Skip to main content

WhatsApp Authentication Flow

Mubarokah ID allows users to register and sign in using their WhatsApp number. This provides a fast, frictionless experience, but it introduces a key difference for developers: the absence of a verified email address.

Key Differences

FeatureEmail RegistrationWhatsApp Registration
IdentifierEmail AddressPhone Number
VerificationEmail Link / OTPWhatsApp OTP
User Info Responseemail is populatedemail is null
Primary Keyid (numeric)id (numeric)

Handling WhatsApp Users

When a user authenticates via WhatsApp, the /api/user endpoint will return a response where the email field is null.

Example User Response (WhatsApp User)

{
  "id": 88123,
  "name": "Budi Santoso",
  "email": null,
  "username": "budi_88123",
  "profile_picture": null,
  "gender": "male"
}

Best Practices for Client Apps

1. Use mubarokah_id as Primary Key

Do not use email as the unique identifier in your application’s users table. Instead, map your local users to the Mubarokah ID unique identifier. 
// Bad: Lookup by email
$user = User::where('email', $mubarokahUser['email'])->first();

// Good: Lookup by Mubarokah ID
$user = User::where('mubarokah_id', $mubarokahUser['id'])->first();

2. Implement Fallback Emails

If your application logic strictly requires an email address (e.g., for sending notifications), you can generate a synthetic internal email as a fallback until the user provides a real one. 
const userEmail = mubarokahUser.email || `${mubarokahUser.id}@sso.mubarokah.local`;

3. Support Profile Completion

If your app needs a real email for business reasons, detect the null email in your dashboard and prompt the user to:
  1. “Link your Email Address to receive order updates.”
  2. Redirect them to the Mubarokah ID Profile page to add their email.

SDK Support

Our official React SDK and Laravel Integration have been updated to handle these flows seamlessly.
  • The React SDK provides isAuthenticated and user state regardless of whether an email exists.
  • The Laravel Guide now shows how to use mubarokah_id for resilient user synchronization.
Note on Security: Phone numbers are verified via WhatsApp OTP before being returned to your application, ensuring they are as trustworthy as verified email addresses.