<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Raphael Serafim</title>
    <description>The latest articles on DEV Community by Raphael Serafim (@raphaelvserafim).</description>
    <link>https://dev.to/raphaelvserafim</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2047117%2Fef21608b-3870-4f05-8296-363a5760feb2.png</url>
      <title>DEV Community: Raphael Serafim</title>
      <link>https://dev.to/raphaelvserafim</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/raphaelvserafim"/>
    <language>en</language>
    <item>
      <title>Como implementar OTP (código de confirmação) por WhatsApp no Brasil</title>
      <dc:creator>Raphael Serafim</dc:creator>
      <pubDate>Fri, 03 Jul 2026 00:37:58 +0000</pubDate>
      <link>https://dev.to/raphaelvserafim/como-implementar-otp-codigo-de-confirmacao-por-whatsapp-no-brasil-35oe</link>
      <guid>https://dev.to/raphaelvserafim/como-implementar-otp-codigo-de-confirmacao-por-whatsapp-no-brasil-35oe</guid>
      <description>&lt;p&gt;Guia prático para adicionar verificação por código OTP via WhatsApp oficial no seu sistema, com exemplos em Node.js, PHP e Python — e comparação honesta de custos entre WhatsApp, SMS e e-mail&lt;/p&gt;

&lt;h1&gt;
  
  
  Como implementar OTP (código de confirmação) por WhatsApp no Brasil
&lt;/h1&gt;

&lt;p&gt;Se você tem um cadastro, login ou checkout, em algum momento vai precisar confirmar que o usuário realmente controla o número de telefone que informou. Esse é o trabalho do &lt;strong&gt;OTP&lt;/strong&gt; (&lt;em&gt;One-Time Password&lt;/em&gt;, ou senha de uso único): você envia um código, o usuário digita, você confere.&lt;/p&gt;

&lt;p&gt;No Brasil, mandar esse código por &lt;strong&gt;WhatsApp&lt;/strong&gt; costuma ser melhor que por SMS — mais gente lê, entrega mais e custa menos. Neste post eu mostro como implementar isso na prática, com código que roda, e comparo os canais de forma honesta (inclusive citando alternativas pagas).&lt;/p&gt;

&lt;h2&gt;
  
  
  Por que WhatsApp e não SMS?
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Critério&lt;/th&gt;
&lt;th&gt;WhatsApp oficial&lt;/th&gt;
&lt;th&gt;SMS&lt;/th&gt;
&lt;th&gt;E-mail&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Entregabilidade&lt;/td&gt;
&lt;td&gt;Alta&lt;/td&gt;
&lt;td&gt;Média&lt;/td&gt;
&lt;td&gt;Baixa (cai em spam)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Taxa de leitura&lt;/td&gt;
&lt;td&gt;~98%&lt;/td&gt;
&lt;td&gt;~90%&lt;/td&gt;
&lt;td&gt;~20%&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Custo por envio&lt;/td&gt;
&lt;td&gt;~R$ 0,03&lt;/td&gt;
&lt;td&gt;R$ 0,08–0,15&lt;/td&gt;
&lt;td&gt;Baixo, mas pouco lido&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Copiar código&lt;/td&gt;
&lt;td&gt;Botão nativo&lt;/td&gt;
&lt;td&gt;Manual&lt;/td&gt;
&lt;td&gt;Manual&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;O SMS ainda é um bom &lt;em&gt;fallback&lt;/em&gt; para quem não usa WhatsApp, mas como canal principal de OTP no Brasil, o WhatsApp ganha na maioria dos casos.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;⚠️ Use sempre a &lt;strong&gt;API oficial do WhatsApp (WhatsApp Business Platform)&lt;/strong&gt;, não automação de WhatsApp Web. Automação não oficial derruba a entrega e corre risco de bloqueio pela Meta.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  O fluxo em 2 passos
&lt;/h2&gt;

&lt;p&gt;Toda implementação de OTP tem a mesma forma:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Enviar&lt;/strong&gt; o código (&lt;code&gt;send&lt;/code&gt;) → você gera um código e manda pelo canal.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Verificar&lt;/strong&gt; o código (&lt;code&gt;verify&lt;/code&gt;) → o usuário digita e você confere.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;O detalhe importante: a resposta do &lt;code&gt;send&lt;/code&gt; confirma que a mensagem foi &lt;strong&gt;aceita&lt;/strong&gt;, mas a entrega no aparelho é assíncrona. Para OTP isso não é problema — &lt;strong&gt;a própria verificação já é a prova de entrega&lt;/strong&gt;. Se o usuário digitou o código certo, chegou. Você &lt;strong&gt;não precisa de webhook nem de polling&lt;/strong&gt; de status.&lt;/p&gt;

&lt;h2&gt;
  
  
  Implementando com uma API pronta
&lt;/h2&gt;

&lt;p&gt;Você pode falar direto com a WhatsApp Business Platform, mas isso exige aprovação de template, gestão de número e conta na Meta. Para ir mais rápido, dá pra usar um provedor que já cuida disso. As opções mais conhecidas:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Twilio Verify&lt;/strong&gt; — global, robusto, ~US$ 0,05 por verificação.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Zenvia / Infobip&lt;/strong&gt; — grandes players com presença no Brasil.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;entrar.api.br&lt;/strong&gt; — opção brasileira de baixo custo (R$ 0,03 por OTP enviado, verificação grátis), com dois endpoints simples e sem SDK.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Abaixo uso a &lt;code&gt;entrar.api.br&lt;/code&gt; porque a API é minimalista (bom pra exemplo), mas o padrão vale pra qualquer provedor.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Enviar o código
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://cpf.entrar.api.br/api/otp/send &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Authorization: Bearer SEU_API_SECRET"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"telefone":"+5511999999999"}'&lt;/span&gt;

&lt;span class="c"&gt;# → { "ok": true, "otpId": "...", "status": "pending" }&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Guarde o &lt;code&gt;otpId&lt;/code&gt; — é ele que amarra o código ao usuário.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Verificar o código
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://cpf.entrar.api.br/api/otp/verify &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Authorization: Bearer SEU_API_SECRET"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"otpId":"...","codigo":"123456"}'&lt;/span&gt;

&lt;span class="c"&gt;# → { "ok": true, "verified": true }&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Exemplos por linguagem
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Node.js
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;async&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;enviarOtp&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;telefone&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;fetch&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;https://cpf.entrar.api.br/api/otp/send&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="na"&gt;method&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;POST&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="na"&gt;headers&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
      &lt;span class="na"&gt;Authorization&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Bearer SEU_API_SECRET&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
      &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Content-Type&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;application/json&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="na"&gt;body&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;JSON&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;stringify&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="nx"&gt;telefone&lt;/span&gt; &lt;span class="p"&gt;}),&lt;/span&gt;
  &lt;span class="p"&gt;});&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;json&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt; &lt;span class="c1"&gt;// { ok, otpId, status }&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;async&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;verificarOtp&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;otpId&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;codigo&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;fetch&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;https://cpf.entrar.api.br/api/otp/verify&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="na"&gt;method&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;POST&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="na"&gt;headers&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
      &lt;span class="na"&gt;Authorization&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Bearer SEU_API_SECRET&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
      &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Content-Type&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;application/json&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="na"&gt;body&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;JSON&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;stringify&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="nx"&gt;otpId&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;codigo&lt;/span&gt; &lt;span class="p"&gt;}),&lt;/span&gt;
  &lt;span class="p"&gt;});&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;json&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt; &lt;span class="c1"&gt;// { ok, verified }&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  PHP
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="k"&gt;function&lt;/span&gt; &lt;span class="n"&gt;enviarOtp&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kt"&gt;string&lt;/span&gt; &lt;span class="nv"&gt;$telefone&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt; &lt;span class="kt"&gt;array&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nv"&gt;$ch&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;curl_init&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;"https://cpf.entrar.api.br/api/otp/send"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="nb"&gt;curl_setopt_array&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;$ch&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
    &lt;span class="no"&gt;CURLOPT_RETURNTRANSFER&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="no"&gt;CURLOPT_POST&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="no"&gt;CURLOPT_HTTPHEADER&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
      &lt;span class="s2"&gt;"Authorization: Bearer SEU_API_SECRET"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
      &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="p"&gt;],&lt;/span&gt;
    &lt;span class="no"&gt;CURLOPT_POSTFIELDS&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;json_encode&lt;/span&gt;&lt;span class="p"&gt;([&lt;/span&gt;&lt;span class="s2"&gt;"telefone"&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="nv"&gt;$telefone&lt;/span&gt;&lt;span class="p"&gt;]),&lt;/span&gt;
  &lt;span class="p"&gt;]);&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nb"&gt;json_decode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nb"&gt;curl_exec&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;$ch&lt;/span&gt;&lt;span class="p"&gt;),&lt;/span&gt; &lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Python
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;requests&lt;/span&gt;

&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;enviar_otp&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;telefone&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;dict&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;res&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;requests&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;post&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
        &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;https://cpf.entrar.api.br/api/otp/send&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;headers&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Authorization&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Bearer SEU_API_SECRET&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;
        &lt;span class="n"&gt;json&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;telefone&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;telefone&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="n"&gt;res&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;json&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Boas práticas de segurança
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Códigos de uso único e com expiração curta&lt;/strong&gt; (ex.: 10 minutos).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Limite tentativas&lt;/strong&gt; de verificação por &lt;code&gt;otpId&lt;/code&gt; para evitar força bruta.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Rate-limit no reenvio&lt;/strong&gt; — não deixe reenviar OTP em loop para o mesmo número.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Nunca exponha o API Secret no front-end&lt;/strong&gt; — mantenha só no back-end.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Conclusão
&lt;/h2&gt;

&lt;p&gt;OTP por WhatsApp resolve verificação de telefone no Brasil com boa entrega e custo baixo. O fluxo é simples — &lt;code&gt;send&lt;/code&gt; e &lt;code&gt;verify&lt;/code&gt; — e você não precisa de webhook: a verificação já é a confirmação de entrega. Se quiser o caminho mais barato e direto, a &lt;a href="https://entrar.api.br/otp-whatsapp" rel="noopener noreferrer"&gt;entrar.api.br&lt;/a&gt; cobra R$ 0,03 por envio; se precisar de escala global com fallback automático de canal, Twilio Verify e Infobip são alternativas maduras.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Escrevi este guia com base na implementação real da &lt;a href="https://entrar.api.br" rel="noopener noreferrer"&gt;entrar.api.br&lt;/a&gt;, uma camada de identidade brasileira (CPF + OTP + verificação de idade) usada em produção por instituições como a faculdade Unifama e plataformas de alto volume como o 123 Bolão.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>whatsapp</category>
      <category>otp</category>
      <category>webdev</category>
    </item>
    <item>
      <title>API WhatsApp</title>
      <dc:creator>Raphael Serafim</dc:creator>
      <pubDate>Mon, 07 Oct 2024 19:27:57 +0000</pubDate>
      <link>https://dev.to/raphaelvserafim/api-whatsapp-4kn7</link>
      <guid>https://dev.to/raphaelvserafim/api-whatsapp-4kn7</guid>
      <description>&lt;p&gt;Descubra uma abordagem única para aprimorar suas interações no WhatsApp com nossa API não oficial. &lt;br&gt;
Simplifique a comunicação, envie mensagens de forma versátil e alcance resultados excepcionais para o seu negócio&lt;br&gt;
&lt;a href="https://api-wa.me" rel="noopener noreferrer"&gt;https://api-wa.me&lt;/a&gt;&lt;/p&gt;

</description>
      <category>developer</category>
      <category>javascript</category>
      <category>php</category>
      <category>node</category>
    </item>
  </channel>
</rss>
