Skip to content
Meta Business Partner

OTP Authentication WhatsApp Template for SaaS

Every SaaS login, password reset and step-up verification lives or dies on whether the code actually reaches the user. On WhatsApp, one-time passcodes land in a chat people already have open — read rates run far ahead of SMS, and the native copy-code button removes the fat-finger typos that create failed logins and support tickets. This is a ready-to-submit, Meta-compliant OTP template built in the authentication category, with the correct copy-code format, two clean variables, and the approval notes that keep it from getting rejected. Copy it, swap in your product name, and go live with InfiQ as an official Meta Business Partner for the WhatsApp Business API in India.

Authentication
Category
{{1}} code, {{2}} brand
Variables
Copy code
Button
Per delivered message (auth rate)
Billing
Often within a day
Typical approval
SaaS logins, resets, step-up
Best for
An authentication-category WhatsApp OTP template for SaaS, with a copy-code button, two variables, approval tips, and honest per-message pricing. Ready to submit and send via InfiQ.
authentication

Variables

  • {{1}} = 492013
  • {{2}} = Flowdeck

Verified business

492013 is your Flowdeck verification code. It is valid for 10 minutes. For your security, do not share this code with anyone.

10:24

Copy code

Preview · as customers see it

When to reach for this template

Use this template anywhere a user has just taken an action that requires proof of identity: signing in from a new device, resetting a password, confirming a sensitive settings change, approving a payout, or completing a step-up challenge before a high-risk operation. Because it sits in the authentication category, WhatsApp expects it to be triggered by a genuine user event and to contain nothing but the passcode and its handling instructions — no offers, no product news, no links to marketing pages. That constraint is exactly what makes it deliver reliably and qualify for authentication pricing. If you want to guide someone toward a paid upgrade or announce a new feature, that belongs in a separate marketing template, not here.

  • New-device or new-browser sign-in
  • Password and PIN resets
  • Step-up verification before sensitive changes (email, bank details, team owner transfer)
  • Reactivating a dormant account or confirming a phone-number change

How the copy-code format works

Authentication templates use a fixed, security-minded shape rather than free-form marketing copy. The body states the code, its validity window, and a do-not-share warning; the single button is a copy-code button that places the passcode on the user's clipboard in one tap. That one tap is the whole point — it eliminates the transcription errors that cause a meaningful share of OTP login failures on SMS, especially on mobile keyboards. Keep {{1}} as the code and {{2}} as your product or brand name so the message reads unmistakably as yours. WhatsApp also lets you enable a zero-tap or one-tap experience on Android via app handshake, but the copy-code fallback shown here works everywhere and is the safest default to submit first.

Getting it approved on the first submission

Submit it as an authentication-category template, not utility and not marketing — misfiling the category is the single most common reason OTP templates bounce. Keep the wording within the authentication pattern: the code variable, a validity statement, and the security warning. Do not add URLs, emojis, promotional language, or a second call-to-action button, since authentication templates are deliberately restricted. Name the template clearly (for example otp_login_v1) so you can version it later without confusion. Approval for well-formed authentication templates is typically quick — often within a day — after which you can send instantly through InfiQ. If you plan to localise, submit each language as its own template rather than trying to smuggle multiple languages into one.

  • Category must be Authentication
  • Body limited to code, validity and security notice — no promo content
  • Copy-code button only; no marketing or link buttons
  • Version the template name so edits re-submit cleanly

What it costs to send

WhatsApp bills per delivered message, priced by category, since Meta moved off per-conversation billing on 1 July 2025. This template sends at the authentication rate, which is the cheapest of the categories precisely because these messages are transactional and expected. The free 24-hour service window still exists — if a user replies to your OTP message you can respond inside that window without a template charge — but the window is a service concept, not a billing unit, so plan your budget on delivered authentication messages. Through InfiQ you get transparent ₹ pricing (ex-GST), so the cost of a verification send is predictable line by line as your login volume scales.

Personalisation and localisation

The two variables keep the message unambiguous: {{1}} carries the passcode your system generates, and {{2}} carries the exact product name the user knows you by, which matters when someone runs several SaaS tools and needs to spot which login this code unlocks. Beyond that, resist the urge to add name-drops or extra context — authentication templates are strongest when they are lean. Where personalisation pays off is language: a Hindi, Tamil or Marathi version of the same OTP builds trust with users who prefer their own language, and because each localisation is a separate approved template, InfiQ's template management lets you pick the right one at send time based on the user's locale.

Like this template? Send it live in 24 hours.

Talk to InfiQ

Use this template in your account

Tell us your volume — we’ll load your templates and get you a sandbox in about 2 hours.

Step 1 of 2
WhatsApp

Protected by invisible spam checks · replies within 1 working day

Frequently asked questions

Which category should this template use?+
Authentication. OTP and verification codes must be submitted in the authentication category, which is reserved for user-triggered login and identity-verification codes and carries the lowest per-message rate.
Do I still need opt-in for OTP messages?+
Consent and a legitimate triggering action still apply. Authentication messages are tied to a real event the user initiated — a sign-in or reset — so send them only in direct response to that action, not as unsolicited outreach.
Can I change the wording?+
Yes, within authentication category rules. You can adjust the validity window or phrasing of the security warning, but you cannot add marketing content, links or extra buttons. Any edit re-enters approval, so version the template name.
How is this billed now?+
WhatsApp charges per delivered message by category since 1 July 2025, not per conversation. This template sends at the authentication rate. If the user replies, the free 24-hour service window lets you respond without a template charge, but budgeting is based on delivered messages.
Why WhatsApp instead of SMS for OTP?+
WhatsApp OTPs typically see higher read rates, the copy-code button removes transcription errors, and delivery on WhatsApp is often more reliable in India than DLT-throttled SMS routes — which means fewer failed logins and fewer support tickets.
How fast can I go live?+
After the template is approved — usually within a day for a well-formed authentication template — you can send instantly through InfiQ using your own WhatsApp Business Account and BSUID.
Can I send it in Hindi or regional languages?+
Yes. Submit each language as its own authentication template. InfiQ's template management then selects the correct language version at send time based on the user's locale.
Does the copy-code button work on every device?+
The copy-code button is the universal, safe default and works across devices. Android additionally supports one-tap and zero-tap autofill via an app handshake, but the copy-code fallback is what you should submit first.