Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for Ecommerce

Every login, checkout, password reset, and COD verification on an ecommerce store hinges on one thing: the customer actually receiving their one-time passcode. SMS OTPs get buried under promotional junk, throttled by operators, and delayed at exactly the wrong moment — the payment page. This is a ready-to-use, Meta-compliant WhatsApp OTP authentication template built specifically for Indian ecommerce flows. It ships in the correct Authentication category with a secure copy-code button, so shoppers tap once instead of squinting at a six-digit number. Copy it, set your two variables, submit for approval, and start delivering codes on WhatsApp — usually the same day.

Authentication
Category
2 — {{1}} code, {{2}} brand
Variables
Copy code (one tap)
Button
Per delivered authentication message
Billing
Usually same day
Approval time
Login, reset, COD verification
Best for
A Meta-approved WhatsApp Authentication template that delivers login and checkout OTPs with a one-tap copy-code button — higher delivery than SMS, billed per delivered authentication message, live the same day with InfiQ.
authentication

Variables

  • {{1}} = 729184
  • {{2}} = Kiraana

Verified business

729184 is your Kiraana verification code. It is valid for 10 minutes. For your security, do not share this code with anyone — not even a Kiraana representative.

10:24

Copy code

Preview · as customers see it

When to use this template

Reach for this OTP template at any moment your store needs to prove the person on the other end is really your customer. It is the right fit for account sign-in and sign-up, first-time device verification, password and PIN resets, changing a saved delivery address or payment method, and — critically for Indian ecommerce — confirming a cash-on-delivery order before you dispatch. Because it sits in the Authentication category, it is reserved strictly for these action-triggered, security codes; it is not a channel for offers, order updates, or nudges. If you also need to confirm the order itself or recover an abandoned cart, use the utility and marketing siblings linked below rather than bending this template to do double duty.

  • Account login and new-account signup verification
  • Password, PIN, or 2FA reset flows
  • Verifying a new device, phone number, or email
  • Authorising a change to address, UPI, or card on file
  • COD order confirmation before dispatch

Why WhatsApp beats SMS for OTPs

On WhatsApp, an OTP lands in a conversation the customer already trusts, with a verified green-tick sender name instead of an anonymous alphanumeric header. Read rates are dramatically higher than SMS, and the delivery path does not fight for space against the flood of promotional messages that get OTP texts delayed or filtered. The copy-code button removes the single most error-prone step — manually retyping digits — which cuts failed verification attempts and the support tickets that follow. For stores serving customers on patchy networks or in regions where SMS deliverability is inconsistent, that difference shows up directly in completed logins and completed checkouts.

  • Verified business sender name, not an anonymous SMS header
  • One-tap copy-code button eliminates retyping errors
  • Higher read and delivery rates than promotional-clogged SMS
  • Fewer failed-verification support tickets

Personalisation and the two variables

Keep this template deliberately lean — Authentication templates are meant to be predictable. It uses exactly two variables: {{1}} carries the one-time code your system generates at request time, and {{2}} carries your brand or store name so the message reads as a genuine 1:1 security notice rather than a generic system blast. Repeating the brand in the security warning line ('not even a Kiraana representative') is a small anti-phishing touch that also reinforces recognition. Do not add the customer's name, order number, or product details here; those belong in utility and marketing templates. The strength of an OTP template is that it says only what it must, which is exactly what Meta's Authentication rules require.

Getting it approved (Authentication-specific tips)

Submit this under the Authentication category, not Utility or Marketing — miscategorising it is the most common reason an OTP template is rejected. Use the standard fixed-format OTP structure with a copy-code button and no marketing language, no links to your storefront, and no promotional add-ons. Keep the validity window and the 'do not share' security line intact; reviewers expect them. Approval for well-formed Authentication templates is typically fast, often within a day. If you edit the wording later, the template re-enters review, so lock the copy before you build it into your login and checkout code. InfiQ's template manager flags category and formatting issues before you submit, which keeps rejection loops short.

  • Category must be Authentication — never Utility or Marketing
  • Use the fixed OTP format with a copy-code button
  • No links, offers, or promotional wording in the body
  • Re-submit after any edit; approvals are usually same-day

What it costs to send

Since Meta moved off per-conversation pricing on 1 July 2025, WhatsApp bills per delivered message by category — and Authentication messages sit in their own, distinct rate. The 24-hour window that opens when a customer messages you is a free service window for support replies, not a billing unit, so it does not change what a proactive OTP costs. With InfiQ you pay transparent ₹ pricing (ex-GST), so the per-code cost is easy to forecast against your monthly login, reset, and COD-verification volume. Use the cost tools linked below to slide your expected volume and see the monthly figure before you commit.

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which WhatsApp category does this template use?+
Authentication. OTP and verification codes must be submitted under the Authentication category with the fixed OTP format and a copy-code button — not Utility or Marketing.
Do I still need opt-in to send OTPs?+
Consent and opt-in requirements still apply. Authentication messages are tied to a real, user-initiated action (a login or checkout attempt), so you are sending a code the customer just requested — but you must have valid consent to message the number on WhatsApp.
Can I change the wording?+
Yes, within Authentication category rules — you can adjust the validity window or the security warning, but you cannot add links, offers, or promotional content. Any edit sends the template back through review, so finalise the copy before wiring it into your login flow.
How is an OTP message billed?+
WhatsApp bills per delivered message by category, and Authentication has its own rate. With InfiQ you pay transparent ₹ pricing, ex-GST, so each delivered code has a predictable cost.
How quickly can I start sending?+
Once the template is approved — typically within a day — you can send instantly through InfiQ by passing the generated code into the {{1}} variable via the WhatsApp Business API.
Why use WhatsApp instead of SMS for OTPs?+
WhatsApp delivers from a verified sender name, achieves higher read and delivery rates than promotional-clogged SMS, and offers a one-tap copy-code button that removes retyping errors and reduces failed verifications.
Can I use this template for COD order confirmation?+
You can use an OTP-style code to verify a COD order before dispatch, which fits the Authentication category. For a full order-confirmation message with product and delivery details, use the dedicated utility template instead.
Does the copy-code button work on all devices?+
The copy-code button is a standard WhatsApp Authentication feature supported across current WhatsApp app versions, letting customers copy the code with a single tap rather than reading and retyping it.