April 14, 2026

How to Send OTP via WhatsApp API Complete Guide 2026

A practical, production-ready guide for developers using Nabda OTP – the fastest WhatsApp OTP solution in Iraq (+964) and Syria (+963) and other countries.

Why Nabda OTP is the best choice for Iraq & Syria

Nabda OTP gives you direct access to WhatsApp without dealing with official Business API templates or Meta approval delays. Just create an instance and start sending OTPs instantly.

What you need to get started

  • A Nabda OTP account
  • One or more active instances (each instance = dedicated WhatsApp number)
  • Instance-scoped token (Bearer token)
  • Server-side OTP generation logic

Step-by-step: Send OTP using Nabda OTP API

1. Create and Select an Instance

After creating an instance from the dashboard, you must select it to get the instance token: 

const res = await fetch("https://api.nabdaotp.com/api/v1/auth/select-instance", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ instanceId: "your-instance-id" })
});

const { accessToken } = await res.json();
localStorage.setItem("nadba-instance-token", accessToken);

2. Generate OTP on your backend 

function generateOTP() {
  return Math.floor(100000 + Math.random() * 900000).toString();
}

3. Send OTP via WhatsApp (Correct Endpoint) 

const token = localStorage.getItem("nadba-instance-token");

const payload = {
  phone: "+9647701234567",        // Iraq or +9639xxxxxxxx for Syria
  message: "Your Nabda OTP is 482917. Valid for 5 minutes."
};

const response = await fetch("https://api.nabdaotp.com/api/v1/messages/send", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": `Bearer ${token}`
  },
  body: JSON.stringify(payload)
});

if (response.ok) {
  console.log("OTP sent successfully via WhatsApp");
}

4. Verify the OTP on your server

Always verify the OTP on the backend (never trust the client).

Optional: Configure Webhook for Delivery Status 

await fetch("https://api.nabdaotp.com/api/v1/instances/webhook", {
  method: "PATCH",
  headers: {
    "Content-Type": "application/json",
    "Authorization": `Bearer ${instanceToken}`
  },
  body: JSON.stringify({
    webhookUrl: "https://yourdomain.com/webhook/otp",
    webhookEnabled: true
  })
});

Best Practices for Iraq & Syria

  • Use E.164 format: +96477xxxxxxxx or +9639xxxxxxxx
  • Keep OTP expiry between 3–8 minutes
  • Send bilingual messages when possible (Arabic + English)
  • Always include your brand name in the message
  • Monitor webhook events for sent, delivered, and failures

Troubleshooting

  • 401 Unauthorized → Make sure you selected the instance and using the instance token
  • Invalid phone → Must start with +964 or +963 or any other supported country code.
  • Message not received → Check that the instance is connected (QR code scanned)

Ready to start?

Create your first instance in seconds and start sending OTPs via WhatsApp today.

Get Started with Nabda OTP

Create Free Instance Now
← Back to All Articles