Custom Salesforce WhatsApp Integration: A Complete Tutorial

In 2010, WhatsApp was released and quickly took over the messaging world throughout the decade. Since then, the team has continuously added new functionalities, and today, the application has over two billion monthly active users. WhatsApp was acquired by Facebook and has since merged within its ecosystem.

WhatsApp messaging was integrated back in 2022, enabling businesses to chat with customers and solve their cases. Currently, this is possible by having special Service Cloud licenses through its Digital Engagement add-on. The functionality is out-of-the-box and only serves the service contexts, with no possibility to change the behaviour.

Sadly, the standard WhatsApp integration isn’t customizable. Imagine needing to add the chat to a custom object layout, or creating a lead from a particular conversation after a campaign. Good news for us is that Meta has us covered and provides APIs for developers.

Custom Solution

In order to communicate with the Meta’s servers and integrate the two solutions together, we will need:

• Meta developer profile
• WhatsApp application
• WhatsApp test number (provided by Meta) and WhatsApp number
• Salesforce Developer Edition
• ESB: MuleSoft, Azure Logic App, AWS, etc. (optional, but recommended for additional security)

The communication between Salesforce and Meta’s servers involves a basic API call:

• Salesforce calls the Meta API with a specific payload (in our case, we will be sending a text message, but Meta supports sending media, contact cards, etc.)
• Meta sends an API to a specific endpoint (callback URL) once a message is sent to the test number ( triggers such as message sent, security code, status, etc. are configured)

Meta Configuration

• To start, head to Meta for Developers.
• Create your app.

• Fill in your application name and email address (mine was WA Messaging).
• In the Use Case path section, select “Other”, and on the next screen, select “Business”.
• Finally, create your application. Meta may ask for your password.
• Meta will redirect you to your application’s home page. Select “Set Up” in the WhatsApp section.

• Select your business portfolio. If you don’t have one, create one.
• On the left-hand side menu, navigate to WhatsApp → API Setup.
• Follow the instructions to create a test number and add your personal number (the number that you will use to send and receive messages on your personal phone). Meta will send you a WhatsApp message with a code to confirm your identity.
• On the left-hand side menu, click WhatsApp → Configuration. Here, you specify what triggers the API callback from Meta to your desired endpoint (in our case, Salesforce). For this example, we will choose “messages” – check the box to enable the message trigger.

• Now you can test the out-of-the-box Meta API by sending a test template to your phone number (WhatsApp → API Setup). You can also create a test webhook to check your replies via Glitch. We will not go into details for this section, but you can test it here.

Salesforce Configuration

• We will configure the remote site: FacebookApi → https://graph.facebook.com.
• Next, we will add the Facebook token used to make the calls (the token for the test API is valid for 24 hours).
• Navigate to WhatsApp → API Setup and click on “generate access token”.

• Create a new Custom Label in Salesforce and add the token.
• Create another Custom Label to store your WhatsApp Business number used (Phone Number ID).

• The following APEX code of the class WhatsApp_Webservice_UTL, found in the appendix section, sends a message from Salesforce to your personal number configured in the Meta API setup.
• Now you are ready to send messages from Salesforce to a WhatsApp number, whether it’s to notify the client, send promotions, direct conversation, etc. The possibilities are endless. I personally created an LWC that sends messages from an account.

Callback Configuration

As per Meta’s callback, like any other big third-party integrator, it cannot develop a specific code for each application. So, when Meta wants to send a message to an endpoint, it calls one URL with the possibility of adding a layer of security (client certificate generated in Salesforce for Meta). We can also achieve this by using an ESB. I will explain both scenarios. But first, let’s create the API that is called by Meta in Salesforce.

The API works like a webhook. There are two methods in the class: one GET and one POST.

The GET method is used to validate the endpoint, and the POST is used to send the message. The GET method returns a specific value to indicate the legitimacy of the endpoint to the server. The code was converted from a JS Webhook from Glitch into APEX.

As mentioned, the webhook can be configured either on Salesforce or on an ESB.

No ESB Solution

In the absence of an ESB, OAuth 2.0 is not an option. The only way in Salesforce is to expose the API via a public site (force.com), and the call is made with an anonymous user. There are security concerns, as exposing the API is not something that is accepted, but you can add a client certificate in the callback.

• First, you need to create the Apex class that acts as a webhook: WS_Webhooks_Callback_Handler in the appendix.
• Next, navigate to Salesforce Setup → Sites and create a new site. Name your endpoint as you desire.
• Once your site is created, navigate to Public Site Settings.

Make sure to only give access to your Webhook Apex class and, depending on your business needs, access to other objects. However, it is not recommended in this case.

Your site is now created and ready.

Now, go to your Meta application: WhatsApp → Configuration. You will need to paste your API’s endpoint in the Callback URL input. The token can be set to whatever you want, or you can set it yourself, but make sure to add it in the APEX class in the GET method to add a layer of security.

  if(mode.equals('subscribe')) && token.equals('verify_token')) {    
                response.statusCode = 200;
                response.responseBody = Blob.valueOf(challenge);
            }else{                
                response.statusCode = 403;
            }

The configuration can be as shown below.

For my example, I won’t be using a certificate, but you should add it when you deploy to production.

The final architecture design will be as follows:

ESB Solution

Having an ESB is recommended in that case, since it helps secure the connection between Salesforce and Meta. It can also log the incoming messages and do some retries in case of message delivery failures. Additionally, it has a native Salesforce connector, so you can easily and securely call the callback API.

In that scenario, you will need to create a Webhook in the ESB and expose it to Meta, using the same logic as in the Apex class. Secure your connection with Meta using a client certificate and filter the incoming IPs to Meta’s IPs.

In Salesforce, the callback Apex class will be the same but without the GET method, and your force.com site will not be needed.

The final architecture is as follows:

Summary

The project was interesting to me as I discovered many things that are possible in this Salesforce integration. I was able to manipulate the code and adjust the way the two entities communicated to meet my personal needs.

To finalize the process, you will need to get a production number from Meta, discuss the fares for message communication, and get a permanent token for your application.

To view all relevant code for completing this WhatsApp integration, please refer to GitHub.