This guide is for platform developers building applications on top of Chirp. If you just want to connect your own WhatsApp Business Account, use the dashboard method.
When to Use This Flow
Choose the redirect flow when:- You have a server-side application that can handle redirects
- You want a simple, well-understood OAuth-like pattern
- You need to support mobile apps with custom URL schemes
- You prefer server-side token exchange over client-side JavaScript
How It Works
- Create Session - Your server calls the Chirp API to create an embedded signup session
- Redirect User - Redirect your user to the session URL
- User Completes Signup - User authenticates with Meta and grants permissions
- Callback - User is redirected back to your
redirect_uriwith the result
Creating a Session
Use your Admin Key to create an embedded signup session:Session Response
Parameters
| Parameter | Required | Description |
|---|---|---|
redirect_uri | Yes | URL to redirect after completion. Supports HTTPS URLs and mobile app schemas (e.g., myapp://callback) |
state | Yes | CSRF token (max 512 chars). Returned unchanged in the callback |
metadata | No | JSON object (max 10KB) for storing your internal identifiers (e.g., externalUserId, businessName) |
prefill | No | Pre-fill configuration to auto-populate the Meta signup form. See Pre-fill Configuration below |
Pre-fill Configuration
You can pre-populate the Meta Embedded Signup form with business information to improve conversion rates. This is especially useful when you already have your user’s business details.Pre-fill Fields
| Field | Description |
|---|---|
business.name | Business name (max 255 chars) |
business.email | Business email address |
business.website | Business website URL |
business.phone.code | Country calling code (e.g., 1 for US) |
business.phone.number | Phone number without country code |
business.address | Business address with streetAddress1, streetAddress2, city, state, zipPostal, country |
business.timezone | IANA timezone (e.g., "America/Los_Angeles") |
phone.displayName | WhatsApp Business display name (max 512 chars) |
phone.category | Business category |
phone.description | Business description (max 512 chars) |
The
country field uses ISO 3166-1 alpha-2 codes (e.g., "US", "GB", "DE"). The pre-fill data is limited to 10KB total.Handling the Callback
After the user completes (or cancels) the signup, they’re redirected to yourredirect_uri with query parameters:
Success:
Error Codes
| Error Code | Description |
|---|---|
session_expired | The session URL expired (15 minute TTL) |
waba_already_connected | The WhatsApp Business Account is already connected to this organization |
meta_api_error | Error from Meta’s API during token exchange |
code_expired | The authorization code from Meta expired (30 second TTL) |
signup_failed | General signup failure |
Completing an Interrupted Session
If a user completes the Meta signup but the redirect fails (network error, browser closed, etc.), you can complete the session manually using the WABA ID:PARTNER_APP_INSTALLED webhook indicating the user completed signup on Meta’s side but didn’t return to your application.
Security Considerations
- Session Expiration - Sessions expire after 15 minutes
- One-Time Use - Each session can only be completed once
- HTTPS Required - Use HTTPS for your
redirect_uriin production - State Validation - Always verify the
stateparameter matches what you sent
Mobile App Integration
For mobile apps, use a custom URL scheme as yourredirect_uri: