Send a WhatsApp verification code in under 5 minutes

March 28, 2022
Written by
Reviewed by
Phil Nash
Twilion

SMS one-time passcodes (OTPs) are a popular form of phone verification and two factor authentication (2FA), but in some countries like Brasil, Germany, or India, messaging apps like WhatsApp are more popular than SMS. That's why we added support for WhatsApp in our Verify API. Since WhatsApp does its own phone number verification at sign up, you can use WhatsApp verification to directly replace SMS verification. Best of all, by using WhatsApp through the Verify API, you do not need a separate WhatsApp Business Account.

This blog post will show you how to quickly spin up an OTP dashboard and start sending and checking WhatsApp verification messages.

Prerequisites for sending One-Time Passcodes

Before you can send an OTP you'll need:

 

Copy your Service SID (starts with VA):

 

Twilio verify console showing an example

Quick Deploy a Twilio Verify application

Make sure you're logged in to Twilio and head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID:

 

Quick deploy form showing populated account name and pasted verify service sid

Next, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.

one-time password request form

Select the WhatsApp channel, enter your phone number and hit Get a one-time passcode to test it out. It's really that easy!

example verification message on whatsapp

How to detect if WhatsApp is installed on a device

One way to improve user experience is to default to WhatsApp instead of SMS when it's available. You can check if the app is installed on the same device you're running on. Follow the instructions for iOS and Android to determine if a package is installed. Here's an example WhatsApp detection implementation for Android:

fun PackageManager.isPackageInstalled(packageName: String): Boolean {
  return try {
    getPackageInfo(packageName, PackageManager.GET_ACTIVITIES)
    true
  } catch (e: NameNotFoundException) {
    false
  }
}

fun isWhatsAppInstalled : Boolean() {
    val whatsAppPackageName = "com.whatsapp"
    val whatsAppBusinessPackageName = "com.whatsapp.w4b"
    return getPackageManager().isPackageInstalled(whatsAppPackageName) || getPackageManager().isPackageInstalled(whatsAppBusinessPackageName)
}

Unfortunately not every user has a WhatsApp account. While you can detect whether the WhatsApp application is installed on mobile, WhatsApp does not have an API to determine if an account exists prior to sending a message. Fortunately, WhatsApp does not charge for failed message attempts to accounts that don't exist while SMS does charge carrier fees for undelivered messages.

How to use the Verify OTP Quick Deploy application

This application doesn't actually protect anything (yet!), but if you're like me, you love having code to copy and modify. This application gives you the following building blocks:

You can use this as a basis to send and check verifications in your own application for sign up, login, or step up authentication like at checkout.

The email channel requires a smidge more setup but all of the instructions are outlined in the documentation. While you're testing, you might be interested in spinning up a testing dashboard to help avoid hitting rate limits.

Check out these other Quick Deploy projects for more inspiration:

I can't wait to see what you build!