Zero-tap

Updated June 2026 5 min read

Zero-tap is the smoothest OTP of all — the code reaches your app with no tap from the user. They never leave your login screen. It needs more care to use safely.

All guides
On this page

Quick facts

Delivery type
Zero-tap
User action
None
Works on
Android app users
Fallback
One-tap, then copy-code

WhatsApp zero-tap authentication delivers the OTP directly to your Android app with no user action at all. When the message arrives, your app reads the code automatically and completes login. It offers the best experience but requires app-side handling of the incoming message and a copy-code fallback for users it can't reach.

In simple language: Zero-tap is an OTP that needs no tap — when the WhatsApp message arrives, your app reads the code by itself and logs the user in.

Who should read this?

  • Teams wanting the smoothest OTP login
  • Developers handling incoming WhatsApp messages
  • Owners comparing OTP delivery types

The best login experience is the one the user barely notices. Zero-tap is exactly that — the code arrives, and they’re in, without touching anything.

Zero-tap is the most seamless of WhatsApp’s three OTP delivery types. With copy-code the user copies and pastes; with one-tap they tap a button. With zero-tap, they do nothing — WhatsApp delivers the authentication message, and your app reads the code straight out of it automatically. From the user’s side, they request a code and a moment later they’re logged in; they may never even open the WhatsApp chat.

Example: a user taps “Send code” in your app, the WhatsApp message arrives in the background, your app reads it, and the login completes on its own.

Best practices

Zero-tap is invisible, which is both its strength and its risk — when it fails, the user just sees nothing happen. A few rules keep it dependable:

  • Zero-tap is Android-only. Non-Android users (iPhone, WhatsApp Web) will never get the zero-tap behaviour, so they see the copy-code button instead. You must still include the one-tap autofill and copy-code buttons in the template, even though zero-tap users never see them.
  • No URLs, media or emojis. Authentication templates keep it to the code and a short safety note.
  • Tell the user it’s automatic. Because nothing visibly happens, it helps to let users know the code will arrive on its own.

Examples of how to tell users their code will be delivered automatically

Creating a zero-tap template

You create a zero-tap template with a POST request describing its components. The body of the request needs:

FieldRequired?What it does
nameYesTemplate name (max 512 chars)
categoryYesauthentication
languageYesThe language code it’s approved in
componentsYesBody, footer and buttons
package_nameYesYour Android app’s package name
signature_hashYesYour app’s signing-key hash
zero_tap_terms_acceptedYesMust be true — you accept the zero-tap terms

Optional extras include add_security_recommendation (the “do not share this code” line), code_expiration_minutes (1–90), autofill_text and text (button labels, max 25 chars each), and message_send_ttl_seconds to control delivery timeout.

The package name and signing hash are the same identifiers one-tap uses — they tell WhatsApp which app may receive the code. The zero_tap_terms_accepted flag is the one extra step zero-tap adds.

Sending a zero-tap template

Once approved, you send it like any authentication template: name the approved template, pass the language code, and supply the verification code for that user. On a matching Android app, your app reads the code with no tap; everywhere else, the message falls back to one-tap or copy-code.

Where one-tap relies on the user’s tap to hand over the code, zero-tap requires your app to grab it the instant it arrives — so the app-side read path has to be solid. Test it on real devices and slow networks before you ship.

The fallback chain

Because zero-tap can’t reach everyone — iPhones, WhatsApp Web, or any moment the app can’t read the message — WhatsApp lets you stack fallbacks:

Zero-tap  →  One-tap autofill  →  Copy-code
(no tap)     (one tap)            (works everywhere)

If zero-tap can’t run, the same message offers one-tap autofill; if that can’t run either, it offers copy-code, which works on every device. Read about those in One-Tap Autofill and Copy Code.

Set up this chain and you get the best experience where it’s possible, and a guaranteed path to the code everywhere else.

Keep reading

Related questions people ask

What is WhatsApp zero-tap authentication?

It's an OTP delivery type where the code reaches your Android app with no user action. When the WhatsApp message arrives, your app reads the code automatically and completes login — the smoothest of the three delivery types.

How is zero-tap different from one-tap autofill?

One-tap asks the user to tap a button before the code fills in. Zero-tap needs no tap at all — the app reads the code on its own as soon as the message arrives.

Does zero-tap work on iPhone?

No. Zero-tap relies on the Android app reading the incoming message, so it's Android-only. iPhone and WhatsApp Web users fall back to one-tap or copy-code.

Key takeaways

  • Zero-tap delivers the OTP with no user tap at all.
  • Your Android app must read the incoming code automatically.
  • Always keep one-tap and copy-code as fallbacks.
Published: June 2026 Last reviewed: June 2026 Reviewed by: ChatMitra WhatsApp API Team

Put WhatsApp to work for your business

Start free on the Starter plan — pay just ₹0.20 per conversation, no subscription. Upgrade to Pro (₹999/month) when you need automation, or Enterprise for zero platform fees at scale.