I apologize if my question is not strictly about a code issue, but I’m not sure where else to ask for help.

Using the WhatsApp Business API, I can create a catalog and have it displayed in the header of the WhatsApp Business number.

I can also upload products via the API, and these products do appear in the Commerce Manager catalog. However, they remain in the status ‘Item will be reviewed — This item will be reviewed before it can appear in ads or Shops to make sure it complies with our policies. If you've chosen to show this item anywhere, it'll automatically appear once it is approved. We'll let you know if there are any issues.’ for a very long time, sometimes days. And after all this time, they're still stuck in this status.

Below is a small PHP snippet I use to build the array that gets sent to Facebook’s endpoint for product creation, but that’s the only code involved. I haven’t received any notifications about policy compliance issues or anything else that might explain the delay.

$data = [     "name" => $name,     "currency" => "EUR",     "price" => $price,     "image_url" => $image_url,     "retailer_id" => $retailer_id,     "description" => $description,     "url" => $url,     "brand" => $brand ]; $headers = [     "Authorization: Bearer {$auth_token}",     'Content-Type: application/json' ]; POST https://graph.facebook.com/v17.0/<$catalog_id>/products 

I can assure you that all variables are defined, because even in the product detail window, all the data sent via POST is displayed.

Unfortunately, the only link I have to contact Facebook Business Support leads to a page that doesn’t help at all.

I’m wondering if this is a common issue people are currently facing. I’m not sure what else to try at this point.

Thank you for any help you can give me.

It seems that the usual use case when using Whatsapp business api is customers initiating conversations with a business from their personal Whatsapp account, and the business can reply with automated messages such as order status. But does it support the use case of customers using a chatbot on a website, then escalating to human support with agents who are using Whatsapp business? In other words, the API is being used to communicate with agents of the business, rather than their customers.

There seems to be a limitation that the Whatsapp user has to send the first message before the business can reply. This makes sense for the first use case where a customer will usually be initiating something like getting an order update, but not for the case where you want to send a question from a customer in the chatbot to the agent in Whatsapp.

Whatsapp business does support the idea of multiple agents dealing with conversations, but can these conversations be created with the API as if coming from customers?

I’m having trouble with my WhatsApp Cloud API setup. After several tests, it appears that outbound messages show a status of "accepted" in the API response, but the recipient phone never actually receives them. I also never see two gray ticks in WhatsApp—only one tick.

My Setup:

1. WhatsApp Business Account (WABA) ID: <WABA_ID>

2. Phone Number ID: <PHONE_NUMBER_ID>

3. App ID: <APP_ID>

4. Webhook URL: https://<MY_DOMAIN>/webhook (confirmed reachable).

When I run this command (example below), I get a 200 OK response with "message_status": "accepted":

bash

curl -X POST \\ "https://graph.facebook.com/v21.0/\<PHONE_NUMBER_ID\>/messages" \\ -H "Authorization: Bearer \<ACCESS_TOKEN\>" \\ -H "Content-Type: application/json" \\ -d '{ "messaging_product": "whatsapp", "to": "\<RECIPIENT_NUMBER\>", "type": "template", "template": { "name": "promo_prueba", "language": { "code": "es_MX" } } }' 

API Response:

{ "messaging_product": "whatsapp", "contacts": [ { "input": "<RECIPIENT_NUMBER>", "wa_id": "521XXXX" } ], "messages": [ { "id": "wamid...", "message_status": "accepted" } ] } 

Despite the "accepted" status, the message never appears on the recipient phone. Also, when I try to send a WhatsApp message from another phone to this new Cloud API number, it only shows one gray tick (never delivered).

What I’ve Tried So Far:

1. Webhook / Event Subscription

   • Confirmed subscribed_fields are ["messages", "statuses"].

   • Webhook works for my “test” number (a Meta-provided test number), but not for this newly added business phone.

2. Verified the Phone Number

   • The Graph API shows "code_verification_status": "VERIFIED".

   • Within Meta Business Suite, I see the number listed with a status that appears connected.

3. Removed & Re-Added the Number

   • I tried disconnecting the number in the Business Manager, waiting a bit, and re-verifying. Same result: messages are “accepted” but not delivered.

4. Checked for Conflicts

   • The number isn’t being used in a personal WhatsApp or another WhatsApp API.

Symptoms / Question:

• Outbound: “Accepted” by the API, no actual delivery.

• Inbound: A different phone sending a message to this Cloud API number only gets one gray tick—never delivered.

Has anyone dealt with a partially activated or “stuck” WhatsApp Cloud API number? Any advice on what else to check?

Thanks in advance for any suggestions! Let me know if you need more logs (with sensitive info removed) or additional details.

I want to print dynamic multiline text in whatsapp messages. The messages are sent via Facebook Graph API. I have used the \\n character to insert a new line. See request below.

Request:

POST https://graph.facebook.com/v20.0/XXXXXXXXXXXXXXXX/messages Content Type: application/json; charset=UTF-8 Body: {"messaging_product":"whatsapp","to":"XXXXXXXXXXX","type":"template","template":{"language":{"code":"en"},"name":"order_updated_message","components":[{"type":"body","parameters":[{"type":"text","text":"Jon Doe"},{"type":"text","text":2},{"type":"text","text":" *1. Wrapped Plate, 8 in | 1 Pc*\\nRate: 3.000\\nQty: 8000\\nAmount: 24000.00\\n\\n *2. Bottle Brush | 1 Pc*\\nRate: 18.644\\nQty: 11\\nAmount: 242.00"},{"type":"text","text":24242.00},{"type":"text","text":"John Lee"},{"type":"text","text":"+91XXXXXXXXX"}]}]}} 

The request succeeded till a few days ago, but then kept failing. See the failure response below.

Response:

HTTP Status: 400 Bad Request {     "error": {         "message": "(#100) Invalid parameter",         "type": "OAuthException",         "code": 100,         "error_data": {             "messaging_product": "whatsapp",             "details": "Param text cannot have new-line/tab characters or more than 4 consecutive spaces"         },         "fbtrace_id": "XXXXXXXXXXXXXXXXXXXX"     } } 

If I remove the \\n character, the request succeeds. So Im assuming the failure is caused by \\n itself.

I also tried replacing \\n with the following:

• \n --> same error
• \u000A --> same error
• %0A --> character displayed as it is. (No new-line)

Can you tell me what has gone wrong?

Note: The message body contains our customer's ordered items. The number of items can vary by order and hence the number of lines can vary in each message. Thus, I cannot add new lines in the message template.

The issue

I am trying to setup a flow with WhatsApp Business API but am unable to complete the decryption of the key as part of the endpoint healthcheck.

I get this error: Encryption/decryption failed

in decrypt_request     aes_key = private_key.decrypt(encrypted_aes_key, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) ValueError: Encryption/decryption failed. 

How to reproduce the issue

Below are the steps I followed, as per the docs here and here:

1. Set up the flows endpoint.

2. Generate 2048-bit RSA Key Pair.

openssl genrsa -des3 -out private.pem 2048 

The key looks like this:

-----BEGIN ENCRYPTED PRIVATE KEY----- AAA........ BBB.... .... -----END ENCRYPTED PRIVATE KEY----- 

1. Export the RSA Public Key to a file:

openssl rsa -in private.pem -outform PEM -pubout -out public.pem 

1. Set business public key.

curl -X POST \   'https://graph.facebook.com/v21.0/PHONE_NUMBER_ID/whatsapp_business_encryption' \   -H 'Authorization: Bearer ACCESS_TOKEN' \   -H 'Content-Type: application/x-www-form-urlencoded' \   --data-urlencode 'business_public_key=-----BEGIN PUBLIC KEY----- AAA BBB CCC -----END PUBLIC KEY-----' 

1. Create encryption/decryption code:

import json import os from base64 import b64decode, b64encode from cryptography.hazmat.primitives.asymmetric.padding import OAEP, MGF1, hashes from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes from cryptography.hazmat.primitives.serialization import load_pem_private_key from fastapi import HTTPException, Request import logging # Load the private key string # PRIVATE_KEY = os.environ.get('PRIVATE_KEY') PRIVATE_KEY_PATH = "./private.pem" with open(PRIVATE_KEY_PATH, "rb") as pem_file:          PRIVATE_KEY = pem_file.read().decode("utf-8") async def data(request: Request):     try:         # Parse the request body         body = json.loads(await request.body())         logging.info(f"body = {body}")         # Read the request fields         encrypted_flow_data_b64 = body['encrypted_flow_data']         encrypted_aes_key_b64 = body['encrypted_aes_key']         initial_vector_b64 = body['initial_vector']         decrypted_data, aes_key, iv = await decrypt_request(             encrypted_flow_data_b64, encrypted_aes_key_b64, initial_vector_b64)         print(decrypted_data)         # Return the next screen & data to the client         response = {             "screen": "SCREEN_NAME",             "data": {                 "some_key": "some_value"             }         }         # Return the response as plaintext         return await encrypt_response(response, aes_key, iv)     except Exception as e:         print(e)         raise HTTPException(status_code=500, detail="Internal Server Error") async def decrypt_request(encrypted_flow_data_b64, encrypted_aes_key_b64, initial_vector_b64):     flow_data = b64decode(encrypted_flow_data_b64)     iv = b64decode(initial_vector_b64)     # Decrypt the AES encryption key     encrypted_aes_key = b64decode(encrypted_aes_key_b64)     private_key = load_pem_private_key(         PRIVATE_KEY.encode("utf-8"), password=os.getenv("PASSPHRASE").encode('utf-8'))     aes_key = private_key.decrypt(encrypted_aes_key, OAEP(         mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None))     # Decrypt the Flow data     encrypted_flow_data_body = flow_data[:-16]     encrypted_flow_data_tag = flow_data[-16:]     decryptor = Cipher(algorithms.AES(aes_key),                        modes.GCM(iv, encrypted_flow_data_tag)).decryptor()     decrypted_data_bytes = decryptor.update(         encrypted_flow_data_body) + decryptor.finalize()     decrypted_data = json.loads(decrypted_data_bytes.decode("utf-8"))     return decrypted_data, aes_key, iv async def encrypt_response(response, aes_key, iv):     # Flip the initialization vector     flipped_iv = bytearray()     for byte in iv:         flipped_iv.append(byte ^ 0xFF)     # Encrypt the response data     encryptor = Cipher(algorithms.AES(aes_key),                        modes.GCM(flipped_iv)).encryptor()     return b64encode(         encryptor.update(json.dumps(response).encode("utf-8")) +         encryptor.finalize() +         encryptor.tag     ).decode("utf-8") 

1. Trigger the health check from https://business.facebook.com/latest/whatsapp_manager/flows

Can someone tell me what I'm doing wrong?