This feature is currently in the Pilot maturity stage
Verify WhatsApp helps your business verify users by delivering One-Time-Passcodes (OTPs) via WhatsApp messages, adding to Verify's existing channels for OTP delivery. Adding WhatsApp for OTP delivery can boost your overall conversion rate, because it has over 2 billion users and it works with just a WiFi connection. It doesn't charge for non-delivery, and isn’t exposed to fraud that exploits the telecom network, such as toll fraud. Instead of building from scratch yourself, Verify WhatsApp lets you start sending OTPs right away, without throttling and other restrictions that make successful implementation difficult or even impossible.
Verify WhatsApp is currently in the Pilot maturity stage, which means that:
- We're actively looking for early-adopter customers to try it out and give feedback. That could be you!
- You'll need to contact sales to have it enabled for your Twilio account.
- We're actively developing this feature and it could change/break unexpectedly; please only use in a test environment, not in production.
- Please review additional Pilot limitations below.
Once your Twilio account has been given access:
Verify WhatsApp works just like Verify SMS, except for the following limitations, which may be removed after the feature exits Pilot.
- Usage is free during the Pilot period, but is limited to 1000 WhatsApp messages per Twilio Account. Successful transactional verifications where one of the attempts involved the WhatsApp channel will also not be billed.
- English, Spanish, and Portuguese languages are fully supported, while other languages have partial support.
- No custom templates support.
- Cannot send messages to China.
- Console Logs doesn't show verification details and Console Insights doesn't allow filtering for just WhatsApp verification method.
- No blocking (e.g. block from sending a message to X country code).
- No routing (e.g. WhatsApp is the only "carrier").
Why is WhatsApp a good channel for OTP delivery?
Over the last few years, we’ve witnessed the rise of a new messaging channel: WhatsApp. With over 2 billion users across 180 countries, it is fast achieving ubiquity. Every WhatsApp user is identified by a unique phone number that they provided when creating their WhatsApp account, so this means that WhatsApp can directly replace SMS for all verification use cases, including sign-up, login, and transaction.
What did you learn from adding WhatsApp to your Authy app?
When we added WhatsApp as another channel to send OTPs in our Authy app's sign-up/login flow, we saw strong user adoption: sending about 2000 WA messages per day globally. Adoption was particularly strong in heavy WA countries like Brazil, India, Indonesia, and Germany where we saw 20-40% of users pick the WA option. Adding WhatsApp also resulted in a higher overall conversion rate, because it works on WiFi when there is no cell connection to receive SMS. WhatsApp also doesn’t charge for messages that aren’t delivered. Lastly, WhatsApp is a modern, IP-based network that isn’t exposed to fraud that exploits the telecom network, such as toll fraud, also known as traffic pumping. We actually saw this first hand with Authy where the SMS conversion rate experienced a big drop in a country due to toll fraud for a week, but the WhatsApp conversion rate didn’t change.
How does Verify WhatsApp work?
If you’re familiar with the Verify API for sending SMS OTPs, it’s literally just a one-word change to the API request to switch the desired Channel parameter from SMS to WhatsApp. Just like SMS, the pre-approved OTP template messages are sent through shared WhatsApp-enabled phone numbers maintained by Verify. The generated OTP code is the same, so that a user can use the code they receive from either WhatsApp or SMS if they requested both.
Which Twilio product should I use: Verify WhatsApp API or WhatsApp Business API?
If your use case is OTP delivery, then we strongly recommend the Verify WhatsApp API because it's our purpose-built solution for it, and it offers unique benefits that can be hard to replicate if you were to use the WhatsApp Business API. This is especially true for dating, cryptocurrency, gambling, or digital subscription apps that are not allowed to use WhatsApp directly. Contact sales to discuss how these benefits apply to you.
What are some best practices for implementing WhatsApp OTP?
Based on our experience with our Authy app, we found that the following best practices improved the likelihood that a user completes the verification after choosing to receive an OTP message via WhatsApp (aka Conversion Rate):
- If the user is using your mobile app, you can check that the user also has WhatsApp installed on the same device, before displaying the "send message via WhatsApp" option. This avoids scenarios where the user might have setup a WhatsApp phone number at some point, but can't immediately receive messages on the device. Granted, the user may have WhatsApp installed on a different device, so you might exclude some users unnecessarily, but in our experience, this is a small percentage of users.
- Have the user confirm that they entered their phone number correctly, to avoid sending the OTP message to the wrong person.
- We've observed that "stock Android" phones are able to retrieve OTP codes directly from English-language WhatsApp messages and push it to your user while they are still in your app. Take advantage of this by making it easy to copy/paste the code into your UI.
What is the purpose of the "I did not request it" quick reply button in the WhatsApp message?
The purpose of this button is for Twilio to monitor if the wrong person is receiving the WhatsApp message. This can happen sometimes if your user (accidentally) provides the wrong phone number. A low frequency of this occuring is considered normal, but a high frequency would indicate a bigger problem that will be flagged and investigated by Twilio.