To set up a permanent system user access token for WhatsApp Cloud API in Meta Business Manager, here’s the step-by-step process:
๐น Step 1. Go to Business Settings
-
Log in to Meta Business Manager.
-
From the left menu → Business Settings.
๐น Step 2. Create a System User
-
Under Users → System Users.
-
Click Add.
-
Give it a name (example:
MedicalSupplierz_API_User). -
Choose Role = Admin (so it has full permissions).
-
Save.
๐น Step 3. Assign Assets to the System User
-
After creating the system user, select it.
-
Click Add Assets.
-
Assign your WhatsApp Business Account (WABA).
-
Give it permissions:
-
whatsapp_business_messaging -
whatsapp_business_management.
-
๐น Step 4. Generate a Permanent Access Token
-
Still inside the system user, click Generate New Token.
-
Choose your app (the one connected to WhatsApp Cloud API).
-
Select permissions:
-
whatsapp_business_messaging -
whatsapp_business_management.
-
-
Generate token → it will look like:
EAAG...long-string...ZDZD
⚠️ Copy it immediately — Meta only shows it once.
๐น Step 5. Use the Token in Your Code
In your .env file:
WHATSAPP_ACCESS_TOKEN=EAAG...long-string...ZDZD
Use it in your API calls:
curl -i -X POST \
https://graph.facebook.com/v20.0/{{PHONE_NUMBER_ID}}/messages \
-H "Authorization: Bearer $WHATSAPP_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"messaging_product": "whatsapp",
"to": "965XXXXXXXX",
"text": { "body": "Hello from MedicalSupplierz!" }
}'
๐น Step 6. Token Lifetime & Refresh
-
System user tokens are long-lived (permanent), but they can be invalidated if:
-
You remove the system user.
-
You change business security settings.
-
-
Best practice: Store the token securely and rotate it periodically.
✅ After this, you’ll have a permanent token that won’t expire every 24 hours, unlike the test tokens.
No comments:
Post a Comment