Skip to content
Meta Business Partner

WhatsApp OTP Authentication Template for Banking

A one-time passcode is the most time-sensitive message a bank ever sends: it has to land in seconds, be unmistakably yours, and be impossible to forward by accident. This page gives Indian banks and lenders a ready-to-submit WhatsApp OTP authentication template built to Meta's authentication-category rules — with a secure copy-code button, the right variables, and the approval notes that keep it from getting rejected. Copy it, drop in your brand name, and go live with InfiQ once Meta approves it.

Authentication
Category
{{1}} code, {{2}} brand
Variables
Copy code
Button
Per delivered message, authentication rate
Billing
Usually within a day
Typical approval
10 minutes (standard)
Code validity
A Meta-compliant WhatsApp OTP template for banking, submitted under the authentication category with a copy-code button. Fill the {{1}} code and {{2}} brand variables, get it approved (usually within a day), and send verification codes that bill at the low authentication per-message rate.
authentication

Variables

  • {{1}} = 482913
  • {{2}} = InfiQ Bank

Verified business

482913 is your InfiQ Bank verification code. It is valid for 10 minutes. For your security, do not share this code with anyone — not even someone claiming to be from the bank.

10:24

Copy code

Preview · as customers see it

Why banks send OTPs on WhatsApp instead of SMS

WhatsApp verification codes tend to be opened faster and more reliably than SMS, especially on smartphones where the banking app and WhatsApp already share the customer's attention. For a bank, that speed matters directly: a code that arrives instantly and is copied with a single tap reduces failed logins, abandoned onboarding, and repeat 'resend code' requests that clog your support lines. Delivery status is visible too — you can confirm a code was delivered rather than guessing whether an SMS gateway silently dropped it. And because authentication is its own message category, OTPs bill at the lowest of Meta's category rates, so shifting high-volume verification traffic to WhatsApp is usually cheaper per delivered message than premium SMS.

  • Copy-code button turns a six-digit code into a single tap, cutting typos and re-sends
  • Delivered and read receipts let your team confirm the code actually reached the customer
  • Authentication is Meta's lowest per-message category, ideal for high login and transaction volumes
  • One verified business number replaces the alphanumeric sender IDs customers don't recognise

How the template and its variables work

The body carries two variables so the same approved template serves every code you send. {{1}} is the one-time passcode your system generates at send time; {{2}} is your brand or bank name so the customer instantly recognises who the code is from. Everything else — the ten-minute validity, the do-not-share warning, and the copy-code button — stays fixed, which is exactly what Meta's authentication category expects. Keep the code numeric and short-lived; a ten-minute window is standard for banking and limits the value of an intercepted code. The security line is not optional politeness, it is your first line of defence against social-engineering fraud, so leave it in even on the shortest variation.

  • {{1}} — the generated one-time code, e.g. 482913
  • {{2}} — your bank or brand name, e.g. InfiQ Bank
  • Copy code button — a Meta authentication-template button that copies {{1}} to the clipboard

Getting it approved under the authentication category

Submit this template under Authentication, not Utility or Marketing — the category you choose is what Meta reviews against, and picking the wrong one is the fastest route to rejection. Authentication templates are deliberately narrow: no promotional language, no links, no images, no offers, and only the copy-code (or, if you use it, one-tap autofill) button type. Because the format is standardised, well-formed OTP templates usually clear review within a day. If a submission is rejected, the cause is almost always stray marketing wording, a variable used for something other than the code or brand, or a mismatched button — fix that and re-submit rather than rewriting from scratch. InfiQ's template management flags category and formatting issues before you submit, so you catch these in draft instead of after a rejection.

  • Category must be Authentication — utility or marketing phrasing gets rejected
  • No links, media, emojis, or promotional copy inside an authentication body
  • Use only the copy-code button; keep {{1}} strictly for the code and {{2}} for the brand
  • Re-submit small fixes rather than starting over — approvals are usually same-day

Consent, security, and what OTPs are (and aren't) allowed to do

An OTP is a response to something the customer just did — a login, a transaction, a password reset — so it is tied to a genuine, user-initiated action rather than an outbound campaign. You still need the customer to have opted in to receive messages from your business on WhatsApp; authentication templates don't waive consent, they just don't require the separate marketing opt-in. Never bundle anything promotional into a verification message: no cross-sell, no 'while you're here' offer, no survey link. Doing so breaks category rules and, more importantly, trains customers to treat security messages as marketing, which is exactly the confusion fraudsters exploit. Keep the OTP flow clean and predictable so a real code is always easy to tell apart from a scam.

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which category should I submit this template under?+
Authentication. One-time passcodes belong in Meta's authentication category, which is purpose-built for verification codes and bills at the lowest per-message rate. Submitting an OTP under utility or marketing will usually get it rejected.
Does an OTP template need opt-in?+
Yes, the customer must have opted in to receive WhatsApp messages from your business. Authentication templates are tied to a real user action like a login or transaction, so they don't need the separate marketing opt-in, but general consent to be messaged still applies.
Can I change the wording of the message?+
You can adjust the phrasing within authentication-category rules — keep it to the code, brand, validity, and a do-not-share warning, with no links or promotional content. Any edit means re-submitting the template for approval before you send it.
How is an OTP message billed?+
WhatsApp bills per delivered message by category since Meta moved off per-conversation billing on 1 July 2025. This template sends under the authentication category, which is the lowest of the category rates. With InfiQ you pay transparent ₹ pricing, ex-GST.
How fast can I start sending after submitting?+
Well-formed authentication templates are usually approved within a day. Once Meta approves it, you can send codes instantly through InfiQ — most banks wire it to their login and transaction events so codes fire automatically.
Why include the copy-code button?+
The copy-code button lets the customer copy the six-digit code with a single tap instead of reading and retyping it, which cuts entry errors and 'resend code' requests. It's also the button type Meta expects on an authentication template.
Is WhatsApp OTP secure enough for banking?+
Messages are encrypted in transit and sent from your verified business number, so customers can recognise the sender. Keep codes numeric, short-lived (ten minutes is standard), and always include the do-not-share warning — never add links or promotional content that could be spoofed by fraudsters.
Can I send OTPs in Hindi or other regional languages?+
Yes. Create a language-specific version of the authentication template — for example a Hindi variant — and submit it for approval separately. The variables and copy-code button work the same way across languages.

Send bank-grade OTPs on WhatsApp

Get this authentication template approved and wired to your login and transaction events with InfiQ — an official Meta Business Partner offering transparent ₹ pricing and full BSUID ownership.