WhatsApp Webhooks Explained (2026): Delivery, Read & Inbound Events

WhatsApp webhooks are HTTP callbacks that Meta sends to a URL you (or your platform) registers, notifying you in real time about message events like delivery, read receipts, failures, and incoming customer messages. They are how a WhatsApp Business API integration "knows" what is happening.

Without webhooks, you would have to repeatedly poll Meta to ask "did this message get delivered yet?" — slow and inefficient. Instead, Meta pushes an event to your endpoint the instant something happens: the moment a message is delivered, the moment it is read, the moment a customer replies. Your system reacts immediately.

Webhooks are fundamentally a developer feature: they require a public HTTPS endpoint, event subscriptions, and signature verification. The good news is that PayPerWA handles all of this for you — you get live delivery and read status in your dashboard without writing a single line of webhook code. This guide explains how they work, the events involved, and what PayPerWA does behind the scenes. For the bigger picture, see our complete API guide.

Webhooks track a message through its entire journey — from the moment you send it to the moment the customer reads or replies. Each stage of that journey produces a webhook event.

A typical outbound message lifecycle:

1. You send a message via the API — Meta accepts it and returns a message ID (wamid).
2. Meta dispatches it toward WhatsApp — a sent status webhook fires.
3. The message reaches the customer's device — a delivered webhook fires.
4. The customer opens and reads it — a read webhook fires.
5. If anything goes wrong — a failed webhook fires with an error reason.

Separately, when a customer messages you, an inbound message webhook arrives carrying the text or media they sent. Together these events give a complete, real-time view of every conversation — which is exactly what powers delivery reports, read ticks, and two-way chat.

The core WhatsApp webhook events are sent, delivered, read, failed, and inbound message — covering both the status of messages you send and the messages customers send you. Each event carries the message ID and a timestamp.

Here is what each event means:

• sent — Meta has accepted your message and is sending it toward WhatsApp's servers.
• delivered — The message reached the recipient's device (the double grey tick).
• read — The recipient opened the chat and read it (blue ticks), if they have read receipts on.
• failed — The message could not be delivered; the event includes an error code and reason.
• inbound message — A customer sent you a message (text, image, button tap, etc.).

Status events update your delivery reports; inbound events power your inbox and trigger automations like chatbot replies.

This table summarises each event, what triggers it, and how it is typically used.

Most platforms subscribe to all of these so nothing about a conversation is missed.

Status tracking works by matching each incoming status webhook to the original message using its unique message ID (wamid), then updating that message's state in your system. Each message moves through states as events arrive.

The flow:

1. You send a message and store the returned wamid.
2. Meta later sends a delivered webhook referencing that same wamid.
3. Your system finds the matching message and marks it delivered.
4. A read webhook arrives — the message is marked read.
5. If a failed webhook arrives instead, the message is marked failed with its error reason.

Because every event carries the wamid and a timestamp, you can rebuild the exact timeline of any message: sent at X, delivered at Y, read at Z. This is what makes accurate delivery and read reporting possible — and on PayPerWA it also drives automatic refunds for messages that fail.

Inbound webhook events are what open and reset the WhatsApp 24-hour service window, because they signal that a customer has messaged you. Every inbound event is both information and a trigger.

When an inbound webhook arrives, a platform typically:

• Logs the message in the conversation thread (your inbox).
• Opens or resets the customer's 24-hour window from that timestamp.
• Fires any automation — a chatbot reply, an auto-acknowledgement, a routing rule.
• Marks the contact as recently active so agents can respond with free session messages.

This tight link between inbound webhooks and the service window is central to running cheap, responsive support. To understand the window itself, read The WhatsApp 24-hour window explained.

Signature verification is the security step that confirms a webhook genuinely came from Meta and was not forged or tampered with. Because webhooks hit a public URL, anyone could try to send fake events — so each request must be verified.

Meta secures webhooks in two ways:

• Verify token — When you first register the webhook URL, Meta sends a verification challenge; your endpoint must echo back a shared token to prove ownership.
• Payload signature (X-Hub-Signature-256) — Every event includes a signature header computed from the payload and your app secret. Your endpoint recomputes the signature and rejects the request if it doesn't match.

This prevents attackers from injecting fake "delivered" or inbound events into your system. PayPerWA performs this verification on every webhook automatically, so your delivery data and inbox stay trustworthy without you implementing any cryptography. If you are curious about the mechanics, our developer docs describe the verification flow.

PayPerWA receives, verifies, and processes every WhatsApp webhook on your behalf, so you get live delivery, read, failure, and inbound events in your dashboard without setting up any endpoint or writing code. This is the whole point of using a platform.

What PayPerWA does for you:

• Registers and maintains the webhook endpoint with Meta.
• Verifies the verify token and the X-Hub-Signature-256 on every request.
• Matches status events to your messages by wamid and updates delivery reports in real time.
• Routes inbound messages into your inbox, opens the 24-hour window, and triggers chatbot flows.
• Auto-refunds your wallet when a message fails, using the failed webhook.

You simply see accurate ticks, live campaign progress, and incoming chats. No servers, no signature code, no maintenance. Explore the features or sign up to see it working.

If you are a developer who wants raw events in your own system, PayPerWA also exposes webhook and API access so you can receive delivery, read, and inbound events programmatically. You get the convenience of a platform plus the option to go deep.

Developer-oriented capabilities:

• Subscribe your own endpoint to forward delivery, read, failed, and inbound events.
• Use the API to send messages and receive the wamid for your own tracking.
• Build custom automations, CRMs, or analytics on top of the event stream.
• Rely on PayPerWA's signature verification while you focus on business logic.

This means small businesses can use the no-code dashboard while technical teams integrate at the API level — same platform, two levels of control. The full reference lives in our API documentation.

Most webhook problems trace back to verification failures, missing event subscriptions, or unreachable endpoints — and when you use PayPerWA, these are handled for you. Knowing them still helps you reason about delivery data.

On PayPerWA, subscriptions, verification, and reachability are managed automatically, so your job is simply reading the live status in the dashboard.

Webhooks turn WhatsApp from a one-way send tool into a fully tracked, two-way channel — giving you accurate delivery data, instant inbound handling, and the automation that drives modern support and marketing. They are the nervous system of the platform.

Concretely, webhooks enable:

• Accurate delivery reports — real delivered/read/failed rates, not guesses.
• Automatic refunds — failed messages credit back to your wallet via the failed event.
• Instant chatbots — inbound events trigger replies within the free 24-hour window.
• Smart re-engagement — knowing who read or didn't read informs your next message.

And because PayPerWA handles every webhook for you with verification built in, you get all of this with no engineering effort and transparent pricing — Meta's per-message charge plus PayPerWA's flat ₹0.20 (or $0.004) fee, no subscription. See the pricing and country rates, or get started free.