OTP Authentication WhatsApp Template for SaaS
Every SaaS login, password reset and step-up verification lives or dies on whether the code actually reaches the user. On WhatsApp, one-time passcodes land in a chat people already have open — read rates run far ahead of SMS, and the native copy-code button removes the fat-finger typos that create failed logins and support tickets. This is a ready-to-submit, Meta-compliant OTP template built in the authentication category, with the correct copy-code format, two clean variables, and the approval notes that keep it from getting rejected. Copy it, swap in your product name, and go live with InfiQ as an official Meta Business Partner for the WhatsApp Business API in India.
Variables
{{1}}= 492013{{2}}= Flowdeck
Verified business
10:24
Preview · as customers see it
When to reach for this template
Use this template anywhere a user has just taken an action that requires proof of identity: signing in from a new device, resetting a password, confirming a sensitive settings change, approving a payout, or completing a step-up challenge before a high-risk operation. Because it sits in the authentication category, WhatsApp expects it to be triggered by a genuine user event and to contain nothing but the passcode and its handling instructions — no offers, no product news, no links to marketing pages. That constraint is exactly what makes it deliver reliably and qualify for authentication pricing. If you want to guide someone toward a paid upgrade or announce a new feature, that belongs in a separate marketing template, not here.
- New-device or new-browser sign-in
- Password and PIN resets
- Step-up verification before sensitive changes (email, bank details, team owner transfer)
- Reactivating a dormant account or confirming a phone-number change
How the copy-code format works
Authentication templates use a fixed, security-minded shape rather than free-form marketing copy. The body states the code, its validity window, and a do-not-share warning; the single button is a copy-code button that places the passcode on the user's clipboard in one tap. That one tap is the whole point — it eliminates the transcription errors that cause a meaningful share of OTP login failures on SMS, especially on mobile keyboards. Keep {{1}} as the code and {{2}} as your product or brand name so the message reads unmistakably as yours. WhatsApp also lets you enable a zero-tap or one-tap experience on Android via app handshake, but the copy-code fallback shown here works everywhere and is the safest default to submit first.
Getting it approved on the first submission
Submit it as an authentication-category template, not utility and not marketing — misfiling the category is the single most common reason OTP templates bounce. Keep the wording within the authentication pattern: the code variable, a validity statement, and the security warning. Do not add URLs, emojis, promotional language, or a second call-to-action button, since authentication templates are deliberately restricted. Name the template clearly (for example otp_login_v1) so you can version it later without confusion. Approval for well-formed authentication templates is typically quick — often within a day — after which you can send instantly through InfiQ. If you plan to localise, submit each language as its own template rather than trying to smuggle multiple languages into one.
- Category must be Authentication
- Body limited to code, validity and security notice — no promo content
- Copy-code button only; no marketing or link buttons
- Version the template name so edits re-submit cleanly
What it costs to send
WhatsApp bills per delivered message, priced by category, since Meta moved off per-conversation billing on 1 July 2025. This template sends at the authentication rate, which is the cheapest of the categories precisely because these messages are transactional and expected. The free 24-hour service window still exists — if a user replies to your OTP message you can respond inside that window without a template charge — but the window is a service concept, not a billing unit, so plan your budget on delivered authentication messages. Through InfiQ you get transparent ₹ pricing (ex-GST), so the cost of a verification send is predictable line by line as your login volume scales.
Personalisation and localisation
The two variables keep the message unambiguous: {{1}} carries the passcode your system generates, and {{2}} carries the exact product name the user knows you by, which matters when someone runs several SaaS tools and needs to spot which login this code unlocks. Beyond that, resist the urge to add name-drops or extra context — authentication templates are strongest when they are lean. Where personalisation pays off is language: a Hindi, Tamil or Marathi version of the same OTP builds trust with users who prefer their own language, and because each localisation is a separate approved template, InfiQ's template management lets you pick the right one at send time based on the user's locale.
Like this template? Send it live in 24 hours.