Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for NBFCs

Every loan application, mobile-number change, e-mandate setup and account login at an NBFC hinges on one thing: a one-time passcode that actually reaches the borrower. On SMS, OTPs get buried, delayed by carrier throttling, or filed under "spam". On WhatsApp they land in a chat the customer already checks dozens of times a day, with a single-tap copy-code button that removes the manual keying error. This page gives you a ready-to-use, Meta-compliant WhatsApp OTP template built specifically for Indian NBFC verification flows — with the correct Authentication category, the right variables, sample values and the approval notes that keep it from getting rejected. Copy it, swap in your brand and OTP variables, and send it live in about a day through InfiQ.

Authentication
Category
{{1}} OTP, {{2}} brand
Variables
Copy code (one-time-passcode)
Button
10 minutes, recommended
Validity line
Typically within a day
Approval time
Per delivered authentication message
Billing
A Meta-compliant WhatsApp OTP template for NBFC verification: Authentication category, copy-code button, {{1}} passcode and {{2}} brand variables. Billed per delivered authentication message plus InfiQ's transparent ₹ pricing (ex-GST).
authentication

Variables

  • {{1}} = 482915
  • {{2}} = FinServe Capital

Verified business

482915 is your FinServe Capital verification code. It is valid for 10 minutes. For your security, do not share this code with anyone — including anyone claiming to be from FinServe Capital.

10:24

Copy code

Preview · as customers see it

When to send this template

Trigger this OTP the moment a borrower does something that needs verification — and never as a broadcast. In an NBFC journey that usually means: verifying a new applicant's mobile number during onboarding, confirming a login or profile change on the customer portal or app, authorising an e-NACH / e-mandate registration, approving a change to registered bank details or nominee, and step-up authentication before a disbursal or foreclosure request. Because each OTP is tied to a real user action, it fits the Authentication category cleanly. The rule of thumb: if a human just tapped a button or submitted a form and is waiting on-screen for a code, this template is the right response. Send it programmatically via API the instant the action fires so the code arrives while the customer's session is still open.

  • Applicant mobile-number verification during KYC/onboarding
  • Portal or mobile-app login and password reset
  • e-NACH / e-mandate and standing-instruction authorisation
  • Changes to registered bank account, address or nominee
  • Step-up verification before disbursal, top-up or foreclosure

Personalising it the right way

Authentication templates are deliberately lean — Meta does not allow marketing language, links, promotional media or extra call-to-action buttons in this category. So personalisation here is about correctness and trust, not creativity. Use {{2}} to inject your exact registered brand name so the borrower instantly recognises the sender and the anti-phishing line reads naturally ("do not share this code with anyone claiming to be from FinServe Capital"). Keep {{1}} as the numeric OTP only. Match the stated validity (10 minutes above) to what your auth backend actually enforces — a mismatch confuses customers and invites support tickets. If you serve multiple sub-brands or co-lending partners, register a separate template per brand name rather than trying to stretch one, because the sender identity must be unambiguous for a financial credential.

  • {{1}} = the numeric passcode, nothing else
  • {{2}} = your exact registered NBFC / product brand name
  • Keep the validity text in sync with your backend expiry
  • Register one template per distinct brand or co-lending partner

Getting it approved (Authentication rules)

Submit this under the Authentication category, not Utility — Meta reserves Authentication specifically for one-time passcodes and pairs it with the special copy-code (one-time-password) button behaviour and, on supported devices, autofill. Three things get authentication templates rejected: adding any marketing or upsell content, inserting URLs or media, or attaching buttons other than the copy-code / autofill types. Keep the body to the code, the validity, and the do-not-share security line. You do not add the passcode as static text — the platform injects it into the copy-code button at send time, which is why the format looks minimal. Once submitted, authentication templates are usually approved within a day; InfiQ's dashboard shows the live approval status and flags the exact reason if Meta pushes back, so you can fix and resubmit in minutes rather than guessing.

  • Choose Authentication, never Utility or Marketing
  • No links, media, emojis or promotional text in the body
  • Only the copy-code / autofill button is permitted
  • Approval status and rejection reasons are visible in-dashboard

Why WhatsApp beats SMS for NBFC OTPs

For a regulated lender, OTP delivery is not a nice-to-have — a failed code means an abandoned application, a stuck mandate, or a customer stranded mid-disbursal. WhatsApp OTPs typically post materially higher and faster read rates than SMS, land in an app the borrower keeps open, and support the one-tap copy-code button so there is no manual re-keying and fewer 'invalid OTP' retries. Delivery is confirmed with read receipts, so your risk and support teams can see whether the code actually reached the customer instead of trusting a carrier 'sent' status. You can also run WhatsApp as your primary channel with SMS as a fallback where needed. On cost, authentication is one of Meta's lower-priced message categories, and every send is billed per delivered message — you are not charged for a code that never lands.

  • Higher, faster read rates than carrier SMS
  • One-tap copy-code button cuts re-keying errors
  • Read receipts confirm the code actually reached the borrower
  • Authentication is a lower-priced Meta message category

What it costs to send

Since Meta moved off per-conversation billing on 1 July 2025, WhatsApp charges per delivered message and the price depends on the category — here, the Authentication rate. The old 24-hour window still exists, but it is a free service window for replying to customers, not a billing unit; every authentication template you send is priced individually on Meta's live India rate card. Through InfiQ you pay that rate plus InfiQ's own transparent ₹ platform pricing on top, all shown ex-GST with no hidden line items. Because authentication sits at the lower end of Meta's category pricing and a verified borrower usually converts into a completed loan action, the payback on a delivered OTP is fast. Use the cost calculator to slide your monthly OTP volume and see the ₹ figure for your book.

  • Billed per delivered authentication message, not per conversation
  • Priced on Meta's live India rate card for the Authentication category
  • InfiQ adds transparent ₹ platform pricing on top, ex-GST
  • The 24-hour window is a free service window, not a billing unit

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which WhatsApp category does an OTP template use?+
Authentication. Meta reserves this category for one-time passcodes and pairs it with the copy-code button (and autofill on supported devices). Do not submit an OTP as Utility or Marketing — it will be flagged.
Do OTP messages need opt-in?+
Your customer must have consented to be contacted on WhatsApp. Authentication messages are tied to a real action the user just took — a login, a mandate, a KYC step — so consent plus a genuine trigger is what keeps them compliant. They are not a substitute for opt-in.
Can I add my logo, a link or a promo line to the OTP?+
No. Authentication templates cannot contain URLs, media, emojis or any marketing content, and the only permitted button is the copy-code / autofill type. Keep the body to the code, the validity period and the do-not-share security line, or Meta will reject it.
How do the {{1}} and {{2}} variables work here?+
{{1}} is the numeric OTP itself (e.g. 482915) and {{2}} is your exact registered brand name (e.g. FinServe Capital). The platform injects the passcode into the copy-code button at send time, which is why the template body looks minimal.
How fast can I go live with it?+
Authentication templates are usually approved within a day. Once approved, you can trigger the OTP instantly and programmatically through InfiQ's API the moment a borrower's action fires.
What does an OTP message cost to send?+
WhatsApp bills per delivered message by category since 1 July 2025, and OTPs use the lower-priced Authentication rate on Meta's live India rate card. Through InfiQ you pay that rate plus InfiQ's transparent ₹ platform pricing, shown ex-GST.
Can I edit the wording later?+
Yes. You can change the copy — for example the validity duration or the security line — but any edit must stay within the Authentication category rules and be re-submitted to Meta for approval before it goes live.
Will the customer keep control of the WhatsApp number and identity?+
Yes. With InfiQ you retain full ownership of your WhatsApp Business Account and BSUID (the Business-Scoped User ID used for the 2026 WhatsApp usernames change), so your sender identity and history stay yours.

Send OTPs your borrowers actually receive

Get this Authentication template approved and live in about a day — talk to InfiQ, India's official Meta Business Partner, and start verifying customers on WhatsApp with transparent ₹ pricing.