Error
Webhooks
WhatsApp Inbound
Receives inbound WhatsApp messages from the Meta Cloud API. The request
is validated using the X-Hub-Signature-256 header (HMAC-SHA256 with
FB_APP_SECRET). The account is resolved by matching the WABA ID or
phone number ID from the payload against the integration collection.
Important: This endpoint always returns HTTP 200 to Meta, even on errors, to prevent Meta from disabling the webhook.
POST
Error
Headers
HMAC-SHA256 signature of the request body
Body
application/json
Response
200 - application/json
Webhook acknowledged (always returns 200)
Available options:
ok, ignored, signature_invalid, error