The way I would put it as someone who works at Beeper is: only use messaging automations for personal use, and don't use it to spam anyone or do anything you wouldn't do yourself within the app.
As long as you don't abuse and keep your usage within the parameters of any human, you'll be fine.
...until Meta decides they want to offer this kind of thing themselves and ban everyone else. Building your SaaS on top of someone else's SaaS is always a gamble, especially if said product is directly sold to users already and not a pure b2b intermediate.
Since recently Meta offers this as per European Union mandate (Digital Markets Act, DMA). For both Whatsapp and Facebook messaging. [0]
Now there are a lot of implementation requirements, basically forcing you to have some kind of messaging provider. Therefore difficult to apply for an open source solution. However there is such an interface.
I consider marketing use to be spam, and this is what the API is primarily meant for.
I understand that WhatsApp is kinda special in that it effectively replaced SMS in some parts of the world, but IMO this needs to be looked at through the lens of other Meta effort. The same is the case with Facebook/Messenger, and has been since before WhatsApp has been a (Meta) thing - they offer multiple different official ways to support spamming users and tricking them to buy stuff, but may the Lord have mercy on you should you want to create an auto-responder or "save to calendar" script and hook it up to your personal account.
That seems a but pessimistic. A few companies use it for customer service, like ime Adidas Germany [0] (they handled an exchange for me once on there). It is effectively just another customer support line like a chat portal on a website.
Just yesterday I setup a bot which is easy via botfather
And also, setup an app (claude built it but I had to fiddle with it, it works like pagerduty) but uses cloudflate worker to push downtime/errors (via fcm) in production (from graphana) via webhooks to "full screen, by pass dnd, alerts, with loud music, this one: https://www.youtube.com/watch?v=H0IQBWWabuU )
I named the app "Siren".
It's not straightforward to have durable hard to miss alerts about your production enviornment but good thing is this doesn't cost a cent.
Telegram group alerts are from my teammates (small team 3 members) via bot.
And Siren is for only me as I am responsible for the backend with 10 microservices, centralized logging via graphana, alloy, loki, and for metrics Prometheus.
It's all working reasonably well for me, this makes your life so much better as you fix the issues before they turn into nightmare.
I personally don't use whatsapp because I like it, but because all my contacts in my country are over there. It is officially more used than SMS here. It is not optional in my case :/
Nobody gives a damn. What matters is that it works even on a potato.
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
> Nobody gives a damn. What matters is that it works even on a potato.
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
You can rent a virtual mobile number in your home country and consult SMSs on the web or even redirect them to email. I have done this for years, using Twilio for 2€ a month. Can't say the UX is great but it certainly fixes the whole problem.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Yeah, that's a good workaround. Google Voice can work too.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
Second this. Their API is such a breeze and it is so much more automation friendly than any other messenger platform. It has a good adoption % too, otherwise Signal is the real winner if we account for privacy.
From what I understand you can have secure chats e2ee ? I like that I can login from multiple devices and continue the conversation. This was always annoying with whatsapp and signal. Worst case is mildly embarrassing stuff leaks.
whatsapp, facebook messenger, imessage all support multi-device and it's pretty convenient, in fairness to telegram they launched a bit before double ratched was invented, but still, they've had over a decade to switch to it...
That's still one device. If you turn the primary phone off, the secondary device stops working. WhatsApp just proxies everything through the primary device, it's like WhatsApp Web.
They used to, but that hasn't been true for a few years now.
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
> You can now use the same WhatsApp account on multiple devices at the same time, using your primary phone to link up to four devices. You’ll need to log in to WhatsApp on your primary phone every 14 days to keep linked devices connected to your WhatsApp account.
Messenger seems to be properly multi-device, but you pay for this by some PIN code bullshit (maybe they removed that, I haven't seen a popup about this for over a year now?) and having to sync chat history in the background, through a process that is, of course, broken and unreliable.
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
yeah messenger still has the pin code thingy, i'm curious why they do it at all that way, can't you just have your keys on fb servers encrypted with another set of keys derived from your password, which is much stronger than a 4-6 digit key?
It's not true for Signal either. Why don't you try it for yourself instead of spreading outdated (at best) information? Signal supports native multi-device capabilities without relaying everything through the "primary" device.
It's called iMessage. It's possible, Telegram just doesn't care. All their differentiating features (large groups, channels, device sync) is directly enabled by the lack of encryption.
they do have encryption, just not e2ee, and in fairness to them, it doesn't make sense to have e2ee on a channel or a group with 100k ppl in it, also device sync is possible with e2ee, it's just a slower
What are you talking about? WhatsApp, iMessage, and Signal all have multi-device support and are E2E encrypted, just to name a few very popular options.
Be careful though - telegram is heavily compromised.
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends).
and their security team says its all good.
so unless you are using it for useless info - better use something else.
please provide a proof. if this is the case, then telegram is not to be trusted. but it needs to be proven. otherwise a lot of people trust their business and personal data to telegram.
Beware that if this does not use a real web browser then it's likely to get your whatsapp account suspended. Don't use it with any account you care about, you will lose all your data.
Hell, I got my whatsapp account suspended (appealed and reversed) just for using the official web client too soon after creating a new account.
I wish it mentioned how safe this is. Some years ago I got banned for just logging in with a third-party client, without sending any messages. Given how critical WhatsApp is for some people, and how permanent the bans are, that's a big risk.
You should use a separate WhatsApp account for bot purposes.
Recently, I used a separate WhatsApp account to interact with a group chat that I have with my friends. After about a week, they disabled the account, with no way to re-enable it.
Since WhatsApp accounts are bound to phone numbers, getting a new phone number is a significant hurdle in many legislations.
An easier solution is to just not use WhatsApp at all and look for the alternatives for bot purposes. Telegram explicitly encourages bot usage with no risk of bans.
In my case I did, but it's still wasted time and money. And when breaking TOS there's always a chance of getting related accounts also banned, though I don't know if that has already happened with WhatsApp or not.
This is such a sorely needed point of integration. Cool to see Peter still shipping tools. It’s such a pity meta refuses to play ball like Telegram.
Either they’ll double-down and make this even harder -or- hopefully realise that WhatsApp is likely to be a really common control plane for AI systems in the next few years. Let’s hope the Llama energy strikes and it’s the latter.
whatsmeow is built and maintained by Beeper's bridge architect, Tulir Asokan, and is used by many Beeper users every day with no issues. It's at the core of our WhatsApp bridge: https://github.com/mautrix/whatsapp
Baileys is also a great library with a big community and one of the primary maintainers of that is also helping us with the bridge/whatsmeow. WhatsApp integration in our old app, Texts, was built with it: https://github.com/textshq/platform-whatsapp
I would recommend whatsmeow over Baileys just because we are actively involved and incentivized to keep that working perfectly, and have a lot of data points to detect any issues with it at scale.
The thing is that their tight control is precisely what makes whatsapp a spam free environment. You can't have a libre federated protocol AND have it be spam free.
As soon as you open up the api floodgate, you'll start to see nigerian prince agents on openclaw speed.
I spun up a self hosted matrix server a few days ago using codex, docker compose, and ansible. Stupidly easy to do now. I'm running it in Hetzner on a 3.99 euro/month vm. It backs up every few hours to a bucket and I have a few integrity scripts to monitor the backups actually happen. I did that because I was getting a bit frustrated with the flaky integration with Whatsapp and Slack in openclaw. I had it up and running in half an hour with only minimal prompting.
Whatsapp kind of works but you end up chatting with yourself and then open claw posts messages as you. Not ideal. You can't easily create new users (or bot users) in Whatsapp. It probably has some kind of bot api of course but I did not explore that much.
I never quite managed to get Slack working with open claw. I tried for a few hours. I think the Slack team is asleep at the wheel snoozing through this whole AI thing. If somebody there is still paying attention to things like this, maybe make some noise internally. Anyway, they made it stupidly hard to do anything productive via their APIs. The UI for managing permissions is a disgraceful hell of complexity. Add permission. UI freezes for fifteen seconds. Reloads automatically. Unfreezes. Add the next. And whatever you do, there's always one more permission you forgot. *end rant*
Relative to Whatsapp and Slack, Matrix is stupidly easy to integrate with open claw, codex, or whatever. We're retiring Slack now as I see uses for agent driven chat bots everywhere now and I want to get rid of any kind of friction around bot related plumbing. I have no use for platforms that intentionally cripple that or treat as a toll booth.
With Matrix, you just create a bot user manually or via an API. Set a password, get an access token and do whatever. No API limits. No faff with QR codes. No permission hell (Slack). It just works. Well documented API. End to end encryption. Etc. Create as many bot users as you need. Nobody is bean counting API calls, numbers of users, etc. Refreshingly easy.
Other OSS messaging platforms are available of course. I do not have a strong opinion as to which is better yet. But now I want a Matrix cli that can do admin, message sending, and all the rest. Probably already exists. But if it doesn't I might end up generating one. Macli might be a good name.
Reading a lot about people getting banned here for not using the official client, but doesn't Whatsapp have to be interoperable now (at least in the EU due to new legislation) ?
At least Whatsapp itself shows ad banners that you can now connect other messaging clients into Whatsapp, so it should be normal that other clients can equally access Whatsapp.
Officially interoperating with them is extremely onerous, to the point where their mechanism borders malicious compliance, as far as I remember.
In any case, official interoperability is only for third-party messengers communicating with WhatsApp users, not for automation or bots, as I understand, so it's not a replacement for things like this project.
It seems Meta is able to set some rules about the interoperability making it very difficult for an FOSS implementation to emerge. Additionally organizations like Signal though technically interested in this interoperability have stated they won't lower their security standards for this.
I tried creating a whatsapp "bot" which would just send notifications for my Jellyfin server. It was a bureaucratic nightmare - creating dev accounts, creating some sort of "project", then it was requiring I register it as a business as though the only valid use case for creating an app for WhatsApp is a business, then it required me to verify my identify and upload documents.
The offline search with FTS5 is really nice. I have years of WhatsApp history and searching for anything in the app is painfully slow. Being able to just grep through everything locally would be a huge upgrade.
How far back does the backfill actually go? Does it pull your full history from the primary device or is there some limit?
If AI agents can proficiently use whatsapp I would assume that two-thirds of the people chatting with me in my contacts are actually just bots messaging me.
People are just a device that LLMs use to interact with the physical world now. That's far more safe for them, staying in the sweet datacenter while the meat puppets take all the risk of dirty jobs out there. Why create terminators or even use them as battery à la Matrix when all you need to do to make them work for you is to inject the right prompts in their phone. They will pay to be thus treated.
As someone that's written some apps using official WA for Business accounts, I would strongly advise against any 3rd party tools for automating WA.
Whatsapp has some really stringent requirements on any kind of automation. E.g. Not messaging anyone automatically unless they messaged you with 24 hours, in fact, this is explicitly blocked if you use Meta's API. You have to use message templates in this case.
Also, any bots need to be verified with Meta etc.
And the TOS has gotten more strict recently, not less strict. So buyer beware here, Meta is really protective over reverse engineering WA protocol or automating it, so you can easily get yourself blocked or banned here.
I don't know why in 2026 I'm still surprised CLIs are taking off. But here's the difference today. It's for real world end user platforms like WhatsApp and Claude. That's the difference. Previously it was only Dev and infrastructure focused. Today we're saying you know what, I need programmatic access to this real world thing. It's fascinating because I rarely open my laptop now or try not to.
Please be very careful using this tool to automate your WhatsApp - if you send too many messages, too quickly, you are going to get banned.
This is NOT an officially supported api by WhatsApp and the risk of ban is relatively high
As long as you don't abuse and keep your usage within the parameters of any human, you'll be fine.
Now there are a lot of implementation requirements, basically forcing you to have some kind of messaging provider. Therefore difficult to apply for an open source solution. However there is such an interface.
[0] https://developers.facebook.com/m/messaging-interoperability...
They don't have one for regular people who want to do regular end-user computation.
I understand that WhatsApp is kinda special in that it effectively replaced SMS in some parts of the world, but IMO this needs to be looked at through the lens of other Meta effort. The same is the case with Facebook/Messenger, and has been since before WhatsApp has been a (Meta) thing - they offer multiple different official ways to support spamming users and tricking them to buy stuff, but may the Lord have mercy on you should you want to create an auto-responder or "save to calendar" script and hook it up to your personal account.
[0]: https://www.adidas.de/en/help/contact-us
Just yesterday I setup a bot which is easy via botfather
And also, setup an app (claude built it but I had to fiddle with it, it works like pagerduty) but uses cloudflate worker to push downtime/errors (via fcm) in production (from graphana) via webhooks to "full screen, by pass dnd, alerts, with loud music, this one: https://www.youtube.com/watch?v=H0IQBWWabuU )
I named the app "Siren".
It's not straightforward to have durable hard to miss alerts about your production enviornment but good thing is this doesn't cost a cent.
Telegram group alerts are from my teammates (small team 3 members) via bot.
And Siren is for only me as I am responsible for the backend with 10 microservices, centralized logging via graphana, alloy, loki, and for metrics Prometheus.
It's all working reasonably well for me, this makes your life so much better as you fix the issues before they turn into nightmare.
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
Not with bots, though.
> I like that I can login from multiple devices and continue the conversation
This is also not possible with Telegram E2E, while it is with Signal and WhatsApp.
Key distribution is just too hard. I think we won't get a messenger for non-tech people that works well with multi-device and E2E basically ever.
they even have it on fb messenger and instagram (though they recently removed e2ee completely from instagram lol)
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
It’s not proxied via primary, otherwise it wouldn’t work if primary were offline
That is correct, it doesn't work.
ref: https://faq.whatsapp.com/1317564962315842/?cms_platform=ipho...
> Use WhatsApp on your computer even when your phone is off.
ref: https://faq.whatsapp.com/378279804439436/?helpref=faq_conten...
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
And how do you just get everyone you want to speak to use telegram?
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends). and their security team says its all good.
so unless you are using it for useless info - better use something else.
Is there any proof of the global telegram issue related to amex links? Sounds like BS
Hell, I got my whatsapp account suspended (appealed and reversed) just for using the official web client too soon after creating a new account.
Recently, I used a separate WhatsApp account to interact with a group chat that I have with my friends. After about a week, they disabled the account, with no way to re-enable it.
An easier solution is to just not use WhatsApp at all and look for the alternatives for bot purposes. Telegram explicitly encourages bot usage with no risk of bans.
Do you mean “jurisdictions”?
There are still some European non-EU countries where you can get an anonymous phone number because laws are not fully enforced.
Nobody who knows law would use “legislation” in that sense, nor would they recognize it in that context, Humpty Dumpty.
Either they’ll double-down and make this even harder -or- hopefully realise that WhatsApp is likely to be a really common control plane for AI systems in the next few years. Let’s hope the Llama energy strikes and it’s the latter.
How does WhatsMeow compare with Baileys?
Baileys is also a great library with a big community and one of the primary maintainers of that is also helping us with the bridge/whatsmeow. WhatsApp integration in our old app, Texts, was built with it: https://github.com/textshq/platform-whatsapp
I would recommend whatsmeow over Baileys just because we are actively involved and incentivized to keep that working perfectly, and have a lot of data points to detect any issues with it at scale.
Just yesterday we spoke with a $50-100m ARR org org using baileys for internal messaging!
Couldnt they just use post-it notes internally and still be a $50-100m ARR org?
According to one of the founders there’s no better way for them to reach a lot of low-skill part-time employees reliably.
It shows the need to bring AI to where people already are and onto the platforms they already use.
As soon as you open up the api floodgate, you'll start to see nigerian prince agents on openclaw speed.
I spun up a self hosted matrix server a few days ago using codex, docker compose, and ansible. Stupidly easy to do now. I'm running it in Hetzner on a 3.99 euro/month vm. It backs up every few hours to a bucket and I have a few integrity scripts to monitor the backups actually happen. I did that because I was getting a bit frustrated with the flaky integration with Whatsapp and Slack in openclaw. I had it up and running in half an hour with only minimal prompting.
Whatsapp kind of works but you end up chatting with yourself and then open claw posts messages as you. Not ideal. You can't easily create new users (or bot users) in Whatsapp. It probably has some kind of bot api of course but I did not explore that much.
I never quite managed to get Slack working with open claw. I tried for a few hours. I think the Slack team is asleep at the wheel snoozing through this whole AI thing. If somebody there is still paying attention to things like this, maybe make some noise internally. Anyway, they made it stupidly hard to do anything productive via their APIs. The UI for managing permissions is a disgraceful hell of complexity. Add permission. UI freezes for fifteen seconds. Reloads automatically. Unfreezes. Add the next. And whatever you do, there's always one more permission you forgot. *end rant*
Relative to Whatsapp and Slack, Matrix is stupidly easy to integrate with open claw, codex, or whatever. We're retiring Slack now as I see uses for agent driven chat bots everywhere now and I want to get rid of any kind of friction around bot related plumbing. I have no use for platforms that intentionally cripple that or treat as a toll booth.
With Matrix, you just create a bot user manually or via an API. Set a password, get an access token and do whatever. No API limits. No faff with QR codes. No permission hell (Slack). It just works. Well documented API. End to end encryption. Etc. Create as many bot users as you need. Nobody is bean counting API calls, numbers of users, etc. Refreshingly easy.
Other OSS messaging platforms are available of course. I do not have a strong opinion as to which is better yet. But now I want a Matrix cli that can do admin, message sending, and all the rest. Probably already exists. But if it doesn't I might end up generating one. Macli might be a good name.
OT#2: Is it typical to put a package.json in a go project as replacement for a {Make,Just}file?
At least Whatsapp itself shows ad banners that you can now connect other messaging clients into Whatsapp, so it should be normal that other clients can equally access Whatsapp.
In any case, official interoperability is only for third-party messengers communicating with WhatsApp users, not for automation or bots, as I understand, so it's not a replacement for things like this project.
It seems Meta is able to set some rules about the interoperability making it very difficult for an FOSS implementation to emerge. Additionally organizations like Signal though technically interested in this interoperability have stated they won't lower their security standards for this.
I just switched to Signal.
How far back does the backfill actually go? Does it pull your full history from the primary device or is there some limit?
Whatsapp has some really stringent requirements on any kind of automation. E.g. Not messaging anyone automatically unless they messaged you with 24 hours, in fact, this is explicitly blocked if you use Meta's API. You have to use message templates in this case.
Also, any bots need to be verified with Meta etc.
And the TOS has gotten more strict recently, not less strict. So buyer beware here, Meta is really protective over reverse engineering WA protocol or automating it, so you can easily get yourself blocked or banned here.
Who are these people using the cli?
Obviously it helps that one can pipe as it might see fit in the flow of an ad hoc filled need, and so leverage on mastered composable tools.
That will never be for everyone, but it will be for no one only the day it becomes logistically unsustainable to reach some endpoint though a CLI.
- automation - sometimes avoid enshittified, privacy-invading services - fast, responsive, keyboard-friendly, debloated but non-minimized, stabler interface