The user-facing flow uses Meta’s Embedded Signup: a Facebook-hosted pop-up rendered inside the Galantis app. Galantis does not implement a separate OAuth redirect — the Embedded Signup SDK returns the necessary credentials directly to Galantis once the merchant completes the modal.
What the connection produces
A successful Embedded Signup hand-off gives Galantis:- A system user access token scoped to the merchant’s WABA, used for messaging APIs
- The WhatsApp Business Account ID (WABA ID)
- The phone number ID for each registered number
- (Optional) A Meta Catalog access token if the merchant connects a catalog in the same flow
What the access token enables
A connected WABA access token authorizes the following Meta API calls scoped to the merchant’s WABA:- Sending messages via the Cloud API (
POST /{phone_id}/messages) - Creating, submitting, and managing message templates (
POST /{waba_id}/message_templates) - Fetching template approval status
- Uploading media assets for template headers (
POST /{phone_id}/media) - Receiving inbound messages and delivery status via Meta webhooks
- Reading phone-number quality rating and limits (
GET /{phone_id})
- Reading from and writing to the merchant’s Meta Catalog (
POST /{catalog_id}/products) - Pushing product data from Galantis to Meta in batch
- Syncing catalog updates incrementally when Shopify product data changes
Token storage
Tokens are encrypted at rest using a per-tenant key derived from the workspace ID and Galantis’s master key. Decryption happens only at the moment of an outgoing Meta API call, in-process — tokens are never logged, never echoed in API responses, and never available to other tenants. Galantis acts on the merchant’s behalf using their token. The merchant remains the owner of the WABA in Meta Business Manager and can revoke Galantis’s access at any time from Meta Business Settings → Business Integrations.Token expiry and reconnection
Meta access tokens can be invalidated when:- Permissions are changed or revoked in Meta Business Manager
- The Meta user account that authorized the connection changes password or 2FA settings
- The Galantis app’s authorization is manually revoked in Meta’s app permissions
- A long-lived token reaches the end of its validity window
Symptoms of an invalid token
- Messages fail to send across all campaigns and automations simultaneously
- Template approval status stops updating in Galantis
- Catalog sync fails for all products at once (if the catalog token is affected)
- The Meta webhook connection stops receiving inbound messages and status callbacks
How to reconnect
Re-running the Embedded Signup flow issues a new token and replaces the old one.Click Reconnect
Galantis launches the same Embedded Signup modal. Sign in to Meta with the account that owns the WABA. Confirm the WABA selection — no need to re-add phone numbers or re-set the display name.
Verify outbound delivery
From the Inbox or Templates, send a test message to your own phone. A delivered message confirms the new token is active.
Related
- Connect WhatsApp (Getting Started) — Merchant-facing walkthrough of the Embedded Signup modal
- Multiple phone numbers — Adding additional numbers after the initial connection
- Meta Catalog — Catalog token connection and management
- Meta webhooks — Inbound message and status delivery