Cloud API Local Storage gives you the option to control where your message data is stored at rest. If your company is in a regulated industry such as finance, government, or healthcare, you may prefer to have your message data stored in a specific country when at rest because of regulatory or company policies.
Cloud API Local Storage provides such an extra layer of data protection by implementing additional data management controls. Local Storage feature comprises of two additional constraints in Cloud API runtime environment:
Once Local Storage is enabled for a business phone number, Cloud API Local Storage uses a localized storage in the specified country for persisting message content, instead of using its default storage based in the US.
Local Storage feature supplements other Cloud API privacy and security controls, and allows customers to ensure a higher level of compliance with local data protection regulations.
Cloud API implements localization for message content. The following message flows are covered by Local Storage feature:
The following message types are covered by Local Storage feature:
Also, a limited set of metadata attributes is included in the localized data set, in order to correctly associate the encrypted localized message payload with the originally processed message and to audit the fact of localization. The stored metadata is protected with tokenization and encryption.
The goal of Cloud API Local Storage feature is to allow your business to directly control where your sensitive data-at-rest is stored via Cloud API settings - at the same time giving you flexibility to choose data placement locations globally.
The regions permitted by Cloud API Local Storage are reflected in the Meta Hosting Terms for Cloud API. The regions currently available for Local Storage can be found under the data_localization_region
parameter set during phone number registration.
Local Storage can only be enabled or disabled on business phone numbers when they are in an unregistered state.
Media files uploaded by a phone number with Local Storage enabled are only accessible to that specific phone number and cannot be shared with other phone numbers associated with the business.
Follow the steps below to enable local storage for an unregistered business phone number using API version 21.0 or newer. If you are using an older API version, see Enabling Local Storage (v20 and older).
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/settings endpoint to enable local storage on the unregistered business phone number:
POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/settings { "storage_configuration": { "status": "IN_COUNTRY_STORAGE_ENABLED", "data_localization_region": "<COUNTRY_CODE>" } }
Set <COUNTRY_CODE>
to the country code of the country where data-at-rest should be stored.
{ "success": <SUCCESS> }
Upon success, <SUCCESS>
will be set to true
.
curl 'https://graph.facebook.com/v21.0
/106540352242922/settings' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer EAAJB...' \
-d '
{
"storage_configuration": {
"status": "IN_COUNTRY_STORAGE_ENABLED",
"data_localization_region": "BR"
}
}'
{ "success": true }
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/register endpoint to register the business phone number.
POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/register { "messaging_product": "whatsapp", "pin": "<TWO_STEP_PIN>" }
Set <TWO_STEP_PIN>
to the desired two-step verification PIN for the business phone number.
{ "success": <SUCCESS> }
Upon success, <SUCCESS>
will be set to true
.
curl 'https://graph.facebook.com/v21.0/v21.0
/register' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer EAAJB...' \
-d '
{
"messaging_product": "whatsapp",
"pin": "123456"
}'
{ "success": true }
Use the GET /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/settings endpoint to get local storage settings on a WhatsApp Business Phone Number. For example:
curl 'https://graph.facebook.com/v21.0
/179776755229976/settings' \
-H 'Authorization: Bearer EAAJB...'
This returns a node that represents the local storage settings on the business phone number. For example:
{ "storage_configuration": { "status": "IN_COUNTRY_STORAGE_ENABLED", "data_localization_region": "BR" } }
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/settings endpoint to disable local storage on an unregistered business phone number using API version 21.0 or newer. If you are using an older API version, see Disabling Local Storage (v20 and older).
POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID/>settings { "storage_configuration": { "status": "IN_COUNTRY_STORAGE_DISABLED" } }
Set <COUNTRY_CODE>
to the country code of the country where data-at-rest should be stored.
{ "success": <SUCCESS> }
Upon success, <SUCCESS>
will be set to true
.
curl 'https://graph.facebook.com/v21.0
/106540352242922/settings' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer EAAJB...' \
-d '
{
"storage_configuration": {
"status": "IN_COUNTRY_STORAGE_DISABLED"
}
}'
{ "success": true }
To enable local storage for an unregistered business phone number using API version 20.0 or older):
Use the GET /<WHATSAPP_BUSINESS_PHONE_NUMBER> endpoint and request the code_verification_status
field. If the code verification status is VERIFIED
, skip to step 4. Otherwise, proceed to step 2.
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/request_code endpoint to request a verification code. Upon success, the API will respond with true
and a verification code will be sent to the business phone number via the method specified in the code_method
parameter.
For example, this query requests a verification code to be sent via SMS in the English language (US locale).
curl -X POST 'https://graph.facebook.com/v21.0
/110200345501442/request_code?code_method=SMS&language=en_US' \
-H 'Authorization: Bearer EAAJB...'
Use the code in the delivered message in the next step.
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/verify_code endpoint to verify the business phone number using the verification code included in the message you received from the previous step.
For example:
curl -X POST 'https://graph.facebook.com/v21.0
/110200345501442/verify_code?code=123830' \
-H 'Authorization: Bearer EAAJB...'
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/register endpoint to register the business phone number. Indicate the country where data-at-rest should be stored using the data_localization_region
parameter.
For example, this request enables local storage on a business phone number, and sets the country where data should be stored to India:
curl 'https://graph.facebook.com/v21.0
/110200345501442/register' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer EAAJB...' \
-d '
{
"messaging_product": "whatsapp",
"pin": "123456",
"data_localization_region": "IN"
}'
Use the POST /<WHATSAPP_BUSINESS_PHONE_NUMBER_ID>/deregister endpoint to disable local storage on a business phone number using API version 20.0 or older.
For example:
curl -X POST 'https://graph.facebook.com/v21.0
/110200345501442/deregister' \
-H 'Authorization: Bearer EAAJB...'
Note that this deregisters the business phone number so it cannot be used with WhatsApp Cloud API. If you want to continue using it with Cloud API but without local storage enabled, you must reregister it without including the data_localization_region
parameter.
Q. What are the migration paths for moving a phone number to the Cloud API version with Local Storage?
We support all migration paths to Cloud API version with Local Storage, this includes:
In all these scenarios you would need to send a POST request to the /register endpoint for the selected phone number, specifying the target country for which data to be localized in a new parameter data_localization_region
.
Q. Are there any migration risks? Any downtime associated with this?
No migration risks, this is a similar process as migrating from On-Premise API to Cloud API. See our developer documentation here. Downtime is typically less than 5 minutes and no re-verification of the business phone number is required.