Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
whatsapp-cloud-api-express
Advanced tools
Readme
A set of Node.js and Express.js functions for sending/receiving Whatsapp messages using the Whatsapp Cloud API.
All features in here, plus:
🔥 Added a way to listen for message status changes in messages. This allows to listen for delivered
, failed
, read
,... statuses on the sent messages.
🔥 Added sendReaction
function to react to a message.
🔥 Added the ability to reply to a message.
🔥 Made the webhook able to run on serverless environments (like Google Cloud Functions).1
🔥 Don't get hacked (receive fake messages that your users never sent): you can provide your facebook app secret so the library will make sure all messages come from facebook servers.
✅ Added to_phone_number
so you can identify which of your whatsapp phone numbers was destined to receive the message, this is useful if you have multiple whatsapp numbers on the same facebook app.
✅ Added support for type button
in incoming messages. Which is generated when the user "replies" from a template button.
✅ Added a logging callback for each message sent so you can log each sent message easily.
✅ Changed the architecture so we can use the webhook (reciever) and the sender separately.
✅ Added 'parameters' type for template header component.
npm install whatsapp-cloud-api-express
You can use this library only to send Whatsapp messages or only to receive Whatsapp messages or you can do both.
Beforehand you should get some values from the Facebook developers website, you can use the part (1) of this amazing tutorial by @tawn33y.
The webhook part of the API is implemented as an express router. The webhook is the part that allows you to listen for new messages incoming to your bot. You can use it like this:
app.use(
'/webhook/whatsapp', // you can change this path to whatever you want,
// but make sure to change it on the Facebook Developer Console too
getWebhookRouter({
// fill your own values here:
webhookVerifyToken: process.env.WHATSAPP_WEBHOOK_VERIFICATION_TOKEN ?? '',
onNewMessage,
appSecret: 'your_facebook_app_secret', // optional, you can set null
onStatusChange, // optional
logAllEntrantRequests, // optional
})
);
Don't forget to start the express server with app.listen(3000)
(you can change the port of course) in case you are not using a serverless environment.
You will need to verify the webhook with Facebook. You can either deploy this to a server or deploy locally and use ngrok, the @tawn33y tutorial above has a section about using ngrok and verifying.
This library has been tested on v15.0, v17.0 and v18.0 of the webhook Cloud API.
First, create a sender like this:
const sender = createMessageSender(
// fill your own values here:
process.env.NUMBER_ID ?? '',
process.env.ACCESS_TOKEN ?? ''
);
To send a message you can check this guide (omit createBot
, startExpressServer
and on
as those were removed here). You can find some examples in there too.
Here is an "almost complete" example of the integration using Google Cloud Functions and Firestore to display the messages using this: https://gist.github.com/j05u3/b3ad1d5d9106a918941587e03c1919b1, let me know if you have any questions/doubts ✌️.
I built monaguillo.org using this library. If you have built something with this library and want to share it, let me know and I can add it here 💪.
I also built an open-source chats visualization frontend here that you can use to visualize your chats, it's compatible with this library ✌️.
If you are using serverless I suggest to set min instances (in Google Cloud Functions) or reserved concurrency (in AWS) to at least 1 (~4 USD or less in monthly cost) so your bot responds fast without being affected by cold starts.
In the webhook if you are not providing your facebook app secret (appSecret
) then at least make sure to only allowlist the Facebook IPs in your serverless environment. See here for the IPs.
Make sure your onNewMessage
function resolves in a 'reasonable time'. Not sure how long yet, but in a project where we were sleeping one minute Whatsapp servers started retrying the call to the webhook.
If you make local changes to this repo and then want to test your local version in your own project you can use npm run build
and then npm pack
in the root of this repo, it will generate a .tgz
file that you can copy to your project next to your package.json
and in your package.json
you can add the dependency like this:
"dependencies": {
"whatsapp-cloud-api-express": "file:./whatsapp-cloud-api-express-1.0.1.tgz"
}
Don't forget that serverless environments like Google Cloud Functions only upload files in the folder in which your package.json
is, so you better place the .tgz
file next to it if you want to deploy it to a serverless environment.
This project was based on https://github.com/j05u3/whatsapp-cloud-api which is a fork of https://github.com/tawn33y/whatsapp-cloud-api. Thanks to @tawn33y and the community for the hard work.
This project was started using the template: https://github.com/ryansonshine/typescript-npm-package-template.
This is because on the webhook now we wait for callbacks to finish before the response is sent (sendStatus
), this was done because on serverless environments code is not guaranteed to be kept alive after the response is sent. ↩
FAQs
A set of Node.js and Express.js functions for sending/receiving messages using the Whatsapp Cloud API. Contains typescript declarations.
The npm package whatsapp-cloud-api-express receives a total of 2 weekly downloads. As such, whatsapp-cloud-api-express popularity was classified as not popular.
We found that whatsapp-cloud-api-express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).