My Bot is connected to WhatsApp

That was a lot harder than it should be? Or are WhatsApp trying to make a barrier to entry to ward off amateur developers?

Generate a token to use

You’ll need a System User with permissions to access your app and the WhatsApp account you are trying to make work.

I used an admin user which is distinct from the employee user that my app uses. This admin user is given a token for as long as I need it, then revoked immediately that I have finished. I don’t like admin users floating around, but can’t delete it. Revoking its token should be enough.

Activate the number once it has been set up

One you’ve registered your number using “Add Number” in the API setup page it will show as “Pending” in Whatsapp Manager. You need to activate it. This is by POST request.

The PHONE_ID is the phone number ID which you can find in the dropdown in the API setup page where it offers to make CURL requests for you.

PIN is a two factor PIN that you are creating with this call. It musty be 6 digits. I don’t know if you need to remember it (you can reset it later from the UI). I generated a 6 digit random number.

curl "https://graph.facebook.com/v21.0/$PHONE_ID/register" \
        -H 'Content-Type: application/json'\
        -H "Authorization: Bearer $TOKEN"\
        -d "{ \"messaging_product\": \"whatsapp\", \"pin\": \"$PIN\" }"

curl "https://graph.facebook.com/v21.0/$PHONE_ID/register" \
        -H 'Content-Type: application/json'\
        -H "Authorization: Bearer $TOKEN"\
        -d "{ \"messaging_product\": \"whatsapp\", \"pin\": \"$PIN\" }"

You can check this has worked by performing a GET request. You should see that it is a business number with a webhook, but the webhook won’t work yet.

{
  "verified_name":"The Name You Provided When You Registered",
  "code_verification_status":"VERIFIED",
  "display_phone_number":"--REDACTED--",
  "quality_rating":"GREEN",
  "platform_type":"CLOUD_API",
  "throughput":{"level":"STANDARD"},
  "webhook_configuration":{
    "application":"https:\/\/--REDACTED--"}, 
  "id":"--REDACTED--"
}

{
  "verified_name":"The Name You Provided When You Registered",
  "code_verification_status":"VERIFIED",
  "display_phone_number":"--REDACTED--",
  "quality_rating":"GREEN",
  "platform_type":"CLOUD_API",
  "throughput":{"level":"STANDARD"},
  "webhook_configuration":{
    "application":"https:\/\/--REDACTED--"}, 
  "id":"--REDACTED--"
}

I’ve set my number to be non-searchable. I don’t want random people contacting it.

curl "https://graph.facebook.com/v21.0/$PHONE_ID/" \
        -H "Authorization: Bearer $TOKEN"\
        -d '{"search_visibility":"NON_VISIBLE"}'

curl "https://graph.facebook.com/v21.0/$PHONE_ID/" \
        -H "Authorization: Bearer $TOKEN"\
        -d '{"search_visibility":"NON_VISIBLE"}'

Subscribe its WhatsApp Account to my App

This is not enough to allow webhooks. You can use the API to set up the webhooks. Mine is set up in the App Dashboard and that seems enough.

Find the phone number’s WhatsApp account and read its ID. This is in the Business Suite under WhatsApp Accounts and the ID is near the top.

A GET request lists the subscriptions. All you need to do is POST with your token.

curl -X POST "https://graph.facebook.com/v21.0/$ACCOUNT_ID/subscribed_apps" \
        -H "Authorization: Bearer $TOKEN"\

curl -X POST "https://graph.facebook.com/v21.0/$ACCOUNT_ID/subscribed_apps" \
        -H "Authorization: Bearer $TOKEN"\

You can then check it has worked with a GET request to the same endpoint.

References

Start here:

https://developers.facebook.com/docs/graph-api/reference/whats-app-business-account/phone_numbers