Scope
Authentication messages are template messages used to deliver one-time passcodes (OTP/verification codes). If you deliver login or verification codes over WhatsApp, use authentication templates instead of utility or marketing templates.
Requirements and Constraints
- Use template category
AUTHENTICATION. - Use the preset authentication text structure and OTP button model.
- URLs, media, and emojis are not supported in authentication template content.
- OTP delivery should target users who explicitly requested the code.
Common operational prerequisites:
- Business verification completed.
- Sufficient messaging limit tier for authentication use.
Template Building Blocks
Authentication templates are assembled from:
body— fixed auth text + optional security recommendationfooter— optional code expiration minutesbuttons— OTP button configuration
Supported OTP button flows:
copy_code— most compatible, no app integration neededone_tap— Android-only autofill flowzero_tap— Android-only broadcast flow with required terms flag
Time-To-Live (TTL)
Authentication templates support message_send_ttl_seconds. Keep TTL short so users do not receive expired OTPs.
Copy-Code Templates
Copy-code templates are the most compatible OTP option. They do not require one-tap handshake or signing integration.
{
"name": "authentication_code_copy_code_button",
"language": "en_US",
"category": "authentication",
"message_send_ttl_seconds": 60,
"components": [
{
"type": "body",
"add_security_recommendation": true
},
{
"type": "footer",
"code_expiration_minutes": 5
},
{
"type": "buttons",
"buttons": [
{
"type": "otp",
"otp_type": "copy_code",
"text": "Copy Code"
}
]
}
]
}One-Tap Templates
One-tap templates are optimized for Android autofill. If one-tap eligibility fails, WhatsApp falls back to copy-code behavior.
{
"name": "authentication_code_autofill_button",
"language": "en_US",
"category": "authentication",
"message_send_ttl_seconds": 60,
"components": [
{
"type": "body",
"add_security_recommendation": true
},
{
"type": "footer",
"code_expiration_minutes": 5
},
{
"type": "buttons",
"buttons": [
{
"type": "otp",
"otp_type": "one_tap",
"text": "Copy Code",
"autofill_text": "Autofill",
"package_name": "com.example.myapplication",
"signature_hash": "K8a%2FAINcGX7"
}
]
}
]
}Zero-Tap Templates
Zero-tap attempts automatic code delivery directly into the app flow. This is Android-only and requires app handshake/signing integration.
{
"name": "zero_tap_auth_template",
"language": "en_US",
"category": "authentication",
"message_send_ttl_seconds": 60,
"components": [
{
"type": "body",
"add_security_recommendation": true
},
{
"type": "footer",
"code_expiration_minutes": 5
},
{
"type": "buttons",
"buttons": [
{
"type": "otp",
"otp_type": "zero_tap",
"text": "Copy Code",
"autofill_text": "Autofill",
"package_name": "com.example.myapplication",
"signature_hash": "K8a%2FAINcGX7",
"zero_tap_terms_accepted": true
}
]
}
]
}Sending an Authentication Template
In the send payload, provide the OTP value in both the body parameter and the button parameter:
{
"messaging_product": "whatsapp",
"to": "12015550123",
"type": "template",
"template": {
"name": "auth_code_copy_button",
"language": {
"code": "en_US"
},
"components": [
{
"type": "body",
"parameters": [
{ "type": "text", "text": "839201" }
]
},
{
"type": "button",
"sub_type": "url",
"index": 0,
"parameters": [
{ "type": "text", "text": "839201" }
]
}
]
}
}Dualhook supports template management and operational monitoring. Authentication delivery is still controlled by Meta policies, device eligibility, and app integration readiness. Dualhook does not bypass handshake or signing requirements for one-tap or zero-tap.