Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for Retail

Sending one-time passcodes over SMS is where retail logins quietly leak: delayed carrier routing, spam filters, and codes that arrive after the timer expires. A WhatsApp OTP delivered through the authentication category lands in a chat your customer already trusts, with a one-tap copy-code button that removes fat-finger errors at checkout, account recovery, or first login. This page gives you a Meta-compliant OTP authentication template built for Indian retail, with the exact wording, the two variables you fill in, sample values, and the approval details that get it live — usually within a day — so you can start verifying customers on WhatsApp instead of hoping an SMS gets through.

Authentication
Category
{{1}} code, {{2}} brand
Variables
Copy code
Button
Per delivered message (auth rate card)
Billing
Usually within a day
Approval time
Login, reset, order authorisation
Best for
A ready-to-submit WhatsApp OTP authentication template for retail: authentication category, a copy-code button, {{1}} for the code and {{2}} for your brand, plus approval tips and honest ₹ pricing on Meta's live authentication rate card.
authentication

Variables

  • {{1}} = 482913
  • {{2}} = NovaMart

Verified business

482913 is your NovaMart verification code. It is valid for 10 minutes. For your security, do not share this code with anyone — not even someone claiming to be from NovaMart.

10:24

Copy code

Preview · as customers see it

When to reach for this template

Use the authentication OTP template at any moment a retail customer proves they are who they say they are: signing in to their account, confirming a new device or number, resetting a password, authorising a high-value order, unlocking a stored payment method, or claiming loyalty points. The authentication category exists for exactly these action-triggered codes — it is not a channel for offers, order updates, or nudges. If the message you want to send is a delivery status or an invoice, that belongs in the utility category; if it is a promotion, it is marketing. Keep OTP messages strictly about the code and its safe use, and reserve them for a verification the customer actively started, so the message always arrives with obvious context.

  • Account login and passwordless sign-in
  • New-device or new-number verification
  • Password or PIN reset flows
  • Authorising a high-value or first-time order
  • Recovering a locked account or wallet

Personalising the code and the copy-code button

This template is deliberately lean: {{1}} carries the numeric code your system generates and {{2}} carries your brand name so the customer instantly recognises the sender. Authentication templates are the one category where you should resist adding a first name, product, or store context — Meta's guidelines keep OTP messages to the code, its validity window, and a security note, and extra personalisation risks rejection or a downgrade out of the authentication category. The real ergonomic win is the Copy code button: instead of squinting between two apps, the customer taps once and the code is on their clipboard, ready to paste. Set your validity window in the body to match your backend timeout so 'valid for 10 minutes' is truthful, and generate a fresh code per request rather than reusing one.

  • {{1}} — the one-time code, generated per request
  • {{2}} — your brand name, kept identical across both mentions
  • Copy code button auto-copies {{1}} on tap
  • Keep the stated validity window in sync with your backend timeout

Getting it approved as Authentication

Submit this template under the authentication category, not utility or marketing. Meta reviews authentication templates against a tight pattern: they must deliver a code and may include a security reminder and an expiry, and they cannot carry any promotional language, links to your store, tracking URLs, or media. The copy-code button is the standard, expected button type for this category — avoid quick-reply or website buttons here. Name the template clearly (for example otp_login_v1) so you can version it, and keep the body wording stable across languages if you localise. Most authentication templates clear review within a day; if you are rejected, it is almost always because a marketing phrase or an unexpected button slipped in, so strip the message back to code, brand, validity, and the do-not-share warning and resubmit.

  • Category must be Authentication
  • No offers, links, tracking parameters, or media
  • Use the copy-code button, not quick-reply or URL buttons
  • Version your template name for clean re-submissions
  • Localised variants should mirror the same structure

What it costs to send

WhatsApp bills per delivered message by category, and authentication messages sit on Meta's authentication rate card — the lowest-cost tier for India, well below marketing. Since Meta moved off per-conversation billing on 1 July 2025, you are charged for each authentication message that is actually delivered, not for a bundled 24-hour window; the 24-hour service window remains a free reply window for support, not a billing unit. Because OTPs are triggered one-to-one by a real user action, volume tracks your genuine login and verification traffic, which keeps spend predictable. With InfiQ you pay transparent ₹ pricing on Meta's live authentication rate card (ex-GST), so the per-message cost is easy to forecast against your monthly verification volume.

  • Priced on Meta's authentication rate card — the cheapest India category
  • Billed per delivered message since 1 July 2025, not per conversation
  • The 24-hour service window is a free reply window, not a billing unit
  • Transparent ₹ pricing, ex-GST

Sibling templates for the full retail journey

An OTP verifies who the customer is, but the moments around it deserve their own approved templates. Once a shopper is logged in and has placed an order, an order-confirmation utility template closes the loop with an order number and summary. For cash-on-delivery, a COD-confirmation template reduces failed deliveries by asking the customer to confirm before dispatch. And when a session ends without a purchase, an abandoned-cart marketing template — with a clear opt-out line — can win the sale back. Keeping each of these as a separate, correctly categorised template means every message is billed at the right rate and clears review on its own terms, rather than being stretched to do a job it was not designed for.

  • Order confirmation — utility, sent after a purchase
  • COD confirmation — utility, to cut failed deliveries
  • Abandoned cart — marketing, with a required opt-out line

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which WhatsApp category is this template?+
Authentication. It is built purely to deliver a one-time verification code with a copy-code button, which is exactly what the authentication category is for — and it is billed on Meta's authentication rate card, the lowest-cost India tier.
Do OTP messages need opt-in?+
Consent still applies as a baseline, but authentication messages are tied to a real action the customer just initiated — a login, reset, or verification — so they arrive with clear context. You should only send an OTP in response to a genuine user request, never as an unsolicited blast.
Can I edit the wording of the OTP message?+
Yes, within the authentication category rules. You can adjust the validity window, the security warning, and how the brand reads, but you must keep it code-focused with no offers, links, or media, and then resubmit the edited template for approval.
How fast can I start sending after submitting?+
Authentication templates usually clear Meta review within a day. Once approved, you can send instantly through InfiQ, triggering a fresh code per verification request in real time.
How is an OTP message billed?+
WhatsApp charges per delivered message on the authentication rate card. Since Meta ended per-conversation billing on 1 July 2025, you pay for each delivered OTP rather than a 24-hour bundle. The 24-hour window is only a free service reply window, not a billing unit.
Should I add the customer's name to the OTP?+
No. Authentication templates should stay limited to the code, brand, validity, and a do-not-share note. Adding names, products, or store context risks rejection or being pushed out of the authentication category, so keep it lean and use the copy-code button for the experience win.
What does the copy-code button do?+
It lets the customer tap once to copy the code in {{1}} straight to their clipboard, so they can paste it into your app or site without switching back and forth or mistyping — which measurably reduces failed verifications.
Why WhatsApp instead of SMS for OTPs?+
WhatsApp OTPs typically see higher read rates and faster, more reliable delivery than SMS, which can be delayed by carrier routing or caught in spam filters. The copy-code button also removes manual entry errors at the exact moment a code's short timer is running down.