Whatsapp Webhook Handler
Goal
To successfully receive, verify, and process real-time notifications from the WhatsApp Business Platform.
Capabilities
- •Verification: Implement the
hub.challengehandshake for endpoint setup. - •Security: Validate the
X-Hub-Signature-256HMAC-SHA256 signature. - •Payload Parsing: Extract data from incoming messages (text, media, interactive) and status updates.
- •Error Handling: Process account alerts and template status changes.
Workflow
1. Verification Handshake (GET)
When configuring the webhook in Meta dashboard, the server must handle:
- •Params:
hub.mode,hub.verify_token,hub.challenge. - •Response: Return the
hub.challengeas the response body with status 200.
2. Event Processing (POST)
Security Check:
Generate sha256 of raw body using your App Secret. Compare with X-Hub-Signature-256 header (prefixed with sha256=).
Parsing Hierarchy:
- •Check
entry[].changes[].value.messages[]for user input. - •Check
entry[].changes[].value.statuses[]for delivery/pricing info. - •Check
entry[].changes[].valueforaccount_updateortemplate_status_update.
3. Response Requirements
- •ALWAYS return
200 OKpromptly to acknowledge receipt. - •Process long-running logic asynchronously to avoid timeout (Meta retries for 7 days if you fail).
Constraints
- •Batching: Payload can contain multiple
entryandchangesitems. - •Media: For media webhooks, extract the
idand use the/mediaendpoint to download the file (URLs expire in 5m).
Reference
- •Payload Examples: See
references/webhook_examples.mdfor JSON structures of Text, Interactive, and Status events.