How to send a WhatsApp verification code
Time to read: 2 minutes
SMS one-time passcodes (OTPs) are a popular form of phone verification and two factor authentication (2FA), but in some countries like Brasil, Germany, or India, messaging apps like WhatsApp are more popular than SMS. That's why we added support for WhatsApp in our Verify API. Since WhatsApp does its own phone number verification at sign up, you can use WhatsApp verification to directly replace SMS verification.
This blog post will show you how to quickly start sending and checking WhatsApp verification messages.
Prerequisites for sending One-Time Passcodes
Before you can send an OTP you'll need:
- A Twilio account for sending the WhatsApp message
- A Verify Service which you can create in the Twilio console. The Service Name will appear in the SMS body but you can always edit it later
- A WhatsApp Sender associated with your Verify Service
- A WhatsApp account for testing
Save your Service SID (starts with VA
) to use in the API request below.
Send a WhatsApp verification
Copy the following code for the Verifications endpoint and replace the placeholders with:
- Your Verify Service SID created above
- Your WhatsApp number for testing
- Your Twilio Account SID and Auth Token (located on the main page of the Console)
Check your phone - you should have a WhatsApp message with a verification code! Next you can validate the code with the VerificationCheck endpoint or send the code via another channel like SMS, RCS or Voice.
How to detect if WhatsApp is installed on a device
One way to improve user experience is to default to WhatsApp instead of SMS when it's available. You can check if the app is installed on the same device you're running on. Follow the instructions for iOS and Android to determine if a package is installed. Here's an example WhatsApp detection implementation for Android:
Unfortunately not every user has a WhatsApp account. While you can detect whether the WhatsApp application is installed on mobile, WhatsApp does not have an API to determine if an account exists prior to sending a message. Fortunately, WhatsApp does not charge for failed message attempts to accounts that don't exist while SMS does charge carrier fees for undelivered messages.
Quick Deploy a Twilio Verify application
To launch an example verification dashboard, head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID. Then, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.
Select the WhatsApp channel, enter your phone number and hit Get a one-time passcode
to test it out.
How to use Verify OTPs in your application
If you're like me, you love having code to copy and modify. This application gives you the following building blocks:
- International telephone input (more details in this post)
- Sending an OTP in 4 different channels
- Checking an OTP
You can use this as a basis to send and check verifications in your own application for sign up, login, or step up authentication like at checkout.
The email channel requires a smidge more setup but all of the instructions are outlined in the documentation. While you're testing, you might be interested in spinning up a testing dashboard to help avoid hitting rate limits. I can't wait to see what you build and secure!
Related Posts
Related Resources
Twilio Docs
From APIs to SDKs to sample apps
API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
Resource Center
The latest ebooks, industry reports, and webinars
Learn from customer engagement experts to improve your own communication.
Ahoy
Twilio's developer community hub
Best practices, code samples, and inspiration to build communications and digital engagement experiences.