I am currently facing an issue with the Meta Cloud API and WhatsApp Business API and I'm seeking some guidance.
Issue Description:
I have a WhatsApp chatbot for customers, and to facilitate testing and development, I've set up three different environments (stages). Each stage has its own test number and is associated with a separate app using the Meta Cloud API and WhatsApp Business API. Every app is connected to its unique webhook and is subscribed to the 'messages' field.
However, I am encountering an unexpected behavior where every webhook is receiving events from all other numbers, not just its corresponding number.
Setup Details:
For each app, I have the following configuration in the meta developer web app:
Quickstart Configuration: To get alerted when you receive a message or when a message's status has changed, a Webhooks endpoint is set up for each app.
Callback URL: Each app has a different callback URL, something like https://.....com/webhook.
Verify token: Different for each app
What actually happens:
Despite having distinct endpoints and configurations for each app, messages intended for one stage are being received by the webhooks of the other stages as well.
Object received from Meta Cloud API when I send "hi" to the test number – gets delivered to all three webhooks:
{
"object": "whatsapp_business_account",
"entry": [
{
"id": "id_1",
"changes": [
{
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "test_stage_phone_no",
"phone_number_id": "test_stage_phone_no_id"
},
"contacts": [
{
"profile": {
"name": "Leon"
},
"wa_id": "my_phone_number"
}
],
"messages": [
{
"from": "my_phone_number",
"id": "wamid.HBgNNDk...",
"timestamp": "1704481181",
"text": {
"body": "hi"
},
"type": "text"
}
]
},
"field": "messages"
}
]
}
]
}
Object received from Meta Cloud API when I send "hi" to the production number – gets delivered to all three webhooks:
{
"object": "whatsapp_business_account",
"entry": [
{
"id": "id_2",
"changes": [
{
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "prod_stage_phone_no",
"phone_number_id": "prod_stage_phone_no_id"
},
"contacts": [
{
"profile": {
"name": "Leon"
},
"wa_id": "my_phone_number"
}
],
"messages": [
{
"from": "my_phone_number",
"id": "wamid.HBgNN...",
"timestamp": "1704482444",
"text": {
"body": "hi"
},
"type": "text"
}
]
},
"field": "messages"
}
]
}
]
}
As a temporary workaround, in my webhook, I am checking the WhatsApp Business ID from which the message originates and filtering out messages that don't match the Business ID associated with that stage. However, I believe there should be a way to ensure each webhook only receives messages for its specific app.
Questions:
Has anyone else experienced this issue with the Meta Cloud API and WhatsApp Business API?
Is there a configuration step I might be missing that would ensure each webhook only receives messages intended for its associated app? Are there any best practices or additional settings I should consider to isolate the webhook events to their respective apps?
I followed a Facebook article and it worked perfectly! Mentioned article: https://developers.facebook.com/docs/whatsapp/embedded-signup/webhooks
If you want to receive an individual Webhook response for each APP without needing to create a new business, follow the article above.
In my case, I needed an individual Webhook for 3 numbers.
In summary, I did the following:
I checked which Webhook subscriptions existed for each of my WhatsApp Business numbers.
Method: GET
URL: https://graph.facebook.com/{{VERSION}}/{{ID_WHATSAPP_BUSINESS}}/subscribed_apps
Headers: Bearer {{TOKEN_SUPREME or TOKEN_TEMPORARY_ANY_APP}}
After checking which Webhook subscriptions existed for each WhatsApp Business number, I cleared all Webhook subscriptions for all my WhatsApp Business numbers.
Method: DELETE
URL: https://graph.facebook.com/{{VERSION}}/{{ID_WHATSAPP_BUSINESS}}/subscribed_apps
Headers: Bearer {{TOKEN_SUPREME}}
The TOKEN_SUPREME, which is a token with higher level access, was able to delete all Webhook subscriptions at once, but it's also possible to repeat the request several times by changing the token to a temporary token for each APP. This way, it's possible to delete all subscriptions for the WhatsApp Business number.
After deleting all Webhook subscriptions for all WhatsApp Business numbers, I individually added the Webhook subscription for an APP to the WhatsApp Business numbers I desired.
Method: POST
URL: https://graph.facebook.com/{{VERSION}}/{{ID_WHATSAPP_BUSINESS_DESIRED}}/subscribed_apps
Headers: Bearer {{TEMPORARY_TOKEN_DESIRED_APP}}
To confirm if each WhatsApp Business number had the correct APP Webhook subscription, I checked the subscriptions for each number, as before.
Method: GET
URL: https://graph.facebook.com/{{VERSION}}/{{ID_WHATSAPP_BUSINESS}}/subscribed_apps
Headers: Bearer {{TOKEN_SUPREME or TOKEN_TEMPORARY_ANY_APP}}
Expected result for each WhatsApp Business number:
{
"data": [
{
"whatsapp_business_api_data": {
"link": "https://www.facebook.com/games/?app_id=ID_APP",
"name": "NAME_APP",
"id": "ID_APP"
}
}
]
}
I followed these steps to add different Webhook subscriptions for each WhatsApp Business number.