OTP Authentication WhatsApp Template for Retail
Sending one-time passcodes over SMS is where retail logins quietly leak: delayed carrier routing, spam filters, and codes that arrive after the timer expires. A WhatsApp OTP delivered through the authentication category lands in a chat your customer already trusts, with a one-tap copy-code button that removes fat-finger errors at checkout, account recovery, or first login. This page gives you a Meta-compliant OTP authentication template built for Indian retail, with the exact wording, the two variables you fill in, sample values, and the approval details that get it live — usually within a day — so you can start verifying customers on WhatsApp instead of hoping an SMS gets through.
Variables
{{1}}= 482913{{2}}= NovaMart
Verified business
10:24
Preview · as customers see it
When to reach for this template
Use the authentication OTP template at any moment a retail customer proves they are who they say they are: signing in to their account, confirming a new device or number, resetting a password, authorising a high-value order, unlocking a stored payment method, or claiming loyalty points. The authentication category exists for exactly these action-triggered codes — it is not a channel for offers, order updates, or nudges. If the message you want to send is a delivery status or an invoice, that belongs in the utility category; if it is a promotion, it is marketing. Keep OTP messages strictly about the code and its safe use, and reserve them for a verification the customer actively started, so the message always arrives with obvious context.
- Account login and passwordless sign-in
- New-device or new-number verification
- Password or PIN reset flows
- Authorising a high-value or first-time order
- Recovering a locked account or wallet
Personalising the code and the copy-code button
This template is deliberately lean: {{1}} carries the numeric code your system generates and {{2}} carries your brand name so the customer instantly recognises the sender. Authentication templates are the one category where you should resist adding a first name, product, or store context — Meta's guidelines keep OTP messages to the code, its validity window, and a security note, and extra personalisation risks rejection or a downgrade out of the authentication category. The real ergonomic win is the Copy code button: instead of squinting between two apps, the customer taps once and the code is on their clipboard, ready to paste. Set your validity window in the body to match your backend timeout so 'valid for 10 minutes' is truthful, and generate a fresh code per request rather than reusing one.
- {{1}} — the one-time code, generated per request
- {{2}} — your brand name, kept identical across both mentions
- Copy code button auto-copies {{1}} on tap
- Keep the stated validity window in sync with your backend timeout
Getting it approved as Authentication
Submit this template under the authentication category, not utility or marketing. Meta reviews authentication templates against a tight pattern: they must deliver a code and may include a security reminder and an expiry, and they cannot carry any promotional language, links to your store, tracking URLs, or media. The copy-code button is the standard, expected button type for this category — avoid quick-reply or website buttons here. Name the template clearly (for example otp_login_v1) so you can version it, and keep the body wording stable across languages if you localise. Most authentication templates clear review within a day; if you are rejected, it is almost always because a marketing phrase or an unexpected button slipped in, so strip the message back to code, brand, validity, and the do-not-share warning and resubmit.
- Category must be Authentication
- No offers, links, tracking parameters, or media
- Use the copy-code button, not quick-reply or URL buttons
- Version your template name for clean re-submissions
- Localised variants should mirror the same structure
What it costs to send
WhatsApp bills per delivered message by category, and authentication messages sit on Meta's authentication rate card — the lowest-cost tier for India, well below marketing. Since Meta moved off per-conversation billing on 1 July 2025, you are charged for each authentication message that is actually delivered, not for a bundled 24-hour window; the 24-hour service window remains a free reply window for support, not a billing unit. Because OTPs are triggered one-to-one by a real user action, volume tracks your genuine login and verification traffic, which keeps spend predictable. With InfiQ you pay transparent ₹ pricing on Meta's live authentication rate card (ex-GST), so the per-message cost is easy to forecast against your monthly verification volume.
- Priced on Meta's authentication rate card — the cheapest India category
- Billed per delivered message since 1 July 2025, not per conversation
- The 24-hour service window is a free reply window, not a billing unit
- Transparent ₹ pricing, ex-GST
Sibling templates for the full retail journey
An OTP verifies who the customer is, but the moments around it deserve their own approved templates. Once a shopper is logged in and has placed an order, an order-confirmation utility template closes the loop with an order number and summary. For cash-on-delivery, a COD-confirmation template reduces failed deliveries by asking the customer to confirm before dispatch. And when a session ends without a purchase, an abandoned-cart marketing template — with a clear opt-out line — can win the sale back. Keeping each of these as a separate, correctly categorised template means every message is billed at the right rate and clears review on its own terms, rather than being stretched to do a job it was not designed for.
- Order confirmation — utility, sent after a purchase
- COD confirmation — utility, to cut failed deliveries
- Abandoned cart — marketing, with a required opt-out line
Like this template? Send it live in 24 hours.