WhatsApp OTP Authentication Template for Banking
A one-time passcode is the most time-sensitive message a bank ever sends: it has to land in seconds, be unmistakably yours, and be impossible to forward by accident. This page gives Indian banks and lenders a ready-to-submit WhatsApp OTP authentication template built to Meta's authentication-category rules — with a secure copy-code button, the right variables, and the approval notes that keep it from getting rejected. Copy it, drop in your brand name, and go live with InfiQ once Meta approves it.
Variables
{{1}}= 482913{{2}}= InfiQ Bank
Verified business
10:24
Preview · as customers see it
Why banks send OTPs on WhatsApp instead of SMS
WhatsApp verification codes tend to be opened faster and more reliably than SMS, especially on smartphones where the banking app and WhatsApp already share the customer's attention. For a bank, that speed matters directly: a code that arrives instantly and is copied with a single tap reduces failed logins, abandoned onboarding, and repeat 'resend code' requests that clog your support lines. Delivery status is visible too — you can confirm a code was delivered rather than guessing whether an SMS gateway silently dropped it. And because authentication is its own message category, OTPs bill at the lowest of Meta's category rates, so shifting high-volume verification traffic to WhatsApp is usually cheaper per delivered message than premium SMS.
- Copy-code button turns a six-digit code into a single tap, cutting typos and re-sends
- Delivered and read receipts let your team confirm the code actually reached the customer
- Authentication is Meta's lowest per-message category, ideal for high login and transaction volumes
- One verified business number replaces the alphanumeric sender IDs customers don't recognise
How the template and its variables work
The body carries two variables so the same approved template serves every code you send. {{1}} is the one-time passcode your system generates at send time; {{2}} is your brand or bank name so the customer instantly recognises who the code is from. Everything else — the ten-minute validity, the do-not-share warning, and the copy-code button — stays fixed, which is exactly what Meta's authentication category expects. Keep the code numeric and short-lived; a ten-minute window is standard for banking and limits the value of an intercepted code. The security line is not optional politeness, it is your first line of defence against social-engineering fraud, so leave it in even on the shortest variation.
- {{1}} — the generated one-time code, e.g. 482913
- {{2}} — your bank or brand name, e.g. InfiQ Bank
- Copy code button — a Meta authentication-template button that copies {{1}} to the clipboard
Getting it approved under the authentication category
Submit this template under Authentication, not Utility or Marketing — the category you choose is what Meta reviews against, and picking the wrong one is the fastest route to rejection. Authentication templates are deliberately narrow: no promotional language, no links, no images, no offers, and only the copy-code (or, if you use it, one-tap autofill) button type. Because the format is standardised, well-formed OTP templates usually clear review within a day. If a submission is rejected, the cause is almost always stray marketing wording, a variable used for something other than the code or brand, or a mismatched button — fix that and re-submit rather than rewriting from scratch. InfiQ's template management flags category and formatting issues before you submit, so you catch these in draft instead of after a rejection.
- Category must be Authentication — utility or marketing phrasing gets rejected
- No links, media, emojis, or promotional copy inside an authentication body
- Use only the copy-code button; keep {{1}} strictly for the code and {{2}} for the brand
- Re-submit small fixes rather than starting over — approvals are usually same-day
Consent, security, and what OTPs are (and aren't) allowed to do
An OTP is a response to something the customer just did — a login, a transaction, a password reset — so it is tied to a genuine, user-initiated action rather than an outbound campaign. You still need the customer to have opted in to receive messages from your business on WhatsApp; authentication templates don't waive consent, they just don't require the separate marketing opt-in. Never bundle anything promotional into a verification message: no cross-sell, no 'while you're here' offer, no survey link. Doing so breaks category rules and, more importantly, trains customers to treat security messages as marketing, which is exactly the confusion fraudsters exploit. Keep the OTP flow clean and predictable so a real code is always easy to tell apart from a scam.
Like this template? Send it live in 24 hours.
Frequently asked questions
Which category should I submit this template under?+
Does an OTP template need opt-in?+
Can I change the wording of the message?+
How is an OTP message billed?+
How fast can I start sending after submitting?+
Why include the copy-code button?+
Is WhatsApp OTP secure enough for banking?+
Can I send OTPs in Hindi or other regional languages?+
Send bank-grade OTPs on WhatsApp
Get this authentication template approved and wired to your login and transaction events with InfiQ — an official Meta Business Partner offering transparent ₹ pricing and full BSUID ownership.