WhatsApp Business API MCP Tools

WhatsApp Business API MCP tools follow official number, business profile, contacts, segments, consent, team inbox, 24-hour session, template approval, broadcast, interactive button, auto-reply, webhook, delivery reporting, and audit workflows.

whatsapp.config.get

read

Read WhatsApp Business API, webhook, send limit, 24-hour window, template, and approval settings.

-

Read-only. No approval required.

Do not expose Meta access tokens, webhook secrets, app secrets, or phone number private credentials.

whatsapp.phone_numbers.list

read

List official WhatsApp numbers, display names, quality rating, messaging tier, and connection state.

whatsapp.config.get

Read-only. No approval required.

Hide verification details and provider identifiers unless admin role is present.

whatsapp.business_profile.get

read

Read business profile, address, website, category, description, opening hours, and official account state.

whatsapp.phone_numbers.list

Read-only. No approval required.

Do not expose account verification documents or Meta business manager secrets.

whatsapp.contacts.list

read

List WhatsApp contacts, phone, tags, segments, consent, block state, and recent interaction.

whatsapp.config.get

Read-only. No approval required.

Mask phone and profile data according to customer-data permissions.

whatsapp.contact.get

read

Read one contact profile, conversations, consent, subscription preference, purchase history, and CRM links.

whatsapp.contacts.list

Read-only. No approval required.

Keep contact data tenant-scoped and channel-consent scoped.

whatsapp.segments.list

read

List customer segments, criteria, estimated audience, exclusions, and allowed template categories.

whatsapp.contacts.list, whatsapp.consent_records.list

Read-only. No approval required.

Segment counts must exclude opted-out, blocked, or invalid contacts.

whatsapp.consent_records.list

read

List WhatsApp consent, opt-out, block state, source, timestamp, and allowed message categories.

whatsapp.contacts.list

Read-only. No approval required.

Consent state is authoritative for broadcasts and must not be bypassed.

whatsapp.conversations.list

read

List conversations by state, owner, queue, last message, unread, SLA, or 24-hour window.

whatsapp.contacts.list

Read-only. No approval required.

Only return conversations available to the requester or assigned team.

whatsapp.conversation.get

read

Read messages, attachments, button replies, assignment, CRM context, orders, and handling history.

whatsapp.conversations.list

Read-only. No approval required.

Mask private staff notes and attachment URLs unless authorized.

whatsapp.inbox_assignments.list

read

List team inbox queues, owners, routing rules, handover history, and open conversations.

whatsapp.conversations.list

Read-only. No approval required.

Do not reveal conversations assigned to restricted queues.

whatsapp.templates.list

read

List approved, pending, rejected, paused, and multilingual Meta message templates.

whatsapp.config.get

Read-only. No approval required.

Do not use unapproved templates for outbound business-initiated messages.

whatsapp.template.get

read

Read template copy, variables, media, buttons, language, category, review reason, and quality state.

whatsapp.templates.list

Read-only. No approval required.

Show rejected reasons without exposing Meta internal tokens or reviewer data.

whatsapp.template_quality.get

read

Read template quality, block rate, report rate, pause risk, and send restrictions.

whatsapp.template.get

Read-only. No approval required.

Quality data should guide throttling and must not be edited by reads.

whatsapp.broadcasts.list

read

List broadcast drafts, audience, template, schedule, approval, send state, and failure reasons.

whatsapp.segments.list, whatsapp.templates.list

Read-only. No approval required.

Audience counts must exclude opt-outs and contacts without required consent.

whatsapp.flows.list

read

Read FAQ, auto-reply, keyword, journey, button nodes, and fallback flows.

whatsapp.config.get

Read-only. No approval required.

Draft automation should not answer customers until enabled through approval.

whatsapp.keyword_rules.list

read

List keywords, intents, replies, routing queues, trigger conditions, and priority.

whatsapp.flows.list

Read-only. No approval required.

Avoid exposing internal routing logic to customer-facing users.

whatsapp.webhook_logs.list

read

List inbound, status update, template review, and delivery receipt webhook logs and errors.

whatsapp.config.get

Read-only. No approval required.

Mask webhook payload PII and secrets; retain replay boundaries.

whatsapp.opt_outs.list

read

List opt-outs, blocks, STOP keywords, complaints, and suppression list.

whatsapp.consent_records.list

Read-only. No approval required.

Suppression list must be enforced before any broadcast or campaign send.

whatsapp.media_assets.list

read

List images, documents, videos, template header media, dimensions, and review state.

whatsapp.templates.list

Read-only. No approval required.

Only return signed asset references and check Meta media policy.

whatsapp.message_delivery.list

read

List message sent, delivered, read, failed, reply, click, and error codes.

whatsapp.broadcasts.list or whatsapp.conversation.get

Read-only. No approval required.

Do not expose other customers' message state outside authorized reports.

whatsapp.conversation_summary.get

read

Read response time, SLA, open conversations, routing volume, resolution rate, and staff workload.

whatsapp.conversations.list, whatsapp.inbox_assignments.list

Read-only. No approval required.

Aggregate staff metrics unless manager permission allows individual detail.

whatsapp.campaign_report.get

read

Read broadcast delivery, read, reply, button click, conversion, opt-out, and cost summary.

whatsapp.broadcasts.list, whatsapp.message_delivery.list

Read-only. No approval required.

Respect attribution boundaries and avoid exposing individual behavior unnecessarily.

whatsapp.policy_rules.get

read

Read Meta template category, consent, opt-out, 24-hour window, frequency, and approval rules.

whatsapp.config.get

Read-only. No approval required.

Policy rules must be treated as guardrails for every send and automation write.

whatsapp.audit_logs.list

read

Read audit logs for contacts, consent, templates, broadcasts, conversations, routing, automation, and webhooks.

whatsapp.contact.get or whatsapp.broadcasts.list

Read-only. No approval required.

Audit logs must be immutable and restricted to admin/compliance roles.

whatsapp.template_submit.preview

preview

Preview template category, copy, variables, buttons, media, language, and Meta review risk.

whatsapp.template.get, whatsapp.policy_rules.get, whatsapp.media_assets.list

Approval required before submitting or resubmitting a Meta template.

Detect prohibited claims, wrong category, missing variables, and policy mismatch.

whatsapp.broadcast.preview

preview

Preview broadcast audience, consent, template, variables, schedule, cost, frequency, and opt-out risk.

whatsapp.segments.list, whatsapp.consent_records.list, whatsapp.template.get, whatsapp.policy_rules.get

Human approval required before any bulk or campaign send.

Exclude opt-outs, blocked numbers, invalid contacts, and unapproved templates.

whatsapp.session_message.preview

preview

Preview customer-care-window message, attachment, button, recipient, and context.

whatsapp.conversation.get, whatsapp.policy_rules.get

Approval required for sensitive, payment, or policy-changing replies.

Block free-form business-initiated sends outside the 24-hour session window.

whatsapp.automation_change.preview

preview

Preview auto-reply, keyword, routing, fallback, button, and affected conversation flows.

whatsapp.flows.list, whatsapp.keyword_rules.list, whatsapp.policy_rules.get

Approval required before automation becomes live.

Prevent loops, wrong queue routing, misleading replies, and unapproved template sends.

whatsapp.contact_import.preview

preview

Preview contact import dedupe, phone format, consent source, segment, opt-out exclusion, and errors.

whatsapp.contacts.list, whatsapp.consent_records.list, whatsapp.opt_outs.list

Approval required before bulk contact import or consent update.

Do not import contacts without traceable consent source.

whatsapp.order_payment_message.preview

preview

Preview in-chat order, payment link, product data, customer data, and outbound message.

whatsapp.conversation.get, whatsapp.contact.get, whatsapp.session_message.preview

Approval required before creating order or sending payment link.

Confirm customer identity and avoid exposing payment links to wrong conversations.

whatsapp.handover.preview

preview

Preview conversation assignment, handover, queue, SLA, internal note, and notification impact.

whatsapp.conversation.get, whatsapp.inbox_assignments.list

Approval required for restricted queues or bulk reassignment.

Do not expose private notes to customers and preserve handover history.

whatsapp.contact.upsert

write

Create or update contact, name, phone, CRM link, tags, language, and preferences.

whatsapp.contact.get or whatsapp.contacts.list

Approval required for sensitive identity or phone changes.

Deduplicate by normalized phone and preserve consent history.

whatsapp.contact.import

write

Bulk import contacts, segments, tags, and consent sources.

whatsapp.contact_import.preview

Approval required before bulk import.

Reject rows without valid phone or traceable consent.

whatsapp.segment.upsert

write

Create or update segment criteria, exclusions, sync rules, and usage.

whatsapp.segments.list, whatsapp.broadcast.preview

Approval required when segment affects active or scheduled broadcasts.

Keep opt-outs excluded and prevent accidental all-customer targeting.

whatsapp.consent.update

write

Update consent, opt-out, block, source, category, and timestamp.

whatsapp.consent_records.list, whatsapp.opt_outs.list

Approval required for bulk consent changes or opt-out reversal.

Never override opt-out without verified customer action and audit record.

whatsapp.conversation.assign

write

Assign, hand over, or reassign conversation to queue, team, or owner.

whatsapp.handover.preview

Approval required for restricted queue transfers or bulk changes.

Preserve handover history and do not notify customers with internal notes.

whatsapp.session_message.send

write

Send text, attachment, button, or service reply inside the 24-hour customer-care window.

whatsapp.session_message.preview

Approval required for sensitive or payment-related replies.

Block session messages outside active customer-care window unless template is used.

whatsapp.template_draft.upsert

write

Create or update template draft, variables, media, buttons, languages, and category.

whatsapp.template_submit.preview

Approval required before customer-facing use or Meta submission.

Validate variables and category before storing submit-ready draft.

whatsapp.template.submit

write

Submit template to Meta review or resubmit a corrected version.

whatsapp.template_submit.preview

Explicit approval required before submission.

Use preview as contract and store Meta review response in audit.

whatsapp.broadcast.create

write

Create broadcast draft, audience, template, variables, exclusions, and objective.

whatsapp.broadcast.preview

Approval required before scheduling or sending.

Do not create executable broadcast without approved template and consent-filtered audience.

whatsapp.broadcast.schedule

write

Schedule approved broadcast send time, throttling, batches, and fallback.

whatsapp.broadcast.preview, whatsapp.broadcasts.list

Human approval required before execution.

Recheck template approval, quality rating, consent, and opt-out state before send.

whatsapp.flow.upsert

write

Create or update FAQ, auto-reply, button flow, routing, and fallback.

whatsapp.automation_change.preview

Approval required before flow is active.

Prevent loops, stale pricing, and policy-violating replies.

whatsapp.keyword_rule.upsert

write

Create or update keyword, intent, reply, routing queue, and priority.

whatsapp.automation_change.preview

Approval required before live routing or replies change.

Avoid matching overly broad keywords that misroute customers.

whatsapp.auto_reply.enable

write

Enable, disable, or adjust active scope and schedule for auto-reply flows.

whatsapp.automation_change.preview

Approval required before activation or deactivation.

Check fallback and human handover path before enabling.

whatsapp.conversation.close

write

Close resolved conversation with outcome, tags, SLA, and follow-up.

whatsapp.conversation.get

Approval required for complaint, payment, or escalation closures.

Do not close unresolved or active escalation conversations without owner confirmation.

whatsapp.order.create_from_chat

write

Create order from chat with customer, products, quantities, prices, and notes.

whatsapp.order_payment_message.preview

Approval required before creating order from conversation.

Confirm customer identity, product, price, and stock/source system before write.

whatsapp.payment_link.send

write

Send approved order or invoice payment link into a conversation.

whatsapp.order_payment_message.preview

Approval required before sending payment link.

Use short-lived links and verify recipient conversation before send.

whatsapp.media_asset.upload

write

Upload images, documents, videos, and metadata for templates or conversations.

whatsapp.media_assets.list, whatsapp.template_submit.preview

Approval required before media is used in approved templates or broadcasts.

Scan files and validate Meta media size/type policy.

whatsapp.tag.apply

write

Apply tag, segment signal, or follow-up state to contact or conversation.

whatsapp.contact.get, whatsapp.conversation.get

Approval required for bulk tags that affect campaigns or routing.

Avoid tags that imply consent unless consent update is explicitly recorded.

whatsapp.webhook.retry

write

Retry failed webhook processing for inbound messages, delivery state, or template review.

whatsapp.webhook_logs.list

Approval required for bulk replay or state-changing webhook retry.

Use idempotency keys and never replay already-applied customer actions.

whatsapp.action_request.status

status

Check status for WhatsApp writes, previews, or approval requests without re-executing actions.

whatsapp.audit_logs.list

Read-only status lookup. No approval required.

Return status and audit references only; never replay sends, broadcasts, or webhook writes.