← All Articles

WhatsApp Platform Updates and
Best Practices to Keep Your Account Secure

May 09, 2024 — by 360dialog Communications Team

Dear Partner,

We bring you important updates regarding the WhatsApp Business API, including Per-user Marketing Message Limit and Template Pacing for Utility messages, Cloud API availability for Turkey numbers, and moreover, best practices to maintain account security.

Should you have any questions, feel free to reach out to our Support Team.

Per-User Marketing Template Message Limits

As part of the commitment to keep WhatsApp Platform a high-quality space for people to engage with businesses, starting May 23 2024, Per-User Marketing Template Message limit will be rolled out globally.

The policy sets a limit on the number of marketing conversations a user can receive from any business over a specific timeframe. This only applies to marketing template messages that would normally open a new marketing conversation. If a marketing conversation is already open between you and a WhatsApp user, marketing template messages sent to the user will not be affected.

Note that the limit is determined by Meta and is based on the number of marketing template messages that person has already received from any business, and is not related to your business specifically.

See our documentation for more details.

This means that businesses should ensure that messages are targeted to the right audience and that the contacts are expecting their messages. Check out our documentation for Best Practices for sending campaigns.

To understand more about these limits and how to adapt strategies, read our blog post on this subject.

Template Pacing for Utility Templates

Meta is actively investing in improvements to ensure that the WhatsApp platform remains a high-quality space for people to engage with businesses. Last year, ‘template pacing’ was introduced for marketing messages as a new way to help businesses improve the engagement of their templates and create valuable user experiences. Template pacing proactively gathers real-time user feedback on a limited sample of recipients before scaling the template to a wider audience.

From May 2024 onwards, template pacing will expand to include Utility messages.

Utility templates are subject to pacing only if you have had a Utility template paused. Once a utility template has been paused, newly created templates, paused templates that are unpaused, and templates that may have been created previously but don’t have a green quality rating are subject to pacing for the next 7 days.

See our documentation for more details.

Cloud API available for Turkey Numbers

We are happy to announce that the limitation on Cloud API in Turkey will be lifted in the upcoming weeks, with a launch date for before the end of May.

Additionally, we would like to remind you that starting May 15, 2024, 360dialog will no longer allow phone number registration in the On-premise API. If you were waiting for availability in Turkey to adapt your integration to support Cloud API, you should start working on it right now to make sure you will be able to onboard numbers in the near future.

See our ultimate guide for supporting Cloud API.

In case you still have any concerns or limitations about your integration with Cloud API, please reach out us and we will work together to adapt to this new reality.

Best Practices for Account Security

There are several risks involving the security of your 360dialog and WhatsApp accounts, with password security being one of the primary concerns. Keeping accounts secure is important to protect sensitive information and prevent unauthorized access.

Here are some best practices to follow:

  1. Protecting API Keys

    API keys serve as the gateway for operating the WhatsApp Business API through 360dialog and should be treated as sensitive information. Always store them securely and never expose them in public repositories or client-side code. Remember, only the latest generated API key will work.
  2. Securing your Software Infrastructure

    Apart from API keys, robust security measures for your software infrastructure are essential. Regularly update and patch servers, implement firewalls and intrusion detection systems to protect against unauthorized access attempts.
  3. Managing Partner Users

    Maintain strict control over user access to your Partner Account to prevent unauthorized activities. Regularly review the users who have access to your 360dialog Partner Account to ensure only authorized personnel have access rights.

    You can request the removal of users to our Support Team anytime to guarantee account security. See our documentation for more details.
  4. Monitoring Account Compliance

    Compliance with WhatsApp Commerce or Business Policies is crucial for account integrity. Regularly monitor registered accounts created under your Partner Hub to identify and address any policy violations or irregularities proactively. You can use the Partner API for this.

    By monitoring webhooks, you can stay up-to-date with policy restrictions and address any flagged issues promptly. Meta also sends email notification alerts for template and account status changes, so it’s essential to act upon receiving such emails to avoid further complications.

Responding to Compromised Account

At 360dialog, we take security very seriously. We have strict policies in place to ensure the integrity of our services and the safety of our clients. Our system swiftly responds to any fraudulent behavior by temporarily disabling template messaging from flagged WABAs or terminating accounts with immediate effect if necessary.

n the unfortunate event of an account compromise, rapid action is essential. Here is what you can do:

  1. Once the issue is identified, reset the API Key immediately to prevent unauthorized messages.
  2. Notify the client and assess the impact. If you require assistance, our Support Team is available to help.
  3. Refrain from sending messages from the compromised WABA. Send messages only from trusted accounts to avoid risking a ban from the WhatsApp Business Platform.
  4. Reset the 2FA of the WhatsApp Account with OTP verification for added security.
  5. Resume messaging after a period of time, once the account is secured, with the newly generated API key.

In essence, proactive measures, diligent monitoring, and rapid response protocols form the foundation of effective security practices. If you need any assistance or support regarding account security, please don’t hesitate to reach out to our Support Team promptly.

Become a Partner

WhatsApp Business API built for ISVs and System Integrators

Integrate WhatsApp API into your solution

Manage all clients’ accounts in one place

Turn WhatsApp into a revenue-generating channel

Get started