Volver al blog

Secure authentication on WhatsApp with Inpla: less friction, more control

2 min. de lectura

Tecnología
José

José

Flow machine

Secure authentication on WhatsApp with Inpla: less friction, more control

The idea behind Inpla was simple: to allow Kutamma and woku users to interact with our systems directly from WhatsApp. However, one thing is the idea, and quite another is to make it a reality without going crazy in the attempt.

When a problem overwhelms you, avoid it strategically

In our initial hackathon (from 48 hours that mutated to two weeks, because that's how tech life works), we realized something important: user-agent-agent communication was a topic in which neither Diego Nor were I experts. We did tests with Azure OpenAI, but the results were... In short, "we did not achieve an acceptable result" is an elegant way of saying that it was a disaster.

So we made a strategic decision: avoid what we do not master and attack what we can solve quickly. Prioritizing solvable problems rather than getting frustrated with impossible ones.

Meme this is fine, to represent the situation of when you don't solve the core and take an alternative path.

Frictionless authentication (or how to avoid that your team hates you)

First, we address user authentication through Inpla using WhatsApp as an interface. We wanted to keep friction to a minimum for development teams. But as good CTOs, we fell into the eternal discussion:

  • "Is it really worth making this safe, or are we just adding more work to ourselves?"

The answer came with a simple logic: if the benefit is greater than the effort, it is justified. After all, we've already built logic to authenticate with multiple services before. So, instead of continuing to debate, we got down to business.

We decided to make two endpoints in each service (Kutamma and woku) to register in Inpla:

  1. Search if the user exists.
  2. Generate a token that allows authentication via Inpla.

The two endpoinsts I programmed in Kutamma.

The authentication mechanics in WhatsApp

Once the endpoints have been defined, we implement the authentication logic in this way:

  1. An unauthenticated user starts a conversation with the WhatsApp bot.
  2. The bot asks for your email registered with the service.
  3. Inpla generates an OTP code and sends it by mail.
  4. The user enters the OTP code in the WhatsApp conversation.
  5. Inpla verifies the code and authenticates the WhatsApp number associated with the company.

Image of the WhatsApp conversation of a Kutamma authentication using Inpla.

Security: we don't want this to be a disaster

Data exposure on an interface like WhatsApp is a real risk. You don't have absolute control over the platform, so authentication had to be as secure as possible.

With this method, we took the first step so that agents could access Kutamma and Woku services through Inpla without compromising security.

Now it's entertaining...

This is just the beginning. After we figured out authentication, the fun part began: getting agents to actually execute tasks and be useful. But that's history for another post...

Your company's information is just a chat away

Give us your info and you'll have AI agents that will change the way you interact with your company's data.