Cloud API Local Storage gives you the option to control where your message data is stored at rest. If your company is in a regulated industry such as finance, government, or healthcare, you may prefer to have your message data stored in a specific country when at rest because of regulatory or company policies.
Cloud API provides such an extra layer of data protection by implementing additional data management controls. Local Storage feature comprises of two additional constraints in Cloud API runtime environment:
The Local Storage feature is activated by providing an additional parameter during a phone number registration, specifying target location (e.g. country) for persisting data. With such a setting enabled, Cloud API uses a localized storage in the specified country for persisting message content, instead of using its default storage based in the US.
Local Storage feature supplements other Cloud API privacy and security controls, and allows customers to ensure a higher level of compliance with local data protection regulations.
Cloud API implements localization for message content.
The following message flows are covered by Local Storage feature:
The following message types are covered by Local Storage feature:
Also, a limited set of metadata attributes is included in the localized data set, in order to correctly associate encrypted localized message payload with the originally processed message and to audit the fact of localization. Metadata is protected with tokenization and encryption.
The goal of Cloud API Local Storage feature is to allow your business to directly control where your sensitive data-at-rest is stored via Cloud API settings - at the same time giving you flexibility to choose data placement locations globally.
The following regions are currently supported by Cloud API Local Storage, and can be selected during Local Storage feature activation:
Q. How do I enable the Local Storage feature for a phone number? What is the estimated effort required to start using the Local Storage feature?
Enable Local Storage with the existing Registration API. There is minimum effort required from you to start using this feature, and there are no support tickets needed.
Select the phone number for which Local Storage should be activated, send a POST request to the /register endpoint, specifying the country for which data to be localized in a new parameter data_localization_region
.
For example, the following call would enable Local Storage for India:
curl 'https://graph.facebook.com/v19.0
/106540352242922/register' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer EAAJB' \
-d '
{
"messaging_product": "whatsapp",
"pin": "123456",
"data_localization_region": "IN"
}'
With such settings enabled, Cloud API uses a localized storage in the specified country for persisting message content, instead of using its default storage based in the US.
Q. What are the migration paths for moving a phone number to the Cloud API version with Local Storage?
We support all migration paths to Cloud API version with Local Storage, this includes:
In all these scenarios you would need to send a POST request to the /register endpoint for the selected phone number, specifying the target country for which data to be localized in a new parameter data_localization_region
.
Q. Are there any migration risks? Any downtime associated with this?
No migration risks, this is a similar process as migrating from On-Premise API to Cloud API. See our developer documentation here. Downtime is typically less than 5 minutes and no re-verification of the business phone number is required.
Q. How to disable Local Storage feature for a phone number?
Disable Local Storage feature using the existing Registration API.
Select phone number for which Local Storage should be deactivated and send a POST request to the /deregister endpoint. You do not need to specify the country for which Local Storage has been previously enabled.
For example, the following call would disable Local Storage feature (assuming that has been previously enabled for the same phone number):
curl -X POST 'https://graph.facebook.com/v19.0
/106540352242922/deregister' \
-H 'Authorization: Bearer EAAJB...'
With that setting disabled, Cloud API uses its default storage based in the US.