> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hypersender.com/llms.txt
> Use this file to discover all available pages before exploring further.

# WhatsApp OTP Guide

> How to handle OTP on WhatsApp with lower ban risk by letting the user message first, then replying through webhooks or the OTP API.

Sending OTP codes as an unexpected first WhatsApp message is risky. WhatsApp is likely to ban or restrict accounts that send OTPs to users who did not start the conversation first.

<Warning>
  If your flow sends OTP messages directly to new or inactive recipients, your WhatsApp account is much more likely to be reported, blocked, or banned.
</Warning>

## Recommended approach

The safer pattern is to make the user send the first WhatsApp message, then reply with the OTP.

```mermaid actions={false} theme={null}
flowchart LR
    A[User clicks Verify with WhatsApp] --> B[WhatsApp opens]
    B --> C[User sends the first message]
    C --> D[Your webhook receives the message]
    D --> E[Your system generates or fetches the OTP]
    E --> F[Reply with the OTP on WhatsApp]
```

This creates clear user intent and gives the conversation context before your system sends the OTP.

## Option 1: Build it yourself with webhooks

Use this option if you want full control over the verification flow.

<Steps>
  <Step title="Ask the user to message you first">
    Add a WhatsApp button or link in your app or website so the user starts the chat themselves.
  </Step>

  <Step title="Receive the incoming message">
    Configure [WhatsApp webhooks](/v2/api-reference/whatsapp-webhooks/introduction) to capture the user's first message.
  </Step>

  <Step title="Implement your OTP logic">
    In your backend, detect the verification request, generate or validate the OTP, and connect it to the correct user session.
  </Step>

  <Step title="Reply using the WhatsApp API">
    Send the OTP back as a reply using the messaging endpoints in the [WhatsApp API](/v2/api-reference/whatsapp/introduction).
  </Step>
</Steps>

<Tip>
  Keep the first user message simple, such as "verify", "login", or a short token tied to the current session.
</Tip>

## Option 2: Use our existing OTP API

If you do not want to build the full flow yourself, use the existing OTP API.

<Card title="Generate OTP Link" icon="key" href="/v2/api-reference/otp/otp-service/generate-link">
  Create a WhatsApp OTP link that opens WhatsApp with a prepared message so the user can start the conversation first.
</Card>

You can also use these endpoints directly:

* [Request OTP code](/v2/api-reference/otp/otp-service/request-code)
* [Validate OTP code](/v2/api-reference/otp/otp-service/validate-code)

This is the recommended path if you want a faster implementation with less custom backend logic.

## Best practice summary

* Do not send OTPs as cold outbound WhatsApp messages.
* Expect higher ban risk if your account starts OTP conversations by itself.
* Prefer a flow where the user sends the first message.
* Use webhooks if you want to build the logic yourself.
* Use the OTP API if you want a ready-made flow.
