Delivers to US numbers

WhatsApp OTP API: Send Authentication and Verification Codes

Send one-time passwords and login codes over the official WhatsApp Cloud API. Authentication templates are the one message category that still delivers to US phone numbers, they cost less than international SMS, and they carry a native copy-code button so customers verify in a tap.

Official Cloud API. No unofficial bots, no On-Premises hosting.

API
Send a verification code
POST /messages
{
  "messaging_product": "whatsapp",
  "to": "1XXXXXXXXXX",
  "type": "template",
  "template": {
    "name": "login_code",
    "language": { "code": "en_US" },
    "components": [{
      "type": "body",
      "parameters": [
        { "type": "text", "text": "834912" }
      ]
    }]
  }
}
One-tap autofill and copy-code buttons
Delivers to US numbers, unlike marketing
Delivery status returned over webhooks
The short answer

A WhatsApp OTP API sends one-time passwords and verification codes to your users over the official WhatsApp Cloud API, using an approved authentication template. You POST the code as a template variable to the /messages endpoint, and WhatsApp delivers it with a copy-code or autofill button so the user verifies in one tap. Authentication is the only WhatsApp template category that still delivers to US phone numbers in 2026, since Meta paused marketing templates to US recipients on April 1, 2025. WaBulkSend runs on the official Cloud API and manages your authentication templates, number registration, and webhooks, so you send codes with one request instead of building the whole Meta stack.

Last updated July 2026.

What a WhatsApp authentication message is

A WhatsApp authentication message is a special template category built for exactly one job: delivering a one-time password or login code. Meta requires you to use the authentication template type for any code you send, and it locks the format so the message reads the same every time. The body carries fixed preset text, "834912 is your verification code", and you can add an optional security line, "For your security, do not share this code," and an optional expiry warning, "This code expires in 5 minutes." You do not write the copy. You pass the code as a variable and Meta wraps it in the approved layout.

That rigid format is a feature, not a limit. Because the layout is fixed and recognizable, WhatsApp can attach a native button to the message. A copy-code button drops the code onto the clipboard so the user pastes it into your app. A one-tap autofill button hands the code straight to your mobile app through a deep link, so the user never reads or types anything. Starting June 15, 2026, iOS 26 and later also surface the code as a keyboard suggestion for native autofill, enabled by default on authentication templates. The result is a verification step that takes a tap instead of a squint at a six-digit number.

You still send everything through the WhatsApp Cloud API. The authentication template is just the payload; the transport is the same REST endpoint you would use for any other message, which means the OTP flow slots into the same integration as your order and appointment updates.

Why WhatsApp OTP codes reach US numbers when marketing does not

This is the part most guides skip, and it is the reason WhatsApp OTP is worth setting up in the United States at all. Meta splits templates into three categories: marketing, utility, and authentication. On April 1, 2025, Meta paused delivery of marketing templates to US phone numbers, and as of July 2026 there is still no resume date. A US marketing template can be approved and still never arrive, because the block is on delivery, not approval.

Authentication and utility templates are not part of that pause. An authentication template carrying a login code delivers to a US number today, the same as it does everywhere else. So if you want to reach US customers on WhatsApp in 2026, transactional messages, order updates, appointment reminders, and OTP codes are the messages that get through. That makes the verification use case one of the few WhatsApp channels a US product can rely on right now.

Bottom line for US teams: authentication templates deliver to US numbers. Marketing templates do not. If your only reason to add WhatsApp is sending login codes and account alerts, the US delivery block never touches you.

The three ways a WhatsApp OTP arrives

Every authentication template uses one of three button styles. Pick the one that matches where your users verify.

Button type What the user does Best for
Copy code Taps the button, the code lands on the clipboard, then pastes it into your app or site. Web logins and any flow where the user is on a different screen.
One-tap autofill Taps once and the code is handed to your mobile app through a deep link. Nothing is typed. Native Android and iOS apps that own the verification screen.
Zero-tap Your app reads the code from the incoming message automatically, with no button at all. Apps that want a fully silent verification with the fewest steps.

How much WhatsApp OTP messages cost

WhatsApp OTP has two cost layers: the platform you send through and Meta's per-message fee, which for a code is charged at the authentication rate. Meta does not publish a public US dollar figure in its developer docs, so the honest way to price it is through a provider that does publish a US rate card. Twilio, a large WhatsApp provider, lists the authentication pass-through at $0.0034 per delivered message on its US card, plus its own $0.005 platform fee, which puts a delivered US authentication message around $0.0084, or $8.40 per 1,000. Use that as a benchmark, not a Meta quote.

Even at that rate, WhatsApp authentication runs cheaper than international SMS, which is the whole reason global apps moved OTP to WhatsApp. Meta also gives verification a break: codes that a user requests inside an open 24-hour service window, or the first messages after a free entry point such as a Click to WhatsApp ad, can send without the per-message fee. For a US-only product sending codes to US numbers, budget the authentication rate per code and treat the free-window cases as a bonus.

Cost line Benchmark (US, via Twilio card, July 2026)
Meta authentication pass-through$0.0034 per delivered code
Provider platform fee (example)$0.005 per message
All-in per code~$0.0084 ($8.40 per 1,000)
Code sent inside an open 24h windowNo Meta message fee

Rates verified on Twilio's public US card in July 2026 and used as a pass-through benchmark. Confirm current pricing with your provider before you budget. See our WhatsApp Business API pricing breakdown for the full picture.

How to send a WhatsApp OTP with the API

Five steps from a fresh account to a live verification flow.

01

Create an authentication template

Add an authentication template with a copy-code, autofill, or zero-tap button. You do not write the body copy; Meta locks the code layout for you.

02

Get it approved

Authentication templates review fast because the format is fixed. Approval usually lands in minutes to a few hours.

03

Connect your number

Register and verify your business phone number on the Cloud API. WaBulkSend handles the Meta account plumbing so you skip the low-level setup.

04

Send the code by API

Generate the code in your backend, then POST it as the template variable to the /messages endpoint. One request per verification.

05

Confirm delivery over webhooks

WhatsApp returns sent, delivered, and read statuses to your webhook, so your app knows the code arrived and can fall back to SMS if it did not.

WhatsApp OTP vs SMS OTP vs a verify API

An honest look at where each channel wins, so you pick the right one for your users.

Factor WhatsApp OTP SMS OTP
US deliveryDelivers to US numbers; no 10DLC registration neededDelivers, but A2P codes require 10DLC brand and campaign registration
Verification stepCopy-code or one-tap autofill buttonUser reads and types the code
CostAuthentication rate, cheaper than international SMSPer-segment carrier rate, higher for international
ReachOnly users who have WhatsApp installedAny phone that receives text messages
Best fitApps with WhatsApp-heavy users and international audiencesA universal fallback that reaches every phone

Most teams do not pick one. They send the code over WhatsApp first and fall back to SMS when delivery fails, which is why the webhook status in step five matters. For a wider channel view, see WhatsApp vs SMS.

What businesses send WhatsApp codes for

🔑

Login verification

A code at sign-in confirms the person holds the phone, without a password to forget.

👤

Account signup

Verify a new phone number at registration to keep fake and duplicate accounts out.

🔒

Password reset

Send a reset code over WhatsApp so users recover access from the app they already have open.

💳

Transaction confirmation

Confirm a payment, transfer, or high-value change with a one-time code the user approves.

📱

Two-factor authentication

Add WhatsApp as a second factor for accounts that need more than a password.

🔄

Step-up verification

Prompt a fresh code when a user does something sensitive, like changing an email or payout method.

WhatsApp OTP questions, answered

Can you send OTP through WhatsApp?

Yes. You send a one-time password through WhatsApp using an approved authentication template over the official Cloud API. You generate the code in your backend, pass it as a template variable to the /messages endpoint, and WhatsApp delivers it with a copy-code or autofill button. Authentication is the template category Meta built specifically for verification codes.

Does WhatsApp OTP work for US phone numbers?

Yes. Authentication templates deliver to US numbers in 2026. This matters because Meta paused marketing template delivery to US recipients on April 1, 2025, but that pause never applied to authentication or utility messages. A login code sent to a US number arrives normally, which makes OTP one of the few reliable WhatsApp channels for US products.

How much does a WhatsApp OTP cost?

A delivered WhatsApp authentication code costs about $0.0084 all in when benchmarked against Twilio's public US rate card in July 2026, which lists a $0.0034 Meta pass-through plus a $0.005 platform fee, roughly $8.40 per 1,000. Meta does not publish its own US dollar figure, and codes sent inside an open 24-hour window can avoid the per-message fee entirely.

What is a WhatsApp authentication template?

A WhatsApp authentication template is a fixed-format message type for delivering verification codes. The body reads "your code is your verification code" with the code you supply, plus an optional security note and expiry warning. You cannot change the wording, which is what lets WhatsApp attach a native copy-code or one-tap autofill button to the message.

Do I need a developer to send WhatsApp OTP?

You need a backend that can call an HTTP endpoint, but you do not need to build the Meta stack yourself. WaBulkSend handles number registration, template approval, and webhooks, so your engineers make one authenticated POST per code. Teams without an engineer can still trigger codes through supported integrations rather than raw API calls.

Is WhatsApp OTP safer than SMS?

WhatsApp OTP is end-to-end encrypted in transit and is harder to intercept than a plain SMS, and the copy-code button reduces the chance a user mistypes or shares a code. No delivery channel is immune to phishing, so pair it with rate limits, short code expiry, and the "do not share this code" security line Meta includes on authentication templates.

Send your first WhatsApp verification code

Connect a number, approve an authentication template, and POST a code over the official Cloud API. Codes delivered to US numbers, with copy-code and autofill built in. Start free, no credit card required.

Get API access