What is the WhatsApp In-App Signup API?

The In-App Signup API is an official Meta feature introduced in 2026 that allows businesses to create deep links for subscriptions. When a user clicks the link, WhatsApp displays a native in-app modal enabling them to opt-in to receive specific communications from the business with a single tap.

Why is opt-in mandatory for WhatsApp in Morocco?

Under Moroccan Law 09-08 (regulated by the CNDP), businesses must obtain prior, explicit consent (opt-in) from individuals before sending any direct marketing messages. Sending unsolicited promotional messages on WhatsApp without verifiable consent is illegal and subject to severe penalties.

How does In-App Signup protect against Meta's Campaign Pacing?

In 2026, Meta's Campaign Pacing algorithm monitors user reactions (blocks and spam reports) in real-time. Sending broadcasts to unconsented lists triggers high block rates, causing Meta to automatically pause your campaign. The In-App Signup API ensures only interested customers are messaged, protecting your sender quality score.

How can I integrate WhatsApp In-App Signup with Odoo or my CRM?

When a customer clicks the native WhatsApp subscription modal, Meta triggers a webhook payload containing the user's Business-Scoped User ID (BSUID). The Wasel platform captures this webhook event and automatically updates the customer profile in your CRM (Odoo, HubSpot, etc.), flagging them as a verified subscriber.

WhatsApp In-App Signup API: Legally Building Your Subscriber List Under CNDP in Morocco

By the Wasel Team · June 16, 2026 · 10 min read

In the age of automation and artificial intelligence, WhatsApp has become the channel of choice for Moroccan businesses looking to engage with their customers. However, two major hurdles often limit brands: strict local regulatory requirements from the CNDP regarding data privacy, and Meta’s relentless crackdown on spam via its new Campaign Pacing algorithm.

To resolve this conflict, Meta rolled out a key technical update in June 2026: the In-App Signup API. This feature enables businesses to collect customer consent (opt-in) in a smooth, native, and legally sound way, directly within the WhatsApp application.

At Wasel, we have broken down this new tool to show you how it transforms your contact list building and keeps your messaging campaigns safe and compliant in Morocco.

1. The WhatsApp Marketing Dilemma in Morocco (2026)

Conducting direct marketing on WhatsApp in Morocco without a clear, verifiable opt-in strategy is a recipe for disaster. There are two primary risks:

A. The CNDP Regulation (Law 09-08)

The National Commission for the Control of Personal Data Protection (CNDP) enforces Law No. 09-08. According to the law, sending commercial messages (direct marketing) requires the recipient’s prior, free, specific, and informed consent.

Proof of Consent: If audited or if a user files a complaint, the business must provide solid, time-stamped proof of the customer’s opt-in.
Sanctions: Failing to provide this proof can result in heavy administrative fines and permanent damage to your brand’s reputation.

B. Meta’s Campaign Pacing Algorithm

As discussed in our previous articles, Meta replaced hard daily tier limits with real-time Campaign Pacing. This algorithm monitors quality signals during active campaigns. If a segment of recipients blocks or reports your message because they didn’t ask to receive it, Meta instantly pauses the broadcast to protect the network, putting your business phone number’s health at risk.

Approach	Regulatory Risk (CNDP)	Technical Risk (Meta)	Commercial Outcome
Buying lists / Cold Blasting	🔴 Severe violations of Law 09-08	🔴 Immediate campaign suspension & block	Lost revenue and damaged reputation
Native In-App Signup	🟢 100% compliant (digital audit trail)	🟢 Maximum deliverability, low block rates	Healthy, engaged list growth

The WhatsApp In-App Signup API eliminates complex web forms and landing pages, replacing them with a frictionless, one-tap subscription flow.

The Technical Subscription Flow

The architecture of this feature relies on secure subscription entities and Cloud API webhooks:

Create Subscription Entity via Graph API: The business defines an onboarding category (e.g., “Exclusive Offers,” “Appointment Reminders,” “Weekly Digest”) in their WhatsApp Manager. This yields a unique subscription ID (SIGNUP_ID).
Generate Deep Link: The system creates a targeted link formatted as follows:
```
https://wa.me/212xxxxxxxxx?text=signup:<SIGNUP_ID>
```
Note: This link can be embedded behind buttons on your site, shared on social media, printed as QR codes, or used in Click-to-WhatsApp ads.
Native Opt-in Modal: When a customer taps the link, the WhatsApp app opens and displays a native Meta-designed pop-up. The modal clearly outlines what they are subscribing to and shows a single action button: “Subscribe” (or “Confirm”).
Real-Time Webhook Notification: Once confirmed, Meta triggers a webhook to your platform (like Wasel) containing the user’s Business-Scoped User ID (BSUID), the exact timestamp, and the opt-in verification status.

[User taps link] ──► [Native WhatsApp Modal (Subscribe)]
                                   │
                                   ▼
[CRM / Wasel (Opt-in + BSUID)] ◄── [Meta Webhook]

💡 The Technical Advantage: The user never has to type their phone number or fill out a form. The opt-in is recorded instantly, and the consent record—issued directly by Meta’s servers—is securely saved to your database as a permanent digital record.

3. CNDP Compliance: Ironclad Proof of Opt-in

The CNDP requires businesses to document user consent. The In-App Signup API satisfies this requirement by generating an automatic audit trail:

Time-stamps and Metadata: Every opt-in webhook payload contains a Meta transaction ID, the exact UTC time, and the specific campaign or subscription list ID.
Simple Opt-out (Right to Object): Moroccan law dictates that withdrawing consent must be as simple as granting it. With the In-App Signup structure, users can manage their subscriptions and opt-out via a native button inside the chat settings on their phones. Furthermore, Wasel automatically processes unsubscribe commands (like replying “STOP”) to disable messages in your CRM.
Privacy Preservation (BSUID): Because the subscription is tied to a BSUID (which is unique to your business portfolio) rather than the customer’s raw phone number, you adhere to the data minimization principles recommended by the CNDP.

4. Commercial Strategies to Grow Your List in Morocco

With the technical and legal frameworks in place, how do you encourage Moroccan customers to sign up?

1. In-Checkout Subscriptions (COD E-commerce)

In Morocco, cash-on-delivery (COD) is the dominant e-commerce payment method. High order cancellation rates are a constant struggle.

The Idea: On your Shopify or WooCommerce checkout confirmation page, place a button: “Receive real-time delivery tracking on WhatsApp”.
The Mechanism: Tapping this button triggers the In-App Signup flow. The customer subscribes in one tap, and Wasel automatically routes order updates and delivery times directly to their chat.

2. Physical QR Codes (Retail & Restaurants)

For local businesses (e.g., a café in Marrakech or a showroom in Casablanca):

The Idea: Place QR codes on table tents or at cash registers saying: “Scan to join our VIP club and get exclusive offers directly on WhatsApp”.
The Mechanism: Scanning the code launches the native subscription modal and automatically triggers a welcome discount code via WhatsApp.

3. Optimized “Click-to-WhatsApp” Ads

Instead of driving traffic from Facebook/Instagram ads into empty chats where users are left guessing what to write:

The Idea: Configure the call-to-action button on your Meta Ads to lead straight into the In-App Signup flow.
The Mechanism: You qualify the lead instantly and earn the legal right to follow up with promotional messages.

Managing Graph API tokens, setting up webhooks, storing consent timestamps, and syncing this data with your internal tools requires advanced developer resources.

Wasel handles the complexity for you:

No-Code Subscription Management: Set up subscription topics and generate deep links with ease through our dashboard.
Native CRM Sync: When a client subscribes, Wasel updates their status in your CRM (Odoo, HubSpot, Zoho). If they opt-out, the sync is immediate, eliminating the risk of sending unconsented messages.
AI-Powered Welcome Flows: Once opt-in is confirmed, our AI engine powered by Gemini 3.5 Flash instantly starts a welcome sequence, answers initial customer questions in Darija, Arabic, or French, and suggests relevant actions (viewing catalogs, applying discount codes).

Conclusion: Emphasizing Permission-Based Marketing

The In-App Signup API is a massive step forward. It marks the end of intrusive spam and paves the way for permission-based marketing, which yields higher quality conversations and stronger ROI. Moroccan businesses that adopt this tool early will safeguard themselves against CNDP compliance penalties, while ensuring their WhatsApp campaigns enjoy 98% open rates and perfect deliverability.

Ready to build a 100% compliant WhatsApp list in Morocco?

Wasel manages your subscription settings, secures proof of consent, and automates onboarding flows using Gemini 3.5 Flash.

Start My Free Trial →

Sources & References

Meta for Developers — WhatsApp In-App Signup API Guidelines: Official Meta developer guidelines on subscription workflows.
CNDP Morocco — Law 09-08 on Personal Data Protection: Official regulatory guidelines for data collection and direct marketing.
Meta Business Help — WhatsApp Policy Updates on Opt-in: Commercial rules and guidelines for WhatsApp Business.
Odoo App Store — Wasel Connector: Odoo integration modules for automatic consent syncing.