WhatsApp Cloud API setup guide for Indian businesses (step-by-step, 2026) सेटअप

India has 600 million WhatsApp users. If your customer can’t reach you on WhatsApp, you’re leaving a lot on the table. The good news in 2026: Meta’s Cloud API is genuinely production-ready, completely free to host (Meta hosts it), and you don’t need to go through a Business Service Provider (BSP) like Gupshup or Twilio unless you specifically want their UI on top.

This is the guide I wish I’d had when I set up the first one. It assumes you’re a developer (or working with one) and you want the direct Cloud API path — not a BSP wrapper.

शुरुआत What you need before you start

• A registered Indian business with a GSTIN (LLP, Pvt Ltd, Proprietorship all work)
• A Facebook account (personal, but used to admin the business)
• A phone number you can dedicate to WhatsApp Business — it cannot be used in regular WhatsApp simultaneously
• A website with a privacy policy and terms (Meta verifies this)
• A server endpoint with HTTPS (for webhooks)

Allow about 3 working hours of focused work plus 24–72 hours of waiting for Meta’s reviews.

Step 1 — Create a Meta Business Account

Go to business.facebook.com and sign up. Use a corporate email (hello@yourbusiness.com), not Gmail — this signals legitimacy to Meta’s verification team and reduces rejection probability.

In Business Settings → Business Info, submit your business for verification: GSTIN, CIN/LLPIN, registered address, contact phone. Meta will ask for one of: certificate of incorporation, GST registration certificate, or a utility bill in the business name. Upload as PDF.

Step 2 — Create a WhatsApp Business App

Inside Meta Business Suite → App Dashboard → Create App. Choose Business as the app type. Once created, go to the app dashboard and add the WhatsApp product. Meta will generate a test phone number you can use immediately for development.

Note three values from the WhatsApp → Configuration screen:

WhatsApp Business Account ID  →  WABA_ID
Phone Number ID               →  PHONE_NUMBER_ID
Temporary Access Token        →  TEMP_TOKEN  (expires in 24 hours)

Step 3 — Register your real phone number

In WhatsApp → Phone Numbers → Add Phone Number, enter the dedicated number you’ll use. Meta will trigger SMS or voice OTP to verify ownership. Set a display name — this is what customers see in WhatsApp; it should match your registered business name (Meta cross-checks).

Once verified, this number becomes the “sender” for all your API messages. You can’t use it in the regular WhatsApp app or WhatsApp Business app afterward — it’s now “Cloud API only.”

Step 4 — Generate a permanent access token

The 24-hour test token is fine for trying things out. For production you want a permanent token via a System User:

1. Business Settings → Users → System Users → Add
2. Name it something like WhatsApp Production, set role to Admin
3. Click Generate New Token, pick your app, set token expiry to Never
4. Select scopes: whatsapp_business_messaging, whatsapp_business_management, business_management
5. Copy the token immediately — you can’t view it again later

Store this token like a database password (in .env, in your secrets manager). Anyone with this token can send messages from your number and bill your account.

Step 5 — Configure your webhook

Webhooks are how Meta tells you about incoming messages and message status updates (delivered, read, failed). You need an HTTPS endpoint that:

1. Responds to a one-time verify challenge (Meta sends a hub.challenge query param, you echo it back)
2. Accepts POST payloads of inbound messages and status events

In Laravel, the verify endpoint is two lines:

// routes/web.php
Route::get('/webhooks/whatsapp', function (Request $r) {
    return $r->query('hub.verify_token') === config('services.whatsapp.verify_token')
        ? response($r->query('hub.challenge'), 200)
        : response('forbidden', 403);
});

And the POST handler — Meta retries on non-2xx for up to 24 hours, so respond fast (parse async if you need to):

Route::post('/webhooks/whatsapp', function (Request $r) {
    // 1. Verify the X-Hub-Signature-256 header (HMAC SHA-256 of body with app secret)
    // 2. Queue the payload for background processing
    // 3. Return 200 immediately
    dispatch(new ProcessWhatsAppMessage($r->all()));
    return response()->json(['ok' => true]);
});

In Meta Dashboard → WhatsApp → Configuration → Webhook → Edit, paste the URL, set the verify token to match, and subscribe to messages and message_status events.

Step 6 — Create message templates (HSM)

This is the part that catches everyone. You cannot send a free-form message to a user unless they messaged you in the last 24 hours. Outside that 24-hour window, every message must be from a pre-approved Template (also called HSM, “Highly Structured Message”).

Templates live in Meta Business Manager → WhatsApp Manager → Message Templates. When you create one, you pick a category:

• Utility — order updates, account notifications. Cheapest (~₹0.13 in India).
• Authentication — OTPs, login codes. Cheapest tier, strictest formatting.
• Marketing — promotions, offers, abandoned cart. Most expensive (~₹0.75) and most scrutinised.
• Service (auto-applied) — first 1,000/month free, customer-initiated only.

Use placeholders {{1}}, {{2}} for dynamic variables. Example utility template:

Hi {{1}}, your order {{2}} has been dispatched from
{{3}} and is expected by {{4}}.

Track here: {{5}}

Approval takes 24–72 hours. Common rejection reasons:

• Promotional language in a Utility-category template
• URL shorteners (bit.ly, tinyurl) — use full URLs
• Missing opt-in indication (“You’re receiving this because…” helps but isn’t mandatory)
• Policy categories: gambling, weight-loss, predatory lending, adult, cryptocurrency

Step 7 — Send your first message

The endpoint is:

POST https://graph.facebook.com/v19.0/{PHONE_NUMBER_ID}/messages

Authorization: Bearer {YOUR_TOKEN}
Content-Type: application/json

{
  "messaging_product": "whatsapp",
  "to": "919876543210",
  "type": "template",
  "template": {
    "name": "order_dispatched",
    "language": { "code": "en_IN" },
    "components": [{
      "type": "body",
      "parameters": [
        { "type": "text", "text": "Priya" },
        { "type": "text", "text": "ORD‑4821" },
        { "type": "text", "text": "Bengaluru" },
        { "type": "text", "text": "Tomorrow evening" },
        { "type": "text", "text": "https://example.com/track/4821" }
      ]
    }]
  }
}

The phone number is in international format without + (e.g. 919876543210). Response includes a message ID you can correlate with delivery status webhooks.

कीमत Real costs in India, 2026

WhatsApp Cloud API itself is free to host (Meta hosts it; no BSP fee). You pay only per conversation, on the 24-hour window basis:

Category	India price / conversation	Notes
Authentication	~₹0.10	OTPs, login codes
Utility	~₹0.13	Order updates, account alerts
Marketing	~₹0.75	Promotions, offers
Service	Free (first 1,000/month)	Customer-initiated

For a typical SMB doing 5,000 order-update notifications/month, that’s roughly ₹650/month. Marketing campaigns at 10,000 messages = ~₹7,500. Compared to SMS (₹0.20–₹0.30 each), WhatsApp utility is competitive on price and dramatically better on delivery + read rates.

Common pitfalls

• Forgetting the 24-hour window: If a customer ghosts you for a day, your follow-up message must be a Template. Free-form chat after 24h silently fails.
• Quality rating drops: If users block or report you, Meta drops your phone’s quality rating from Green → Yellow → Red. Red = throttled. Avoid spammy templates.
• Number tiers: A new number starts at the “1K-conversation tier” (max 1,000 unique users in 24h). After 7 days of clean usage you tier up to 10K, then 100K, then unlimited. Plan launches around this.
• Webhook signature ignored: Easy to forget, until someone spoofs your webhook and triggers spam. Always verify X-Hub-Signature-256.
• OTP delivery via Marketing template: Expensive, and Meta may flag it. Always use Authentication category for OTPs.

Next steps

Once Cloud API is live, the natural next move is to layer something smart on top:

• A multilingual chatbot that handles 70–85% of queries automatically and hands off cleanly to a human
• An agentic AI workflow — KYC verification, order tracking, abandoned-cart recovery, all autonomous
• Tally / Zoho / Shopify webhooks → WhatsApp notifications (low-code, high-value)

The Cloud API is the foundation. What you build on top is what makes WhatsApp a customer-experience moat instead of just another notification channel.

If you want help — we set up WhatsApp Cloud API for Indian businesses end-to-end. Meta verification, template approval, chatbot, CRM integration, the lot. Tell us about your business; written quote within 24 hours.

Priya Sundaram is AI & Research Lead at Antarix Technology. 11 years in production ML — previously at Microsoft Research. She’s shipped 14 WhatsApp bots for Indian businesses. Reach her on WhatsApp or info@antarixtech.com.