How to send a WhatsApp verification code

March 20, 2024
Written by
Reviewed by
Phil Nash
Twilion

SMS one-time passcodes (OTPs) are a popular form of phone verification and two factor authentication (2FA), but in some countries like Brasil, Germany, or India, messaging apps like WhatsApp are more popular than SMS. That's why we added support for WhatsApp in our Verify API. Since WhatsApp does its own phone number verification at sign up, you can use WhatsApp verification to directly replace SMS verification.

This blog post will show you how to quickly start sending and checking WhatsApp verification messages.

New in 2024: you will need a WhatsApp Sender associated with your WhatsApp Business Account before you can send verification messages. If you already have a verified business with Meta, creating a WhatsApp Sender should take about 1 hour. Business verification may take up to 2 weeks. Get started here.

Prerequisites for sending One-Time Passcodes

Before you can send an OTP you'll need:

Save your Service SID (starts with VA) to use in the API request below.

Send a WhatsApp verification

Copy the following code for the Verifications endpoint and replace the placeholders with:

  • Your Verify Service SID created above
  • Your WhatsApp number for testing
  • Your Twilio Account SID and Auth Token (located on the main page of the Console)
# code samples in more languages: twilio.com/docs/verify/api/verification

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID>>/Verifications" \
--data-urlencode "To=$YOUR_PHONE_NUMBER>>" \
--data-urlencode "Channel=whatsapp" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Check your phone - you should have a WhatsApp message with a verification code! Next you can validate the code with the VerificationCheck endpoint or send the code via another channel like SMS, RCS or Voice.

How to detect if WhatsApp is installed on a device

One way to improve user experience is to default to WhatsApp instead of SMS when it's available. You can check if the app is installed on the same device you're running on. Follow the instructions for iOS and Android to determine if a package is installed. Here's an example WhatsApp detection implementation for Android:

fun PackageManager.isPackageInstalled(packageName: String): Boolean {
  return try {
    getPackageInfo(packageName, PackageManager.GET_ACTIVITIES)
    true
  } catch (e: NameNotFoundException) {
    false
  }
}

fun isWhatsAppInstalled : Boolean() {
    val whatsAppPackageName = "com.whatsapp"
    val whatsAppBusinessPackageName = "com.whatsapp.w4b"
    return getPackageManager().isPackageInstalled(whatsAppPackageName) || getPackageManager().isPackageInstalled(whatsAppBusinessPackageName)
}

Unfortunately not every user has a WhatsApp account. While you can detect whether the WhatsApp application is installed on mobile, WhatsApp does not have an API to determine if an account exists prior to sending a message. Fortunately, WhatsApp does not charge for failed message attempts to accounts that don't exist while SMS does charge carrier fees for undelivered messages.

Quick Deploy a Twilio Verify application

To launch an example verification dashboard, head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID. Then, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.

one-time password request form

Select the WhatsApp channel, enter your phone number and hit Get a one-time passcode to test it out.

example verification message on whatsapp

How to use Verify OTPs in your application

If you're like me, you love having code to copy and modify. This application gives you the following building blocks:

You can use this as a basis to send and check verifications in your own application for sign up, login, or step up authentication like at checkout.

The email channel requires a smidge more setup but all of the instructions are outlined in the documentation. While you're testing, you might be interested in spinning up a testing dashboard to help avoid hitting rate limitsI can't wait to see what you build and secure!