Authentication messages carry one-time passwords (OTPs) and login codes. They are their own category, use authentication templates, and cost ₹0.11 each in India. What makes them interesting is how the code reaches the user — there are three delivery formats, from a simple copy button to no tap at all.
What you need to use them
Authentication templates aren’t on by default for new accounts. To unlock them, Meta asks for two things: you complete one of its scaling paths (its way of proving your account is established and trusted), and your WhatsApp Business Accounts have a daily messaging limit of at least 2,000 business-initiated conversations. Once both are true, authentication templates become available.
How the message is built
Authentication templates are deliberately plain — no URLs, media or emojis. Each one is assembled from a few fixed parts: a body carrying the code, an optional security line (“For your security, do not share this code”), an optional expiry note (“This code expires in N minutes”), and a button that decides how the code is delivered.
Two things make them special. First, time-to-live (TTL): new authentication templates default to a short 10-minute delivery window (versus 24 hours for ordinary messages), and you can set it anywhere from 1 to 10 minutes — short is safer for a one-time code. Second, for the smarter delivery types, a handshake: your app’s package name and signing hash tell WhatsApp which Android app is allowed to receive the code.
The three delivery formats
- One-tap autofill — a button that drops the code straight into your Android app.
- Zero-tap — the code is delivered and read with no user action at all.
- Copy code — the simplest format, working on every device: tap to copy, then paste.
Each guide below walks through creating and sending that format.