The purpose of the pub Whatsapp bot would be to chat with friends and family, by simply chatting back and forth through a webhook. The communication happens via a simple HTTP request initiated from Both ends. No need for any other communication protocols.
The Whatsapp Webhook API doesn’t support phone number verification via Phone Number, which is why we would need to build our own mechanism for verifying the user. This is something that needs to be done on both sides of the communication (Web Server and Mobile App), so two things need to happen:
- 1) Pub Whatsapp has a unique ID for the user that needs to be established on both sides
- 2) Both sides would need to verify this unique ID every time the user wants to chat with the bot.
We will use a simple Auth system (Auth0) for establishing our Webhook’s Unique ID (website username), and we’ll use Auth0 again to create a code (auth code for verifying the user on mobile).
How Pub Whatsapp Webhook API works?
Download pub Whatsapp’s API is an HTTP-based API that only supports GET requests. So, every time a user initiates a chat with our bot, a GET request is sent from the client to our server, which we use as the first step of verifying it’s really that useful.
Our bot will return some random string as a response (the auth code), and this same string will be required by the mobile app later on (inside Auth0). If the Mobile App makes another request with the same auth code as the response, we can be sure that it’s really that user, and this unique ID for the user is now established. So now we have a way of verifying both sides (with Auth0).
Whenever a request is made to our API by pub Whatsapp, it includes an ‘X-Whatsapp-Chatid’, which is the unique ID for that conversation. This helps us identify what chat to associate with.
We are using express on our backend, so the Express’s Request object has simple methods to access all of the properties sent by Whatsapp in their GET request (the User object). So, whenever a user initiates a chat with our API, we save the ‘X-Whatsapp-Chatid’ in our database for this user.
In order to make it easier for both Android and iOS to communicate with our API, we are using the request package for Node.js, which makes sending GET requests from NodJS super easy.
Once we receive and save the ‘X-Whatsapp-Chatid’, we automatically send a GET request to pub Whatsapp Webhook API (with Random Auth Code as a response) and provide our unique ID (which is actually the website username for this user, more on this later).
Whenever we receive a request with a random auth code as an HTTP response, we must make another request to the Whatsapp Webhook API (with our Auth Code as HTTP Response) so that it can be verified by Whatsapp.