This guide provides a comprehensive walkthrough for resellers to configure the WhatsApp Embedded Signup feature within the BotSailor White Label Reseller Program. By integrating this feature, you can offer your clients a seamless, branded onboarding experience for their WhatsApp Business Accounts.
BotSailor’s Reseller Program empowers you to launch your own AI-powered chatbot SaaS business under your brand. We handle the technical complexities so you can focus on growth.
Key Program Benefits:
The WhatsApp Embedded Signup is a Meta-provided flow that allows your clients (end-users) to connect their WhatsApp numbers directly through your branded platform. They can create a new WhatsApp Business Account (WABA) and verify their phone number without ever leaving your dashboard or needing to access the Meta Developer portal themselves.
The setup process is divided into three main phases:
Before you begin, ensure you have the following prerequisites and assets ready.
Note: You must have completed your BotSailor Landing page setup before continuing. Please follow this guide: Customize Your Landing Page & Language Settings
On your app's dashboard, you need to add two essential products:
As soon as we click on the request for advance access, it will ask to provide a valid Privacy policy URL. Click on the Basic Settings from there. And put the privacy policy URL there. You will get the privacy policy from the Botsailor Settings -> WhatsApp.
Configuration Name: Give it a clear, descriptive name (e.g., WhatsApp Embedded Signup - PR).
Login Variation: Select WhatsApp Embed Signup from the dropdown. This is the most important setting.
Access Token Setting: Set this to Never. BotSailor's system will manage the tokens.
Note: If you are setting up without catalog permission, select only whatsapp_business_management and Whatsapp_business_messaging.
Visit https://business.facebook.com, go to your Business Portfolio settings, then select 'System Users' and create a system user.
Click on the user you created, then click assign assets, and grant full control to your WhatsApp app.
Choose the apps to grant full control and assign assets.
Select Catalog also if you're creating with catalog permission.
Select "Generate Token", choose your app, and proceed.
Select the permissions:"Business_management", "Catalog_management", "WhatsApp_business_management", "WhatsApp_business_messaging".
Then, click on the"Generate Token" and then copy the token to use into the Botsailor. You will get your generated token. Copy the token.
Once the configuration is created, you will need three key pieces of information from your app dashboard:
Field |
Description |
Source |
App Name |
The display name of your Facebook App. |
Your Facebook App |
App ID |
Your unique application identifier. |
Facebook App Dashboard |
Configuration ID (with Catalog) |
The Configuration ID. Use this field if you plan for clients to use WhatsApp Commerce catalogs. |
Facebook App Configuration |
Configuration ID (without Catalog) |
The Configuration ID. Use this if catalogs are not needed. (Typically, you can use the same ID in both fields). |
Facebook App Configuration |
App Secret |
Your application's secret key for authentication. |
Facebook App Dashboard |
User System Access Token |
A system user token generated from your Meta Business Settings. This token grants server-to-server API access. |
Meta Business Settings |
Click the Save button.
Your app is currently in "Development Mode," which means only you can use it. To allow your clients to onboard, you must submit your app to Meta for approval.
Request Permissions: In your Facebook App Dashboard, navigate to App Review → Requests. You will need to request Advanced Access for the following permissions:
Prepare a Screencast: Meta requires a screen recording demonstrating how the permissions will be used. Your video must clearly show:
Note: You must create separate videos for each of permission demonstration.
Submit for Review: Follow the on-screen instructions to provide a description for each permission and upload your screencast video.
For further information, please refer to our blogs listed below:
Set Up BotSailor Whitelabel: WhatsApp Embedded Signup Guide
Submit Meta App for Cloud API: BotSailor Whitelabel WhatsApp Signup
Important: As the admin, you must first manually connect a test WhatsApp number to your platform to record this screencast. Once your app is approved, you and all your future clients will be able to use the one-click Embedded Signup feature. For a detailed walkthrough of the app submission process, please refer to BotSailor's official documentation and support resources.
After everything has set up properly, you will see your WhatsApp Embedded Signup is working properly like this!
Q1: Do my clients need a Meta Developer account?
No. The entire purpose of Embedded Signup is to eliminate this requirement for your clients. They only need a Facebook account and a phone number.
Q2: Do I need a separate Facebook App for each client?
No. A single, approved Facebook App is used for all your clients. The Embedded Signup flow correctly associates each client's assets (WABA, phone number) with their own Meta Business Manager, keeping everything separate and secure.
Q3: Is the BotSailor platform visible during the client's onboarding?
No. If configured correctly, the entire experience is white-labeled. The client will only see your brand name, your app name, and the standard Meta login/permission screens.
Q4: What happens if my client's phone number is already used on the personal WhatsApp app?
They must first delete that account from the WhatsApp mobile app. A phone number cannot be registered on both the consumer app and the Business Platform simultaneously.
Q5: Can I control pricing and feature access for clients who connect via Embedded Signup?
Yes. As the reseller, you retain full control over pricing plans, credit allocation, message limits, and feature access through your BotSailor Reseller admin panel.
Q6: What if my app review is rejected?
Meta will provide feedback on why it was rejected. Common reasons include an unclear screencast, a broken Privacy Policy URL, or a requested permission not being demonstrated. Address the feedback and resubmit.