The communication via WhatsApp Business API is based on the WhatsApp set-up of virtual machines or virtual containers with WhatsApp software installed that communicate with the WhatsApp server.
The software (docker image) for encryption and decryption of WhatsApp messages must be hosted by the Facebook Business Solution Provider (BSP), usually in a cloud environment.
When we talk about hosting of WABAs, it means the hosting of the encryption software that enables encrypted end-to-end communication between business and its customers.
At the same time, this set-up enables conformity in terms of data security.
WhatsApp API and WABA hosting
Messages are encrypted between the WhatsApp app on a user’s smartphone through the WhatsApp data centers until it reaches Docker containers hosted by an official Facebook Business Solution Provider (BSP) like 360dialog. Only in these containers the decryption takes place. The Docker containers are installed in a highly redundant and multi-connect environment. These are the (modular) components:
1. REST API container: The API container provides endpoints to interact with the Business API.
2. Backend service container(s): The backend service runs the application communicating with the WhatsApp servers. It uses encrypted connections exclusively.
3. External/containerized database: WhatsApp provides two options for the database, a connection to an existing MySQL database server or a database container.
4. Backend processing: When the Docker container receives an incoming message, it will trigger a (pre-configured) webhook including message details (attachments are only sent as links).
The API acts like a third-party, remote REST API. 360dialog has built a solid and redundant infrastructure around this. Because of using Docker, the setup is highly scalable.
After sending, the messages are processed to the WhatsApp Business container where they are encrypted and dispatched into the WhatsApp infrastructure and finally pushed to the targeted device, where it is decrypted.