Credential Setup Guide

Last updated: March 9, 2026

This page shows exactly where to obtain the 4 keys/tokens needed for Yapper setup.

1) WhatsApp Access Token

Open your Meta app's WhatsApp Dev Console:
developers.facebook.com/apps/<YOUR_APP_ID>/use_cases/customize/wa-dev-console/ -> API Setup -> Access Token

1. Open your Meta app and enter the WhatsApp Dev Console.
2. Open API Setup.
3. Copy the token shown in Access Token.

Important: The token in API Setup is usually temporary (commonly 24-hour lifetime). Use it for testing only.

For production, generate a permanent System User token in Meta Business Manager with whatsapp_business_messaging permissions.

2) WhatsApp Verify Token

This is not issued by Meta. You choose it.

App-specific webhook config page:
developers.facebook.com/apps/<YOUR_APP_ID>/use_cases/customize/wa-settings/

1. Generate a random token, for example:

openssl rand -hex 32

2. Save that value in Yapper as whatsapp_verify_token.
3. In Meta webhook setup, paste the exact same value into Verify Token.

If even one character differs between your backend and Meta, webhook verification fails.

3) WhatsApp App Secret

1. Go to developers.facebook.com.
2. Click My Apps and select your app.
3. In the left sidebar, go to App Settings -> Basic.
4. Find App Secret and click Show.
5. Re-enter your Facebook password if prompted.
6. Copy the revealed value and save it in Yapper as whatsapp_app_secret.

4) OpenRouter API Key

1. Open openrouter.ai/settings/keys.
2. Sign in to your OpenRouter account.
3. Click Create Key.
4. Name the key (example: yapper-prod).
5. Copy the key immediately and save it in Yapper as llm_api_key.

Common Setup Errors

• Using the temporary API Setup Access Token in production
• Verify token mismatch between Yapper and Meta
• Using a token from the wrong Meta app/business
• Forgetting to rotate/re-save keys after regeneration