Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for Hospitals & Clinics

When a patient logs into your appointment portal, resets a password, or confirms a teleconsultation booking, the one-time passcode has to arrive in seconds — on a channel they actually open. This is a ready-to-use, Meta-approved WhatsApp OTP authentication template built specifically for Indian hospitals, diagnostic labs, and clinics. It uses the correct authentication category, a secure copy-code button, and wording that clears review the first time. Copy the body below, plug in your variables, and go live with InfiQ, an official Meta Business Partner for the WhatsApp Business API in India.

Authentication
Category
2 (OTP, brand)
Variables
Copy code
Button
Per delivered message, auth rate
Billing
Often within a day
Typical approval
Portal logins, resets, report unlocks
Best for
A compliant WhatsApp OTP template for clinics and hospitals in the authentication category, with a copy-code button, two variables, approval tips, and honest ₹ per-message billing guidance via InfiQ.
authentication

Variables

  • {{1}} = 482913
  • {{2}} = CityCare Clinic

Verified business

482913 is your CityCare Clinic verification code. It is valid for 10 minutes. Do not share this code with anyone.

10:24

Copy code

Preview · as customers see it

When to use this OTP template in a healthcare workflow

Authentication templates exist for one job: verifying that the person on the other end is who they claim to be. In a hospital or clinic setting that moment happens more often than most teams realise — a patient signing into your health-record portal, a caregiver resetting a forgotten password, someone confirming a teleconsultation link, a lab-report download being unlocked, or staff approving a high-value transaction. Because these codes are tied to a real, user-initiated action, WhatsApp treats them as authentication traffic and prices them at the authentication rate rather than the marketing rate. Delivering the code over WhatsApp instead of SMS matters here: patients see a familiar green tick, read rates are consistently higher than SMS, and the copy-code button removes the fat-finger errors that plague six-digit manual entry — which is exactly what you want when an anxious patient is trying to reach their reports at 11pm.

  • Patient portal or app login and step-up verification
  • Password / PIN reset for health-record accounts
  • Confirming a teleconsultation or appointment booking link
  • Unlocking a lab report or e-prescription download
  • Two-factor approval for payments or account changes

Personalising it without breaking authentication rules

The authentication category is deliberately strict, and that constraint is a feature — it is why these messages clear review quickly and bill at the lowest rate. You get exactly two moving parts: the code itself and, optionally, your brand or product name so the patient recognises who the code is from. What you cannot do is add marketing language, promotional offers, greetings, emojis, media headers, or extra call-to-action buttons beyond the copy-code (and an optional autofill) button. Keep the brand variable to your clinic or hospital's registered name so it reads as trustworthy at a glance. Resist the urge to append 'Book your next check-up' or a clinic tagline — that single line will push the template into marketing review, change its billing, and usually get it rejected. If you need a promotional nudge, send it as a separate marketing template after the login is complete.

  • Allowed: the OTP value and your brand/service name
  • Allowed: a copy-code button and an optional one-tap autofill button
  • Not allowed: offers, taglines, emojis, media, or marketing links
  • Keep the security warning line ('Do not share this code') intact

Getting it approved on the first submission

Submit the template under the Authentication category — not Utility — and use Meta's standard OTP structure with a copy-code button. Meta now provides pre-built authentication template formats, and staying inside them is the fastest path to approval; custom free-text authentication bodies are more likely to be flagged. Keep the validity line honest (state the real expiry, commonly 5 or 10 minutes) and always include the 'Do not share this code with anyone' security notice, which reviewers expect to see. Because the body is templated and the OTP arrives as a variable, one approved template covers every language and channel you send it through. In practice, authentication templates like this clear review quickly, often within a day, after which you can send instantly through InfiQ's dashboard or API. If you localise into Hindi, Tamil, Marathi or another language, submit each as a separate language version of the same template so the code placement and button stay identical.

  • Choose Authentication category and Meta's standard OTP format
  • Include a real expiry time and the do-not-share warning
  • Use the copy-code button; add autofill only if your app supports it
  • Submit each language as a version of the same template

What it costs to send — the honest version

Since Meta moved off per-conversation billing on 1 July 2025, WhatsApp charges per delivered message, priced by category. This template sends in the authentication category, which is Meta's lowest-cost tier and well suited to high-volume login and verification traffic. The 24-hour window you may have heard about is a free customer-service window — it is not a billing unit, and OTPs do not depend on it because the patient triggered the action. Your true per-message cost is Meta's live authentication rate plus InfiQ's platform pricing, shown as transparent ₹ pricing (ex-GST) with no hidden line items. For a clinic sending thousands of logins and report unlocks a month, the authentication rate keeps unit economics tight, and the copy-code button reduces failed verifications — so you rarely pay to re-send a code the patient mistyped.

  • Billed per delivered message at Meta's authentication rate
  • Authentication is the lowest-cost WhatsApp category
  • InfiQ adds transparent ₹ pricing (ex-GST)
  • The 24-hour service window is free and separate from this send

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which WhatsApp category does this OTP template use?+
Authentication. One-time passcodes tied to a genuine user action — a login, reset, or verification — belong in the authentication category, which is Meta's lowest-cost tier and the correct classification for this template.
Do OTP messages need patient opt-in?+
Consent and opt-in principles still apply, but authentication messages are inherently user-initiated: the patient asks for the code by logging in or requesting a reset, so the action itself creates the context for the message.
Can I edit the wording of the template?+
Yes, within limits. You can adjust the phrasing, expiry time, and brand name, but you must stay inside authentication category rules — no marketing content or extra buttons — and re-submit the edited version for Meta approval before sending.
How is this OTP message billed?+
Per delivered message at Meta's authentication rate, since WhatsApp moved off per-conversation billing on 1 July 2025. Through InfiQ you pay that live Meta rate plus transparent ₹ platform pricing (ex-GST), with no per-conversation charge.
Why send OTPs on WhatsApp instead of SMS?+
WhatsApp OTPs typically see higher read rates than SMS, arrive with your verified business identity, and use a copy-code button that eliminates manual-entry errors — useful when a patient is verifying a login or unlocking a report under time pressure.
Can I send this OTP in Hindi or a regional language?+
Yes. Create a separate language version of the same template — for example Hindi, Tamil, or Marathi — keeping the code variable and copy-code button identical, and submit each for approval. The OTP itself passes through as a variable regardless of language.
How quickly can I start sending after submitting?+
Authentication templates usually clear Meta review quickly, often within a day. Once approved, you can send instantly through the InfiQ dashboard or API, and you keep full ownership of your WhatsApp Business Account and BSUID.
What is the copy-code button and should I use it?+
It is a one-tap button that copies the OTP to the patient's clipboard so they can paste it without retyping. It is the recommended format for authentication templates and reduces failed verifications, so keep it unless your app supports one-tap autofill instead.

Send secure OTPs your patients actually read

Get this authentication template approved and live on the WhatsApp Business API with InfiQ — transparent ₹ pricing, full BSUID ownership, and support from an official Meta Business Partner in India.