meta reviews your business (1-2 weeks).

Test Integration

Outbound Test:

Go to Messaging → WhatsApp → Send Test
Enter your personal WhatsApp number
Send test message
Verify receipt on your phone

Inbound Test:

From your personal WhatsApp, message your business number
Verify message appears in Cloud-PBX inbox
Reply from Cloud-PBX
Verify reply received on your phone

Check Read Receipts:

Blue checkmarks when message read
Gray checkmarks when delivered

Integration Complete

WhatsApp Business is fully operational!

Webhook Configuration

Cloud-PBX Webhook URL:

https://your-pbx-domain.com/api/messaging/whatsapp/webhook

Webhook Events:

messages: Incoming text, media, location, contact
message_status: sent, delivered, read, failed
message_template_status_update: approved, rejected

Webhook Payload Example:

{
  "object": "whatsapp_business_account",
  "entry": [{
    "id": "WHATSAPP_BUSINESS_ACCOUNT_ID",
    "changes": [{
      "value": {
        "messaging_product": "whatsapp",
        "metadata": {
          "display_phone_number": "15551234567",
          "phone_number_id": "PHONE_NUMBER_ID"
        },
        "messages": [{
          "from": "15559876543",
          "id": "wamid.XXX",
          "timestamp": "1634567890",
          "type": "text",
          "text": {
            "body": "Hello, I need help with my order"
          }
        }]
      }
    }]
  }]
}

Security Best Practices

Access Token Security:

Use permanent system user tokens (not temporary)
Store securely (encrypted)
Never commit to version control
Rotate tokens every 90 days
Limit token permissions to minimum required
Use separate tokens for dev/staging/production

Webhook Security:

Validate webhook signatures (SHA-256)
Use HTTPS only
Verify requests from WhatsApp IPs only
Implement rate limiting
Log all webhook activity
Monitor for suspicious patterns

Phone Number Security:

Don't share phone number publicly initially
Monitor for spam/abuse
Enable two-factor authentication
Restrict admin access
Review usage regularly

Troubleshooting

Business Verification Rejected:

Provide clearer business documents
Ensure business name matches documents
Verify business address and phone
Check website/social media presence
Resubmit with corrections

Phone Number Verification Fails:

Number not on personal WhatsApp
Number can receive SMS/calls
Correct country code format (+1...)
Not previously banned
Try different verification method (SMS vs voice)

Webhook Not Receiving Messages:

Verify URL publicly accessible (HTTPS)
Check SSL certificate valid
Review firewall rules (allow WhatsApp IPs)
Test webhook with curl/Postman
Verify webhook subscribed to "messages" event
Check verify token matches

API Connection Fails:

Verify all credentials correct
Check access token permissions
Confirm WhatsApp Business Account ID accurate
Ensure API access approved
Review Meta Business Manager status

Migration Notes

From WhatsApp Business App:

API uses different phone number
Can't migrate app number directly without losing history
Export contacts manually
Notify customers of new number
Gradually transition

Provider Migration (e.g., from Twilio to Meta directly):

Set up new Meta Business Manager
Register new phone number
Update authentication in Cloud-PBX
Test thoroughly before switching
Update templates with new number
Notify customers if number changes

Next Steps

Authentication Complete

WhatsApp Business API is connected! Configure templates and settings next.

Configure Settings: Set up business profile, templates in WhatsApp Settings
Create Templates: Build message templates for notifications
Configure Routing: Route WhatsApp messages to queues in Message Queues
Train Team: Familiarize agents with WhatsApp features
Launch: Start customer conversations