How to send a WhatsApp verification code

Time to read: 2 minutes

March 20, 2024

Written by

Twilion

Reviewed by

Twilion

SMS one-time passcodes (OTPs) are a popular form of phone verification and two factor authentication (2FA), but in some countries like Brasil, Germany, or India, messaging apps like WhatsApp are more popular than SMS. That's why we added support for WhatsApp in our Verify API. Since WhatsApp does its own phone number verification at sign up, you can use WhatsApp verification to directly replace SMS verification.

This blog post will show you how to quickly start sending and checking WhatsApp verification messages.

New in 2024: you will need a WhatsApp Sender associated with your WhatsApp Business Account before you can send verification messages. If you already have a verified business with Meta, creating a WhatsApp Sender should take about 1 hour. Business verification may take up to 2 weeks. Get started here.

Prerequisites for sending One-Time Passcodes

Before you can send an OTP you'll need:

A Twilio account for sending the WhatsApp message
A Verify Service which you can create in the Twilio console. The Service Name will appear in the SMS body but you can always edit it later
A WhatsApp Sender associated with your Verify Service
A WhatsApp account for testing

Save your Service SID (starts with VA) to use in the API request below.

Send a WhatsApp verification

Copy the following code for the Verifications endpoint and replace the placeholders with:

Your Verify Service SID created above
Your WhatsApp number for testing
Your Twilio Account SID and Auth Token (located on the main page of the Console)

				# code samples in more languages: twilio.com/docs/verify/api/verification

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID>>/Verifications" \
--data-urlencode "To=$YOUR_PHONE_NUMBER>>" \
--data-urlencode "Channel=whatsapp" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN
		

Check your phone - you should have a WhatsApp message with a verification code! Next you can validate the code with the VerificationCheck endpoint or send the code via another channel like SMS, RCS or Voice.

How to detect if WhatsApp is installed on a device

One way to improve user experience is to default to WhatsApp instead of SMS when it's available. You can check if the app is installed on the same device you're running on. Follow the instructions for iOS and Android to determine if a package is installed. Here's an example WhatsApp detection implementation for Android:

				fun PackageManager.isPackageInstalled(packageName: String): Boolean {
  return try {
    getPackageInfo(packageName, PackageManager.GET_ACTIVITIES)
    true
  } catch (e: NameNotFoundException) {
    false
  }
}

fun isWhatsAppInstalled : Boolean() {
    val whatsAppPackageName = "com.whatsapp"
    val whatsAppBusinessPackageName = "com.whatsapp.w4b"
    return getPackageManager().isPackageInstalled(whatsAppPackageName) || getPackageManager().isPackageInstalled(whatsAppBusinessPackageName)
}

		

Unfortunately not every user has a WhatsApp account. While you can detect whether the WhatsApp application is installed on mobile, WhatsApp does not have an API to determine if an account exists prior to sending a message. Fortunately, WhatsApp does not charge for failed message attempts to accounts that don't exist while SMS does charge carrier fees for undelivered messages.

Quick Deploy a Twilio Verify application

To launch an example verification dashboard, head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID. Then, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.

Select the WhatsApp channel, enter your phone number and hit Get a one-time passcode to test it out.

example verification message on whatsapp

How to use Verify OTPs in your application

If you're like me, you love having code to copy and modify. This application gives you the following building blocks:

International telephone input (more details in this post)
Sending an OTP in 4 different channels
Checking an OTP

You can use this as a basis to send and check verifications in your own application for sign up, login, or step up authentication like at checkout.

The email channel requires a smidge more setup but all of the instructions are outlined in the documentation. While you're testing, you might be interested in spinning up a testing dashboard to help avoid hitting rate limits. I can't wait to see what you build and secure!

Related Resources

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.