Create secure interactive applications with WhatsApp flows end-to-end encryption
WhatsApp Flows Encrypted Data Exchange Workflow Summary This workflow enables secure end-to-end encrypted data exchange with WhatsApp Flows for interactive applications inside Whatsapp. It implements the WhatsApp Busi...
Template notes
WhatsApp Flows Encrypted Data Exchange Workflow
Summary This workflow enables secure end-to-end encrypted data exchange with WhatsApp Flows for interactive applications inside Whatsapp. It implements the WhatsApp Business Encryption protocol using RSA for key exchange and AES-GCM for payload encryption, providing a secure channel for sensitive data transmission while interfacing with WhatsApp's Business API. This follows the official WhatsApp Business Encryption specifications to establish an encrypted GraphQL-powered data exchange channel between your business and the WhatsApp consumer client.
How It Works
Encryption Flow 1. Webhook Reception: Receives encrypted data from WhatsApp containing: - encryptedflowdata: The AES-encrypted payload - encryptedaeskey: The RSA-encrypted AES key - initialvector: Initialization vector for AES decryption
2. Decryption Process: - The workflow decrypts the AES key using an RSA private key - Then uses this AES key to decrypt the payload data - The inverted IV is used for response encryption
3. Data Processing: - The workflow parses the decrypted JSON data - Routes requests based on the screen parameter.
4. Response Generation: - Generates appropriate response data based on the request type - Encrypts the response using the same AES key and inverted IV - Returns the base64-encoded encrypted response
Key Components - Webhook Endpoint: Entry point for encrypted WhatsApp requests - Decryption Pipeline: RSA and AES decryption components - Business Logic Router: Screen-based routing for different functionality - Encryption Pipeline: Secure response encryption