WhatsApp Business API Opt-In Requirements: Why You Can’t Message Customers Without Valid Consent
Before your WhatsApp Business API account sends a single business-initiated message, WhatsApp expects you to have collected valid opt-in from every recipient. This is step zero — and it is the step most businesses get wrong. Weak or improper opt-in is the quiet root cause behind dropping quality ratings, messaging restrictions, and account limitations that look, on the surface, like a “random” WhatsApp block.
What Counts as a Valid Opt-In
An affirmative, active action by the user
The user must take a deliberate step to opt in — ticking an unchecked box, tapping a button, sending a message, submitting a form, or scanning a QR code with a clear consent statement. Consent has to be given actively, not assumed. Passive or default consent does not satisfy the policy.
Your business name clearly disclosed
The opt-in must clearly state the name of the business that will be messaging the user, so the recipient knows exactly who is going to contact them. A generic “we’ll be in touch” with no identifiable business name behind it is not a compliant opt-in.
WhatsApp named as the channel
The user has to understand they will receive messages specifically on WhatsApp — not just vague “updates,” “notifications,” or “text messages.” If someone opts in expecting email or SMS and then receives a WhatsApp message, that opt-in does not cover the WhatsApp channel.
Clear message types and an opt-out path
Best practice — and in some markets an expectation — is to disclose the kind of messages the user will receive (for example order updates, appointment reminders, or promotions) and to give a clear way to unsubscribe. Your conversation flow must also honor opt-out actions such as a “STOP” keyword once the user is messaging you.
What Does NOT Count as Consent
Where You Can Collect Opt-In
On your website or checkout
An unchecked “Send me updates on WhatsApp” box during account creation or checkout — the highest-intent moment — is one of the strongest opt-in sources, because the customer is already engaged and identifying themselves.
Via forms, landing pages, and lead ads
A dedicated consent field on a form or a Click-to-WhatsApp ad flow works well, provided the consent language names your business and WhatsApp explicitly rather than relying on a generic “subscribe” label.
Through QR codes, SMS, email, or in-store
A QR code on packaging or in a physical location, a reply-to-confirm SMS, or an email with a clear WhatsApp opt-in link are all acceptable — each still has to record a genuine affirmative action from the user.
Keep proof of every opt-in
Because you are responsible for demonstrating consent, you should retain a record of when, where, and how each opt-in was collected. If WhatsApp reviews your account after complaints, being able to show the opt-in source matters.
What Bad Opt-In Practices Actually Cost You
Opt-in is only one of several gates that decide whether your WhatsApp Business API account stays healthy and can scale. For the full setup and approval path, see the WhatsApp Business API approval guide. If your account is already limited, the WhatsApp quality rating guide explains how the rating system reacts to consent and content problems. And for hands-on setup, review preparation, and account support, see the WhatsApp App Review service page.
Need Help Getting Your WhatsApp Opt-In and Account Right?
Compliant opt-in collection, template alignment, and account setup are what keep a WhatsApp Business API account healthy enough to scale. If your account is dropping in quality, getting restricted, or you’re setting up from scratch and want it done right the first time, get hands-on setup and review-preparation support.