This workflow enables secure end-to-end encrypted data exchange with WhatsApp Flows for interactive applications inside Whatsapp. It implements the WhatsApp Business Encryption protocol using RSA for key exchange and AES-GCM for payload encryption, providing a secure channel for sensitive data transmission while interfacing with WhatsApp's Business API. This follows the official WhatsApp Business Encryption specifications to establish an encrypted GraphQL-powered data exchange channel between your business and the WhatsApp consumer client.
Webhook Reception: Receives encrypted data from WhatsApp containing:
encrypted_flow_data
: The AES-encrypted payloadencrypted_aes_key
: The RSA-encrypted AES keyinitial_vector
: Initialization vector for AES decryptionDecryption Process:
Data Processing:
screen
parameter.Response Generation:
Deploy the Workflow:
Set Up WhatsApp Integration:
Test the Flow:
Production Use:
Authentication Keys
RSA Private Key: Required for decrypting the AES key (included in the workflow)
WhatsApp Business Public Key: Must be registered with the WhatsApp Business API
PostgreSQL Credentials: For accessing appointment data from the database
WhatsApp Business Encryption Setup
As specified in the WhatsApp Business Encryption documentation:
Generate a 2048-bit RSA Key Pair:
The private key remains with your business (used in this workflow)
The public key is shared with WhatsApp
Register the Public Key with WhatsApp:
Use the WhatsApp Cloud API to register your public key
Set up the public key using the /v17.0/{WhatsApp-Business-Account-ID}/whatsapp_business_encryption endpoint
Key Registration API Call:
POST /v17.0/{WhatsApp-Business-Account-ID}/whatsapp_business_encryption
{
"business_public_key": "YOUR_PUBLIC_KEY"
}
Verification:
Verify your public key is registered using a GET request to the same endpoint
Ensure the key status is "active"