JEM Products | WooCommerce Plugins
JEM Products | WooCommerce Plugins

Integrating WhatsApp with your application can significantly enhance your customer communication capabilities. One essential part of this integration process is configuring webhooks to allow real-time event handling from WhatsApp’s Business API. Whether you are tracking message status, receiving messages, or monitoring user interactions, webhooks serve as the bridge between WhatsApp and your backend services. This tutorial walks through a detailed step-by-step guide on how to configure WhatsApp webhooks for your app.

Understanding WhatsApp Webhooks

Before diving into the configuration, it’s important to understand what webhooks do. A webhook is a mechanism that allows a server (in this case, WhatsApp’s Business server) to notify your application whenever a specific event occurs. For WhatsApp Business API, this includes events such as message delivery, changes in message status, or customer-initiated conversations.

WhatsApp webhooks send HTTP POST requests to a configured URL on your server with event details in JSON format. Configuring your server to receive, parse, and act on this JSON payload is a crucial part of this integration.

Prerequisites

  • Access to Meta for Developers console
  • An approved WhatsApp Business API account
  • A publicly accessible HTTPS URL (can use ngrok during development)
  • Basic knowledge of web development and REST APIs

Step-by-Step Guide to Configuring WhatsApp Webhooks

Step 1: Set Up Your Webhook Endpoint

Create a server endpoint that can handle HTTPS POST requests. This endpoint should capture and log incoming requests for inspection. Here’s a basic example using Node.js and Express:


const express = require('express');
const bodyParser = require('body-parser');

const app = express();
app.use(bodyParser.json());

app.post('/webhook', (req, res) => {
  console.log('Webhook received:', JSON.stringify(req.body, null, 2));
  res.sendStatus(200);
});

app.listen(3000, () => {
  console.log('Server listening on port 3000');
});

During development, use a tunneling service like ngrok to expose this local server to the internet:

ngrok http 3000

This will give you a publicly accessible HTTPS URL (e.g. https://1234-56-78-90.ngrok.io).

Step 2: Create a WhatsApp App in Meta for Developers

1. Go to the Meta for Developers portal.

2. Click on “My Apps” and then “Create App”.

3. Choose Business as the app type and proceed.

4. Follow the registration steps and select WhatsApp as a product during setup.

Once created, you’ll be provided with a WhatsApp Business API test number and a temporary access token.

Step 3: Configure Webhook URL and Verify Token

Within your WhatsApp app settings in the Developer Portal:

  1. Navigate to “WhatsApp” > “Configuration”.
  2. Click “Edit” or “Add webhook” and input:
    • Callback URL: the HTTPS URL from your endpoint (e.g., from ngrok).
    • Verify Token: a string your server uses to confirm Facebook’s webhook request (e.g., “my_secret_token“).

On the server side, add a GET route to verify the token:


app.get('/webhook', (req, res) => {
  const VERIFY_TOKEN = 'my_secret_token';

  const mode = req.query['hub.mode'];
  const token = req.query['hub.verify_token'];
  const challenge = req.query['hub.challenge'];

  if (mode && token === VERIFY_TOKEN) {
    res.status(200).send(challenge);
  } else {
    res.sendStatus(403);
  }
});

Once the verification process is successful, WhatsApp will start sending webhook payloads to this endpoint.

Step 4: Subscribe to Webhook Fields

Now, you must configure what sort of events you want to listen for. Most commonly used WhatsApp webhook topics include:

  • messages – Incoming messages from users
  • message_deliveries – Message delivery receipts
  • message_reads – When a user reads a message
  • message_status – Status updates about sent messages

To do this:

  1. Go to your app dashboard.
  2. Select “Webhooks” under the app settings.
  3. Click “Subscribe to events” for the WhatsApp product and check the desired fields.

Step 5: Handle Incoming Webhook Events

When your webhook URL is hit, Facebook/WhatsApp sends a JSON payload. Here’s an example of the structure:


{
  "object": "whatsapp_business_account",
  "entry": [
    {
      "id": "123456789",
      "changes": [
        {
          "value": {
            "messages": [...],
            "contacts": [...],
            ...
          },
          "field": "messages"
        }
      ]
    }
  ]
}

You need to parse this structure, retrieve the relevant data, and implement logic in your app such as saving it in a database or triggering notifications.

Security Best Practices

  • IP Whitelisting: Restrict incoming webhook requests to known Facebook IP addresses.
  • Token Verification: Always verify the token during webhook setup to avoid spoofing.
  • Payload Validation: Add checksum or HMAC validation if needed for sensitive data.

Testing Your Webhook

Use the webhook testing tools provided in the Meta dashboard. You can simulate sending messages to your test number and observe how they arrive at your webhook endpoint. Alternatively, use cURL to send POST requests to mimic incoming data for local testing.

Summary

By following the steps outlined above, you can effectively configure WhatsApp webhooks and enable your app to receive real-time updates from the WhatsApp Business API. This not only allows your app to process incoming messages automatically but also lets you build a more dynamic and responsive communication experience for users. Invest time in handling these events correctly, and you’ll open the door for integrations such as CRM syncing, automated replies, analytics, and more.

Frequently Asked Questions (FAQ)

  • Q: What’s the difference between a webhook and an API?
    A webhook pushes data to your app, while an API requires your app to pull data by making requests.
  • Q: Can I test WhatsApp webhooks without a live phone number?
    Yes, Meta provides a sandboxed test number as part of the developer console for testing purposes.
  • Q: Do I need to renew the access token?
    Yes, the temporary token provided during setup expires in 24 hours. You’ll need to generate a permanent one for production.
  • Q: Are webhook messages encrypted?
    No, webhook data is not encrypted by default but is sent over HTTPS. For extra security, you can implement additional encrypted channels if needed.
  • Q: Can I subscribe to multiple webhook events?
    Yes, you can subscribe to multiple fields like messages, message_deliveries, and message_reads.

Have a problem? Need Some Help?

Tell us a little bit about how we can help you – whether that is some help with a plugin or you need a custom site.
We’ll get back to you quickly!
Contact Us Now
About us

Hi! We’re a WooCommerce plugin development company based in Charlotte, NC. We create amazing WooCommerce plugins to help you grow your business.

Quick Links
Plugins

Copyright © 2024 | WooCommerce Plugins by JEM Products | All rights Reserved

The WordPress® trademark is the intellectual property of the WordPress Foundation. Uses of the WordPress® name in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation. WebFactory Ltd is not endorsed or owned by, or affiliated with, the WordPress Foundation.

Scroll to Top
Scroll to Top