Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for D2C Brands

When a shopper is mid-checkout, mid-login, or confirming a phone number for your D2C store, a one-time passcode has one job: land instantly and get typed in without friction. This is a ready-to-use, Meta-compliant WhatsApp OTP template built in the Authentication category — with a copy-code button, the right variables, and the approval notes that keep it from getting rejected. Copy it, drop in your brand name and code, and send it through InfiQ once approved.

A compliant WhatsApp Authentication-category OTP template for D2C brands: {{1}} code, {{2}} brand name, a one-tap Copy-code button, validity and no-sharing lines, plus Meta approval tips and honest pricing on the per-delivered-message authentication rate.
authentication

Variables

  • {{1}} = 482913
  • {{2}} = Nuvora

Verified business

482913 is your Nuvora verification code. It is valid for 10 minutes. For your security, do not share this code with anyone.

10:24

Copy code

Preview · as customers see it

When to send this OTP template

Reach for the Authentication category any time a real, user-initiated action needs a code to continue — never for promotions. For a D2C brand that usually means one of a few precise moments: verifying a new customer's mobile number at first sign-up, logging a returning shopper into their account or order-tracking page, confirming a phone number change, authorising a wallet or store-credit redemption, or a step-up check before editing a saved address or payment method at checkout. The template shines where SMS routinely disappoints — it renders reliably on Android and iOS, avoids the DLT template friction that delays Indian SMS OTPs, and the copy-code button removes the fat-finger errors that kill conversion on a mobile checkout.

  • New-account or first-purchase phone verification
  • Returning-customer login and order-tracking access
  • Step-up verification before changing address, email or payment method
  • Wallet, loyalty-points or store-credit redemption
  • Guest checkout when you want a verified number for delivery updates

How this template stays compliant and approvable

Authentication templates are the strictest category Meta reviews, and that is a feature, not a bug — the tight format is exactly why they get approved fast and rarely get flagged. Submit it as Authentication, keep the body to the code, its validity window, and a security reminder, and attach a Copy-code button (Meta's zero-tap and one-tap autofill options are also available if your app supports them). Do not add a URL, a marketing line, an offer, an emoji-heavy header, or your logo as a promotional element — any of these push it into Marketing or get it rejected. The {{1}} code variable must carry only the passcode, and the {{2}} brand variable should hold a stable, recognisable business name so the message reads as trustworthy at a glance.

  • Category must be Authentication — no promotional content, links or offers
  • Body limited to code, validity period and a do-not-share reminder
  • Use a Copy-code button (or Meta autofill) so the shopper taps once
  • Keep {{2}} as your consistent, verified brand name for trust

Personalising it without breaking the rules

Authentication gives you far less room to personalise than a marketing template, and that is deliberate — but the two variables you have still matter. Populate {{2}} with the exact brand name a customer sees on your storefront and packaging so there is no doubt the code is legitimate; a mismatched or generic sender name is the single biggest reason shoppers hesitate to enter a code. Generate a fresh, high-entropy value for {{1}} on every request, expire it server-side at the validity you state (10 minutes here — say what you mean and enforce it), and never reuse a code across sessions. If you serve customers in multiple languages, submit a Hindi or regional-language variant as a separate template rather than translating on the fly, so each version carries its own approval and renders correctly.

What it costs to send

Since Meta retired per-conversation pricing on 1 July 2025, WhatsApp bills per delivered message by category, and OTPs fall under the Authentication rate — typically the lowest of the three categories in India. The free 24-hour service window is not a billing unit here; each authentication message you send is charged individually, and InfiQ layers its own transparent ₹ pricing on top of that (ex-GST) with no surprise line items. Because OTPs are short, single-message, and high-intent, the cost per successful login or verification is usually a rounding error against the order or account it protects — and cheaper than a comparable transactional SMS route once failed-delivery retries are factored in.

  • Billed per delivered message at the Authentication category rate
  • Free 24-hour service window is not the billing unit — each OTP is charged
  • Transparent ₹ pricing, ex-GST
  • One message per code keeps the per-verification cost predictable

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which category should I submit this as?+
Authentication. OTPs and verification codes belong in the Authentication category, which has a tightly defined format and is priced separately from Utility and Marketing.
Do I need opt-in to send an OTP?+
Authentication messages are tied to a real, user-initiated action — the customer is literally asking for the code — so consent is implicit in that request. You should still keep clean records of user actions and honour your privacy policy and any account-level preferences.
Can I add my logo, a link, or an offer to the message?+
No. Anything promotional — a URL, discount, marketing line or a logo used as a promotion — pushes the template out of Authentication and either gets it rejected or reclassified as Marketing, which is billed at a higher rate.
Can I change the validity window or wording?+
Yes, within Authentication rules. Edit the validity period or reminder text to match your system, but keep the body limited to the code, its expiry and a do-not-share note, then resubmit for approval.
How is this billed now that per-conversation pricing is gone?+
Since 1 July 2025, WhatsApp charges per delivered message by category. Each OTP is billed individually at the Authentication rate, with InfiQ's transparent ₹ pricing on top (ex-GST). The 24-hour window is a free service window, not a billing unit.
How fast can I start sending after submitting?+
Authentication templates are usually reviewed within a day, and often faster because the format is standardised. Once approved, you can trigger it instantly from your app through InfiQ's API.
Is WhatsApp OTP more reliable than SMS in India?+
For most D2C use cases, yes. WhatsApp avoids the DLT template and route-congestion issues that delay Indian SMS OTPs, and the copy-code button reduces mis-typed codes, so verified logins tend to complete at a higher rate.
Should I make separate templates for other languages?+
Yes. Submit a Hindi or regional-language OTP as its own template so each version is approved and renders correctly, rather than translating a single English template at send time.