Recommended approach
The safer pattern is to make the user send the first WhatsApp message, then reply with the OTP. This creates clear user intent and gives the conversation context before your system sends the OTP.Option 1: Build it yourself with webhooks
Use this option if you want full control over the verification flow.Ask the user to message you first
Add a WhatsApp button or link in your app or website so the user starts the chat themselves.
Receive the incoming message
Configure WhatsApp webhooks to capture the user’s first message.
Implement your OTP logic
In your backend, detect the verification request, generate or validate the OTP, and connect it to the correct user session.
Reply using the WhatsApp API
Send the OTP back as a reply using the messaging endpoints in the WhatsApp API.
Option 2: Use our existing OTP API
If you do not want to build the full flow yourself, use the existing OTP API.Generate OTP Link
Create a WhatsApp OTP link that opens WhatsApp with a prepared message so the user can start the conversation first.
Best practice summary
- Do not send OTPs as cold outbound WhatsApp messages.
- Expect higher ban risk if your account starts OTP conversations by itself.
- Prefer a flow where the user sends the first message.
- Use webhooks if you want to build the logic yourself.
- Use the OTP API if you want a ready-made flow.