We are sunsetting On-Premises API. Refer to our On-Premises API Sunset document for details, and to learn how to migrate to our next-generation Cloud API.
WhatsApp Business Encryption
/v1/settings/business/whatsapp_business_encryption
The WhatsApp Flows user experience requires an encrypted GraphQL-powered data exchange channel between the WhatsApp mobile consumer client and the third party business endpoint. Businesses generate a 2048-bit RSA key pair to establish the data channel and share their Business Public Key with WhatsApp consumer clients.
Use the /v1/settings/business/whatsapp_business_encryption endpoint to publish and sign your Business Public Key.
Before You Start
The phone number must be successfully registered, and the business must have generated a 2048-bit RSA Key.
Generating a 2048-bit RSA Key Pair
Generate a public and private RSA key pair by typing in the following command:
openssl genrsa -des3 -out private.pem 2048
The generates 2048-bit RSA key pair encrypted with a password you provided and is written to a file.
Next, you need to export the RSA public key to a file:
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
You can then use it, for example, on your web server to encrypt content so that it can only be read with the private key.
Reusing 2048-bit RSA Key Pairs Option
You could also re-use an existing private/public key pair by extracting a public key from existing certificate:
openssl x509 -pubkey -noout -in private.pem > public.pem
Sign Business Public Key
Make a POST API call to sign your business public key. If you have multiple phone numbers linked to a WABA, this API must be called to sign the business public key for each phone number.
In Postman, when inputting the business public key as a parameter in the Body, select x-www-form-urlencoded.
Example
POST /v1/settings/business/whatsapp_business_encryption
{
"public_key": "2048_bit_RSA_key"
}
A successful request returns Http status code 200 and the payload:
{
"meta":
{
"api_status": "stable",
"version": "<latest-api-version>"
}
}
If you encounter any errors, see Error and Status Messages.
Parameters
| Name | Description |
|---|---|
type: String | Required. The generated Business Public Key. |
Get Business Public Key
Make a GET API call to retrieve your business public key.
Example
GET /v1/settings/business/whatsapp_business_encryption
A successful response will have the 2048-bit RSA key and a signature status.
{
"business_public_key": "<2048_bit_RSA_key>"
"business_public_key_signature_status": VALID | MISMATCH
}
If you encounter any errors, see Error and Status Messages.