Phone Numbers

Managing phone numbers in WhatsApp Business Platform: adding, removing, and limits.

Overview

Phone numbers are the sending identity for WhatsApp Business Platform. Each number is linked to a WABA and can be used for app, coexistence, and API workflows depending on setup.

  • A phone number can only be actively attached to one WhatsApp business setup at a time.
  • Number ownership, quality, and policy status affect messaging eligibility.
  • In Dualhook, numbers are managed in your own Meta assets — Dualhook does not own your numbers.

Where to Find Phone Numbers in Meta

  1. Open Meta Business settings.
  2. Go to AccountsWhatsApp Accounts.
  3. Select your WABA.
  4. Open WhatsApp Manager and go to Phone numbers.

From this view you can usually see the display phone number, verification and name status, and the phone_number_id used for API sending.

Adding a Phone Number

Common path:

  1. In WhatsApp Manager, open Phone numbers.
  2. Click Add phone number.
  3. Choose country code and enter the number.
  4. Complete OTP verification (SMS or voice).
  5. Register the phone for Cloud API sending if Meta still shows the number as PENDING.
  6. Complete display name review steps if prompted.

Important:

  • OTP verification proves you control the phone number, but it does not always mean the number is fully registered on WhatsApp Business Platform.
  • In add-new-number Cloud API flows, Meta can leave the number in PENDING until registration is completed with POST /<PHONE_NUMBER_ID>/register.
  • That registration call requires a 6-digit PIN and enables or confirms two-step verification.
  • A fully registered Cloud API number should move to CONNECTED.
  • This is different from coexistence, where an existing WhatsApp Business App number follows the QR/app-confirmation flow instead of the add-new-number path.

You can onboard numbers through Embedded Signup and then manage them in Dualhook, or add them in Meta first and then connect through Dualhook.

Registered Number Cap

New business portfolios start capped at 2 registered business phone numbers. The cap automatically increases to 20 when:

  • Your business becomes verified, or
  • You reach a messaging limit of 2,000.

When this happens, Meta sends a Business Suite notification and a business_capability_update webhook with max_phone_numbers_per_business set to your new cap. If you're forwarding management webhooks via Dualhook, you'll see this event flow through.

Toll-Free (1-800) and IVR Numbers

You can register a 1-800 or other toll-free number, but the WhatsApp registration call cannot navigate an IVR. Numbers behind an IVR system can be registered if they accept calls from international numbers and can redirect Meta's SMS or voice call to a real person or mailbox.

To register a number behind an IVR:

  1. Meta shares 1 or 2 phone numbers that the registration call will originate from.
  2. Allow-list those numbers in your IVR. If you can't allow-list, add the number to your WABA and open a Direct Support ticket asking for the registration-call source numbers.
  3. Redirect the registration call to an employee or mailbox to capture the 6-digit code.
  4. Submit the code via POST /<PHONE_NUMBER_ID>/verify_code with code=<CODE>.

Numbers behind an IVR that can't accept registration calls are not supported.

Identity Change Check

Optional security feature. When enabled, Meta tells you whether the WhatsApp account behind a customer's phone number has changed since you last messaged them — protecting against recycled-phone-number attacks.

How it works:

  1. Enable on the phone number's settings: 
    POST /<PHONE_NUMBER_ID>/settings
    { "user_identity_change": { "enable_identity_key_check": true } }
  2. Subsequent inbound message webhooks include the user's identity_key_hash in the contacts object. Outbound status webhooks include recipient_identity_key_hash in the statuses object.
  3. Store the hash per customer.
  4. On future sends, include recipient_identity_key_hash in the request body. Meta compares it to the customer's current hash:
    • Match → message delivered.
    • Mismatch → message blocked, status webhook with error code 137000 returned.

When you receive a 137000 mismatch, treat the customer's phone number as no longer trusted. Re-verify identity through a non-WhatsApp channel before resending. Send the next message without a hash, then capture and store the new hash from the resulting status webhook.

This is the same identity-binding pattern recommended for authentication-message OTP delivery.

// Send with check
{
  "messaging_product": "whatsapp",
  "to": "+16505551234",
  "recipient_identity_key_hash": "DF2lS5v2W6x=",
  "type": "text",
  "text": { "body": "Your latest statement is attached." }
}

Portfolio and Number Limits

Portfolio-level number capacity is controlled by Meta account state. In many setups, businesses start with a lower number limit and can increase over time as trust and verification improve.

  • Keep business verification and policy compliance in good standing.
  • Monitor quality and messaging limits per number.
  • Do not assume every portfolio has the same number capacity from day one.

Removing a Phone Number

Before deleting any number:

  • Stop active sends and campaigns that use the number.
  • Disconnect or update any webhook/send logic that points to that number.
  • In Dualhook, disconnect or update the related connection first.

Typical Meta removal flow:

  1. Open WhatsApp ManagerPhone numbers.
  2. Select the target number.
  3. Use the remove/delete action (trash/bin icon).
  4. Confirm the removal prompt.

Important:

  • Deletion can be restricted by permissions, billing/account state, or recent paid usage.
  • Meta may apply cooling periods before some numbers can be removed.
  • Only users with sufficient Business admin permissions can complete deletion.

Common Issues

Delete button is missing

  • Your role lacks admin rights.
  • The number is controlled by another portfolio or partner setup.
  • The number is in a state that blocks removal.

Number cannot be added

  • Number is already registered elsewhere.
  • OTP verification failed or timed out.
  • Number format, provider restrictions, or unsupported type.

Messages fail after number changes

  • Old phone_number_id is still used in sending code.
  • Webhook routing still points to the previous setup.

Number stays PENDING after verification

  • OTP verification completed, but Cloud API registration did not.
  • The number still needs POST /<PHONE_NUMBER_ID>/register with a 6-digit PIN.
  • If the number was deleted and re-added, a previous two-step verification PIN may still be required.
  • In Embedded Signup, registration must be completed within 14 days or the signup flow may need to be run again.

Related

Browse more docsStart Free Trial