Authentication templates in Hibot WhatsApp Business API are designed specifically for sending one-time passwords (OTP), login verification codes, and secure authentication messages to users.

If your app, website, or platform allows users to log in, register, reset passwords, or verify their identity using WhatsApp, you must use an Authentication Template.

Unlike utility or marketing templates, authentication templates use a fixed structure approved by WhatsApp to improve security and user trust.

What Are Authentication Templates?

Authentication templates contain:

• A verification code or OTP

• Optional security recommendation text

• Optional code expiration warning

• A button to make it easier for the user to use the code

Default message format:

123456 is your verification code.

Optional additions:

• For your security, do not share this code.

• This code expires in 10 minutes.

Authentication templates can include one of these button types:

1. One-Tap Autofill Button

2. Copy Code Button

3. Zero-Tap Authentication

4. 
   

Types of Authentication Templates

1. One-Tap Autofill Templates

One-Tap Autofill provides the best user experience.

When the user taps the button inside WhatsApp:

• WhatsApp opens your Android app

• The OTP is automatically passed to your app

• The user does not need to manually copy or type the code

Important:

• Supported only on Android

• Requires app integration using package name and signature hash

• Recommended by Hibot for login and signup verification

Example button text:

Autofill

2. Copy Code Templates

Copy Code templates are the easiest and most common option.

When the user taps the button:

• The OTP is copied to the device clipboard

• The user can paste it inside your app or website

Example button text:

Copy Code

Best for:

• Websites

• Android apps

• iPhone apps

• Businesses that want a quick setup without extra development

• 
  

3. Zero-Tap Authentication Templates

Zero-Tap authentication offers a fully automatic OTP experience.

When the user requests a code:

• WhatsApp sends the OTP silently

• Your app receives the code automatically

• The user does not need to open WhatsApp or tap anything

Best for advanced Android app integrations.

Linked Device Security

Authentication messages in WhatsApp now include linked device security.

This means:

• OTP messages are delivered only to the user’s primary WhatsApp device

• If the user has linked devices, the code is hidden there

• Linked devices show a message asking the user to view the OTP on their main phone

This extra security is enabled automatically.

No setup or coding changes are required.

Best Practices Before Sending OTP on WhatsApp

To improve delivery and reduce failures, Hibot recommends:

• Confirm the user’s WhatsApp number before sending the OTP

• Clearly tell users that they will receive the code on WhatsApp

• Mention WhatsApp as an available login option during signup or verification

• Show a confirmation inside your app when the code is captured automatically

• Keep OTP expiration between 5 and 15 minutes

• 
  

Generate Authentication Template Preview

You can preview authentication templates before creating them.

Endpoint:

GET /<WHATSAPP_BUSINESS_ACCOUNT_ID>/message_template_previews

Example request:

curl 'https://graph.facebook.com/v25.0/102290129340398/message_template_previews?category=AUTHENTICATION&languages=en_US,es_ES&add_security_recommendation=true&code_expiration_minutes=10&button_types=OTP' \
-H 'Authorization: Bearer ACCESS_TOKEN'

Example response:

{
  "data": [
    {
      "body": "*{{1}}* is your verification code. For your security, do not share this code.",
      "buttons": [
        {
          "autofill_text": "Autofill",
          "text": "Copy code"
        }
      ],
      "footer": "This code expires in 10 minutes.",
      "language": "en_US"
    }
  ]
}

This helps you verify how your OTP message will appear in different languages.

Create Authentication Templates in Multiple Languages

Hibot supports bulk creation and updating of authentication templates using:

POST /<WHATSAPP_BUSINESS_ACCOUNT_ID>/upsert_message_templates

With this endpoint, you can:

• Create multiple language versions at once

• Update existing templates automatically

• Add security recommendations

• Set code expiration time

• Choose between Copy Code, One-Tap, or Zero-Tap

• 
  

Example: Copy Code Authentication Template

curl 'https://graph.facebook.com/v25.0/102290129340398/upsert_message_templates' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-d '
{
  "name": "login_otp_copy_code",
  "languages": ["en_US","hi","fr"],
  "category": "AUTHENTICATION",
  "components": [
    {
      "type": "BODY",
      "add_security_recommendation": true
    },
    {
      "type": "FOOTER",
      "code_expiration_minutes": 10
    },
    {
      "type": "BUTTONS",
      "buttons": [
        {
          "type": "OTP",
          "otp_type": "COPY_CODE"
        }
      ]
    }
  ]
}'

What this template does:

• Sends an OTP message

• Adds “Do not share this code” warning

• Adds 10-minute expiration text

• Displays a “Copy Code” button

Example: One-Tap Autofill Template

curl 'https://graph.facebook.com/v25.0/102290129340398/upsert_message_templates' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-d '
{
  "name": "login_otp_autofill",
  "languages": ["en_US","es_ES","fr"],
  "category": "AUTHENTICATION",
  "components": [
    {
      "type": "BODY",
      "add_security_recommendation": true
    },
    {
      "type": "FOOTER",
      "code_expiration_minutes": 15
    },
    {
      "type": "BUTTONS",
      "buttons": [
        {
          "type": "OTP",
          "otp_type": "ONE_TAP",
          "supported_apps": [
            {
              "package_name": "com.example.myapp",
              "signature_hash": "K8a/AINcGX7"
            }
          ]
        }
      ]
    }
  ]
}'

Required fields for One-Tap:

• package_name = Your Android app package name

• signature_hash = Your app’s signing certificate hash

Example Response

{
  "data": [
    {
      "id": "954638012257287",
      "status": "APPROVED",
      "language": "en_US"
    },
    {
      "id": "969725527415202",
      "status": "APPROVED",
      "language": "es_ES"
    }
  ]
}

Possible status values:

• APPROVED

• PENDING

• REJECTED

• 
  

Supported Authentication Template Features

Authentication templates support:

• Multi-language templates

• OTP verification messages

• Expiration timers from 1 to 90 minutes

• Security warning messages

• Copy Code buttons

• One-Tap Autofill buttons

• Zero-Tap integrations

Authentication templates do not support:

• Custom marketing text

• Product promotions

• Offers or discounts

• Custom editable body content

WhatsApp automatically keeps authentication templates restricted to secure verification use only.

Why Businesses Use Hibot Authentication Templates

Businesses use Hibot WhatsApp Business API authentication templates for:

• Login OTP verification

• New account registration

• Password reset verification

• Two-factor authentication (2FA)

• Mobile number verification

• Transaction confirmation

Benefits include:

• Faster OTP delivery than SMS

• Higher open rates

• Better trust and security

• Lower OTP failure rate

• Improved user experience

• 
  

Final Thoughts

Authentication Templates in Hibot WhatsApp Business API make OTP delivery faster, safer, and easier for your users.

If you want the best experience:

• Use One-Tap Autofill for Android apps

• Use Copy Code for websites and general apps

• Use Zero-Tap for advanced automatic verification

With Hibot, you can create secure WhatsApp OTP flows in multiple languages and improve your login experience instantly.