Skip to main content

Getting started

Connect WhatsApp Business

The official walkthrough of Trinetra's Meta Embedded Signup flow — what's asked, what's stored, how to disconnect, and how token health works.

Updated

Before you start

You need three things to connect a WhatsApp number through Trinetra:

  • A Meta Business Manager account (free at business.facebook.com).
  • A WhatsApp Business Account — Meta calls this a WABA, the short name we use through the rest of this article — under that Business Manager. You can create one inside the Meta sign-in flow below if you don't have one yet.
  • A phone number that isn't already registered to the consumer WhatsApp or WhatsApp Business apps. If it is, delete the account on that phone before adding it to the Cloud API.

Trinetra connects to WhatsApp Business Cloud API — the same product Meta sells directly. The number you connect remains yours; you can disconnect any time and the number stays usable for business communication.

The Meta sign-in flow (Embedded Signup)

Go to Settings → WhatsApp Business in Trinetra. Tick the consent disclosure (it lists who sees what data and why — read it once before you tick) and click Connect WhatsApp Business. A pop-up opens on Meta's own domain — Meta calls this flow “Embedded Signup”. From here on, you're on Meta's screens, not Trinetra's — we don't see what you type until you click Allow.

The screens Meta shows you:

  1. Continue as <name> — confirm the Facebook account you want to authorise from.
  2. Pick a Business Manager — if you have more than one, pick the one that owns this WhatsApp number.
  3. Pick or create a WABA — you can attach to an existing WhatsApp Business Account or create a new one inline.
  4. Pick a phone number — enter the number, receive an OTP on SMS or voice, and verify it.
  5. Authorise Trinetra — Meta shows the scopes Trinetra is asking for. Review them and click Allow.

When you click Allow, the pop-up closes and the Trinetra Settings card flips to Live with a green pill. If something failed in Meta's flow (you closed the window, the OTP timed out, the number was already registered), the Trinetra card explains what to fix and lets you retry.

What Trinetra stores after consent

  • WhatsApp Business Account ID (e.g. 1234567890) — safe to display, not a secret.
  • Phone number ID — the WhatsApp Cloud API identifier for your specific number.
  • Access token, encrypted at rest with AES-256-GCM (the same bank-grade encryption your UPI app uses) and a per-business derived key. The token is the credential that lets Trinetra send and receive on your behalf; the encryption envelope makes a database breach insufficient to use it.
  • Token expiry timestamp — so we can surface a “Reconnect” banner before it expires.
  • A consent ledger row — an immutable audit record of when you clicked Connect, from which IP, on which document version. This is your DPDP §11 evidence of consent.

What Trinetra cannot do with the token

The token is scoped by Meta to the WhatsApp Business API for your selected WABA and phone number. It does not grant Trinetra:

  • Access to any other WhatsApp number under your Business Manager.
  • Access to your Facebook profile, Instagram, Ads or any other Meta product.
  • The ability to change billing, payment methods or account ownership.
  • Your old WhatsApp messages from before you connected — the Cloud API does not expose pre-connection message history, so only messages from Connect onwards appear in Trinetra.

Trinetra cannot send marketing template messages without your active consent on the consent ledger row. When you disconnect, that consent is timestamped as revoked.

How to disconnect

Go to Settings → WhatsApp Business → Disconnect. A confirmation modal explains the consequences:

  • Trinetra calls Meta's API to revoke the token at Meta's end.
  • The encrypted token bytes are overwritten in our database (crypto-shred).
  • New inbound messages stop reaching the Trinetra Inbox.
  • Your existing conversation history stays in your inbox — useful if you want to keep the CRM and switch the WhatsApp connection separately.

Disconnect is reversible — click Connect again whenever you want and you'll go through Meta's sign-in the same way. If you want every trace removed (history, contacts, billing records subject to legal retention), use Delete your account & data instead.

Token expiry and reconnection

Meta access tokens can expire (depending on the token type you consented to). Trinetra runs a periodic health-check cron that pings Meta's /debug_token endpoint and surfaces a warning banner on the dashboard well before the token actually expires. If you ignore the banner long enough that Meta revokes the token, the Settings card flips to Expired and the fix is one click: hit Reconnect and re-do Meta's sign-in. Your contacts and history survive the reconnection.

Common problems

“That number is already registered”

Meta will refuse a phone number that's currently logged in to the consumer WhatsApp or the standalone WhatsApp Business app. On the phone that holds the number, open the app, go to Settings → Account → Delete my account, delete, and try Embedded Signup again.

“Meta can't verify this business”

Meta sometimes requires Business Verification on a Business Manager before it allows Cloud API access. The path is in Meta Business Manager → Settings → Security Centre → Start Verification. Trinetra cannot do this step for you; it's an account-level Meta check.

“Stuck on Connecting”

If the Trinetra card sits on Connecting for more than a minute, refresh the Settings page. Trinetra runs a periodic background sweep that resets cards stuck mid-flow; if that doesn't clear it, message us and include the time of the attempt.