Skip to main content

Step 3 — Generate a Permanent Access Token

Whoxa CRM requires a permanent (non-expiring) access token to call the WhatsApp API on your behalf. Temporary tokens generated on the App Dashboard expire every 24 hours and are not suitable for production use.

Create a System User

  1. Go to business.facebook.comBusiness Settings.
  2. In the left sidebar, click Users → System Users.
  3. Click Add and fill in:
    • Name: e.g., whoxa-crm-system-user
    • Role: Admin
  4. Click Create System User.

Assign WhatsApp Permissions

  1. Select the newly created System User.
  2. Click Add Assets.
  3. Under Apps, select your Meta App created in Step 2.
  4. Enable the following permissions:
    • whatsapp_business_messaging
    • whatsapp_business_management
  5. Click Save Changes.

Generate the Token

  1. Still on the System User page, click Generate New Token.
  2. Select your Meta App from the dropdown.
  3. Set Token Expiration to Never.
  4. Select all required permission scopes (see table below).
  5. Click Generate Token and copy the token immediately — it is shown only once.

Required Permission Scopes

Select all 6 scopes when generating the token. Missing any will break specific features.

PermissionRequired For
business_managementAccessing Meta Business Manager data
catalog_managementCreating and syncing Meta product catalogs
manage_app_solutionManaging app-level configurations
whatsapp_business_manage_eventsReceiving webhook events from Meta
whatsapp_business_managementManaging WABA, templates, phone numbers
whatsapp_business_messagingSending and receiving WhatsApp messages

Important: If you only need basic messaging, the minimum is whatsapp_business_messaging + whatsapp_business_management. But to use Meta Catalog and Template Management, all 6 scopes are required.

Keep this token secure. Anyone with this token can send messages from your WhatsApp Business Account.


Proceed to Step 4 — Configure Webhook URL.