The Complete Guide to Sending WhatsApp OTP Via Qiscus Omnichannel Chat

One Time Password (OTP) is a short code that is useful for user security authentication in an application. OTP is here to protect the personal data of user data when logging into the application. Its nature to maintain data security makes the data only activated in a few minutes. In addition, as an application service provider, you must also participate in maintaining the confidentiality of the OTP code that you send.

Generally, the OTP code is sent via SMS service. It’s just that there are many weaknesses in terms of data security if the OTP is sent via SMS. For that, it’s a good idea to start thinking about switching to using the WhatsApp Business API to send OTP codes. The end-to-end encryption feature on WhatsApp makes messages only readable by users. In addition to these advantages, fast delivery, delivery quotas, and characters are advantages of using the WhatsApp Business API.

Get the WhatsApp Business API service by partnering with Qiscus as the official WhatsApp Business partner in Indonesia. Qiscus provides WhatsApp Business API services in one dashboard called Qiscus Omnichannel. If you are interested in sending OTP via WhatsApp, it’s a good idea to start listening to the following tutorial.

Things to Know

There are several things that you must prepare before you can finally send the OTP code via the WhatsApp Business API, here are the details:

  1. To enable the WhatsApp Business API, you can contact Qiscus here.
  2. Activation of Qiscus Omnichannel Chat, for help you can contact us here.
  3. WhatsApp account integration with Qiscus Omnichannel Chat, use the documentation guide here to do the integration.
  4. Creating message templates to send OTP, see product documentation here for implementation.

Implementation

There are several steps that you must do after the Qiscus Omnichannel Chat setup is complete. Check out the steps as follows.

1. Authentication

You must get AdminToken authentication before finally sending OTP using WhatsApp Business API. Use the following API to get it.
Use the following API for Admin Token:

[POST] https://multichannel.qiscus.com/api/v1/auth

Sample Request Body

{
    "email": "YOUR_EMAIL",
    "password": "YOUR_PASSWORD",
}

Example Request

curl --location --request POST 'https://multichannel.qiscus.com/api/v1/auth' \
--form 'email=YOUR_EMAIL' \
--form 'password=YOUR_PASSWORD'

Example Response

{
    "data": {
        "user": {
            "id": 2,
            "name": "Qismo",
            "email": "qiscus_xxxx_YOUR_EMAIL",
            "authentication_token": "QEXevusxxxxxxxxxx1lsl8",
            .......
        },

3. Choosing The Template

If you have trouble creating message templates for OTP, Qiscus Omnichannel Chat has prepared several template options that you can use. Find more detailed message details here. To create a new template, you can go to the outgoing message menu on the Qiscus Omnichannel Chat dashboard. On the same page, you can also see the message templates that you have created.

Template message on Qiscus Omnichannel Chat Dashboard.

Templates that have been created can also be viewed on the same page.

Template message list that you have write.

3. Using The API

After getting AdminToken and selecting a message template, the next step is using the API. In this tutorial, we will use sample template “otp_confirmation_text”. For detailed information about channel_id, template_name, namespace, etc, click View on the selected template.

Using the API to send the OTP code.

You can send WhatsApp OTP using this API:

[POST] https://multichannel.qiscus.com/api/v3/admin/broadcast/client

Header

KeyType
Authorization{{AdminToken}}
Header description.

Body

KeyTypeDescription
channel_idoptional, if null will use first wa channelChannel ID is the identifier of the channel
template_namerequiredTemplate name of the selected template
namespacerequiredNamespace of the selected template
languagestring, requiredThe language used in the selected template
variables[]array of string, requiredThe OTP code you want to send
phone_numberstring, requiredThe phone number you want to send the OTP to
button_paramsrequired if template has buttonsYou only need to fill it out if the message template has button(s)
Body description.

Example request:

curl --location -g --request POST 'https://multichannel.qiscus.com/api/v3/admin/broadcast/client' \
--header 'Authorization: QEXevusxxxxxxxxxx1lsl8' \
--form 'channel_id: 7xx' \
--form 'template_name: otp_confirmation_text' \
--form 'namespace: 51dcd9a4_xxxx_xxxx_xxxx_xxxxxxbb5' \
--form 'language: id' \
--form 'variables[]: 5678' \
--form 'phone_number: +628xxxxxxx321' \
--form 'button_params:""' 

Example response:

{
    "data": {
        "broadcast_job_id": xxx24,
        "broadcast_logs": [
            {
                "id": 12371070,
                "message_id": "gBGHxxxSGUDxsVcB",
                "notes": null,
                "phone_number": "+628xxxxxxx321",
                "sent_at": "2022-07-29T03:47:14Z",
                "status": "sent",
                "variables": "[\"5678\"]"
            }
        ],
        "language": "id",
        "name": "otp_confirmation_text",
        "namespace": "51dcd9a4_xxxx_xxxx_xxxx_xxxxxxbb5"
    },
    "status": 200
}

The Result

This is how the message on the customer’s WhatsApp looks like

The message that received by customer.

4. Checking if The Message was Sent

You can check whether an OTP code message was sent to the customer in two ways:

  • Via the Qiscus dashboard

To see if an OTP message has been sent, you can view the broadcast history on the Send WhatsApp Broadcast Messages menu. Click See Log to get full information regarding the message.

Log message on Qiscus Omnichannel dashboard.

There are 4 message delivery status:

  1. Sent: the message has been sent.
  2. Delivered: the message has been sent but has not been read by the customer.
  3. Read: customer has opened and read the message.
  4. Failed: your message failed to deliver.

You can see the status of the message in the detail log as shown below.

Message delivery report.
  • Via Webhook

You can also view message status via Webhook. To do this, you have to setup API for the webhook URL.

API:

[POST] https://multichannel.qiscus.com/whatsapp/{{APP-ID}}/{{channel-id}}/settings

Header

Qiscus-App-Id : {{APP-ID}}
Qiscus-Secret-Key : {{Secret Key}}
content-type : application/json

You can get app_id and secret_key from Qiscus Omnichannel Chat dashboard in the Setting menu and then click App Information.

App information on dashboard.

Body

{
    "webhooks": {
        "url": "YOUR_DOMAIN_URL.com/receive_webhooks"
    }
}

Example request

curl -X POST \
  https://multichannel.qiscus.com/whatsapp/evo-hxybzc3pcehtbokfv/779/settings \
  -H 'Qiscus-App-Id: evo-hxybzc3pcehtbokfv' \
  -H 'Qiscus-Secret-Key: xxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "webhooks": {
        "url": "YOUR_DOMAIN_URL.com/receive_webhooks"
    }
}'

You can get your App ID and Qiscus Secret Key to authenticate in Qiscus Omnichannel Chat by following this page.

Example response

{
    "business_id": "331765761667523",
    "status": 200,
    "webhooks": {
        "url": "YOUR_DOMAIN_URL.com/receive_webhooks (http://your_domain_url.com/receive_webhooks)“
    }
}

You can read the details about settings the webhooks in WhatsApp Business API in here.

5. In OTP Message Not Sent

There are several reasons why your OTP message is not being delivered to customers, namely:

  • Your customer phone number is wrong
  • The phone number is not registered on WhatsApp

If the OTP message is not delivered, you can do the following:

  1. Try again to send the message
  2. Use another method to send the OTP. For example, you can use other channels (e.g SMS, Email, and many more) that are integrated with Qiscus Omnichannel Chat.

Importance Notice

OTP is confidential and protects the personal data of your customers. To maintain confidentiality, you can hide the OTP variable on the Qiscus Omnichannel Chat dashboard. You can use the same API as the API to send WhatsApp OTP via Qiscus. However, to hide the variable and make it read-only by the customer, you must add hide_variables in the body.

API:

[POST] https://multichannel.qiscus.com/api/v3/admin/broadcast/client

Header

KeyType
Authorization{{AdminToken}}
Header description.

Body

KeyTypeDescription
channel_idoptional, if null will use first wa channelChannel ID is the identifier of the channel
template_namerequiredTemplate name of the selected template
namespacerequiredNamespace of the selected template
languagestring, requiredThe language used in the selected template
variables[]array of string, requiredThe OTP code you want to send
phone_numberstring, requiredThe phone number you want to send the OTP to
button_paramsrequired if template has buttonsYou only need to fill it out if the message template has button(s)
hide_variablestruehide_variables is used to hide OTP code in Qiscus Omnichannel Chat Inbox
Body description.

Example request

curl --location -g --request POST 'https://multichannel.qiscus.com/api/v3/admin/broadcast/client' \
--header 'Authorization: QEXevusxxxxxxxxxx1lsl8' \
--form 'channel_id: 7xx' \
--form 'template_name: otp_confirmation_text' \
--form 'namespace: 51dcd9a4_xxxx_xxxx_xxxx_xxxxxxbb5' \
--form 'language: id' \
--form 'variables[]:5678' \
--form 'phone_number:+628xxxxxxx321' \
--form 'button_params:""' \
--form 'hide_variables="true"'

Note:

You can get all the data AdminToken, channel_id, template_name, namespace, etc the same way as step 3.

Example response

{
    "data": {
        "broadcast_job_id": xxx24,
        "broadcast_logs": [
            {
                "id": 12371070,
                "message_id": "gBGHxxxSGUDxsVcB",
                "notes": null,
                "phone_number": "+628xxxxxxx321",
                "sent_at": "2022-07-29T03:47:14Z",
                "status": "sent",
                "variables": "[\"5678\"]"
            }
        ],
        "language": "id",
        "name": "otp_confirmation_text",
        "namespace": "51dcd9a4_xxxx_xxxx_xxxx_xxxxxxbb5"
    },
    "status": 200
}

Result

This is how the hide_variables will affect message on the Qiscus Omnichannel Chat dashboard.

The result of hide indicator.

Now that the WhatsApp Business API is ready to send OTPs to customers, make sure to test the delivery first.

Contact Qiscus for WhatsApp Business API Implementation

Qiscus Omnichannel Chat is a dashboard that contains all business conversation solutions for you. There are other solutions such as Chatbot and WhatsApp Chatbot that are useful for maximizing your business communication with customers. Feel free to contact us for a consultation and get the best offer. Contact Qiscus here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like