Skip to content

WhatsApp and Meta Setup

The integration uses Meta Graph API v25.0, a public WordPress webhook, HMAC request signatures, and the active SmartSite assistant.

WhatsApp setup joins three systems: the public WordPress REST webhook, a Meta app and phone-number resource, and the SmartSite response service. Meta first verifies the callback with your chosen Verify Token. It then signs each POST body with the App Secret; SmartSite validates that signature before reading the text, marking it read, producing an answer, and sending one or more Graph API reply messages.

Work through this page by starting when you copy the displayed webhook url ending in /wp-json/smartsite/v1/webhook/whatsapp. Finish by making sure you send a text message and verify reply, mark-read behavior, logging, and security checks; if that check fails, the field descriptions help identify whether the problem belongs to content, behavior, transport, or operations.

Connect a Meta app and WhatsApp Business phone number after the site is reachable over HTTPS.

Use this feature in the following situations:

  • You are connecting a Meta WhatsApp test or production number to SmartSite.
  • Meta can reach WordPress but webhook verification, signatures, or reply delivery still needs configuring.
  • You want the optional WhatsApp link to appear on the website widget’s landing screen.
WordPress locationWordPress Dashboard → AI Website Chat → Channels → WhatsApp → Configure
  • SmartSite Assistant is installed and activated.
  • You are signed in with an account that can manage WordPress options.
  • A Meta app with WhatsApp product access and an approved/test phone setup.
  • A public HTTPS WordPress REST URL reachable by Meta.
  • A secret manager for the access token, app secret, and verify token.
  1. Copy the displayed webhook URL ending in /wp-json/smartsite/v1/webhook/whatsapp.
  2. In Meta, configure that callback URL and subscribe to message events.
  3. Create a strong Webhook Verify Token and enter the identical value in Meta and WordPress.
  4. Enter Phone Number ID (6–24 digits), Access Token, and App Secret (32 hexadecimal characters).
  5. Optionally enter Business Account ID; the current runtime does not otherwise use it.
  6. Optionally enter the public WhatsApp phone number using country code and digits without + for the website landing link.
  7. Save, run Test Connection, then Enable.
  8. Send a text message and verify reply, mark-read behavior, logging, and security checks.

These values connect one Meta phone resource to the plugin and protect incoming webhook traffic. Correct identifiers and credentials make delivery possible, while the public phone number only creates the visitor link. None of them improves answer quality directly: WhatsApp receives better replies only when the active assistant, knowledge, and tools are already well configured.

Fields, controls, and important values
Field, control, or statusWhat SmartSite Assistant does with itHow to use it and why it matters
Phone Number ID Required 6–24 digit Meta phone resource ID. Copy the 6–24 digit phone-resource identifier from the Meta app configuration, not the human-readable WhatsApp number. The plugin uses it in Graph API requests, so an ID for another number sends or tests against the wrong resource.
Business Account ID Optional stored field; not used in the current message flow. Store the matching WhatsApp Business Account identifier only for configuration records or future use. The current message flow does not read this field, so changing it cannot fix connection or delivery failures.
Access Token Required bearer token for Meta Graph calls. Paste the Meta bearer token authorized for the configured phone resource. Protect and rotate it like a password; the connection test can validate Graph access, but incoming webhook verification and signatures require separate fields.
App Secret Required 32-character hexadecimal secret used to validate X-Hub-Signature-256. Paste the 32-character hexadecimal secret for the same Meta app. The plugin uses it to verify the SHA-256 signature on incoming POST webhooks, so a mismatch causes real events to be rejected even if outgoing Graph calls work.
Webhook Verify Token User-defined shared value required for Meta GET webhook verification, even though the UI does not mark it required. Create a strong private value and enter the identical value in Meta’s webhook setup. Meta sends it during the GET challenge; it is required by the implementation even though the current UI does not visually mark it required.
WhatsApp Phone Number Optional digits with country code and no plus sign; creates the public wa.me link on the widget landing screen. Enter the public number as country-code digits without a plus sign. This creates the visitor-facing wa.me link on the widget landing screen; it is not used instead of Phone Number ID for Graph API calls.
Message length Replies are split into chunks of at most 4,096 characters at paragraph, sentence, or word boundaries. No administrator field changes the 4,096-character chunk size. Expect long responses to be divided at readable boundaries, and test a long synthetic answer so downstream ordering and readability are acceptable.

Confirm WhatsApp and Meta Setup with the smallest representative end-to-end test. When the result differs from the success description, keep the exact input and state so troubleshooting can identify the responsible layer without changing unrelated AI settings.

Enter 385XXXXXXXXX—not +385…—for the optional public link, while using the separate numeric Phone Number ID for API calls.

  • Change one part of WhatsApp and Meta Setup at a time and keep a short record of the previous value and test result.
  • Verify the saved result in the screen, visitor session, or connected service that actually consumes the setting.
Common problems and focused checks
ProblemWhat to check and what to do next
Meta cannot verify the webhook. Confirm public HTTPS reachability and that the identical nonempty Verify Token is stored on both sides.
Signed POST is rejected. Confirm the App Secret belongs to the same Meta app; the plugin validates X-Hub-Signature-256 against the raw body.
WhatsApp and Meta Setup is missing or does not match this guide. Confirm the plugin is active and the account can manage WordPress options. Test Meta connection, webhook verification, signed delivery, and the shared AI pipeline as separate stages.
A change on WhatsApp and Meta Setup does not produce the expected result. Keep the exact notice and test case, then review the browser console and WordPress/PHP log. Test Meta connection, webhook verification, signed delivery, and the shared AI pipeline as separate stages.
WhatsApp and Meta Setup
Capture
Show the WhatsApp configuration panel with all secret fields masked, the webhook URL visible, and fictional numeric IDs.
Show
Webhook URL, Enable, Phone Number ID, Business Account ID, masked Access Token/App Secret, Verify Token, public phone, Test Connection
Viewport
Desktop, 1440 × 900
Annotate
Use numbered callouts only for controls referenced in the procedure.
Redact
OpenAI keys, tokens, secrets, personal information, private URLs, IP addresses, and conversation text