TumaFlow guides
OTP messaging on WhatsApp
Use authentication-category templates so customers receive login or verification codes with the UX Meta supports for your template shape.
OTP flows should minimize latency and ambiguity. WhatsApp authentication templates can carry short codes in the body and, depending on your approved layout, button patterns suited for quick copy actions. Always sync template metadata after changes in Meta so parameter names line up with API payloads.
International numbers and E.164
Store numbers in E.164 format, avoid leading zeros when normalizing, and test with carrier diversity where possible. Watch for user confusion if both SMS and WhatsApp OTPs could arrive—pick a primary channel per product surface and document it in your support guides.
Fraud and abuse controls
Rate-limit initiation endpoints, monitor abnormal spikes, and rotate API keys if a secret leaks. Pair messaging with device or risk signals on your side—WhatsApp delivery alone does not stop account takeover without holistic checks.