In 2026, WhatsApp Cloud API production systems MUST use a Permanent Access Token, generated via System User in Meta Business Manager.
This guide shows how to do it correctly, step by step.
💡 What Is a Permanent Access Token?
A Permanent Access Token is a long-term token used to:
- Send WhatsApp messages
- Receive webhook events
- Manage templates
- Run automation & chatbots
Unlike test tokens:
- ❌ Temporary token → expires in 24 hours
- ✅ Permanent token → stable for production
This token is issued by Meta Platforms using System Users.
❌ Temporary Token vs ✅ Permanent Token (Quick Comparison)
| Token Type | Validity | Use Case |
|---|---|---|
| Temporary Token | 24 hours | Testing only |
| Permanent Token | Long-term | Live / Production |
👉 Never use temporary token in live apps.
✅ Requirements Before You Start
Make sure you already have:
- Meta Business Manager created
- WhatsApp Cloud API app added
- WhatsApp Business Account (WABA)
- Real phone number verified
- Billing enabled
If these are missing, token may not work.
🪜 Step-by-Step: How to Generate Permanent Access Token (2026)
✅ STEP 1: Open Meta Business Manager
- Go to business.facebook.com
- Select your Business
- Open Business Settings
This is where System Users are managed.
✅ STEP 2: Create a System User
- Business Settings → Users → System Users
- Click Add
- Select Admin
- Create System User
📌 System User = represents your application, not a person.
✅ STEP 3: Assign Assets to the System User (Very Important)
Without this step, token will NOT work.
- Select the System User
- Click Assign Assets
- Assign:
- ✅ WhatsApp Business Account (WABA)
- ✅ Your Meta App
- Give Full Control
👉 This is the most commonly missed step.
✅ STEP 4: Generate Permanent Access Token
- Select the System User
- Click Generate New Token
- Choose your App
- Select permissions:
- whatsapp_business_messaging
- whatsapp_business_management
- Generate token
- Copy & store securely
🎉 This is your Permanent Access Token.
🧑💻 STEP 5: Use Permanent Token in WhatsApp Cloud API (Example)
Use this token in your backend (PHP / Node / Laravel).
$token = "PERMANENT_ACCESS_TOKEN"; $phone_id = "PHONE_NUMBER_ID"; $data = [ "messaging_product" => "whatsapp", "to" => "91XXXXXXXXXX", "text" => ["body" => "Hello from Anjok Technologies"] ]; $ch = curl_init("https://graph.facebook.com/v18.0/$phone_id/messages"); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "Authorization: Bearer $token", "Content-Type: application/json" ]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_exec($ch); curl_close($ch);
✅ No expiry issues
✅ Stable production setup
⚠️ Common Mistakes (Avoid These)
❌ Using personal user token
❌ Forgetting to assign WABA to system user
❌ Missing WhatsApp permissions
❌ Storing token in frontend JS
❌ Regenerating token unnecessarily
Any of these → API failure.
🛡️ Best Practices for 2026
✔ Always use System User token
✔ Store token in .env file
✔ Never expose token publicly
✔ Limit permissions to WhatsApp only
✔ Rotate token only if compromised
🧠 Quick Checklist (Before Going Live)
✔ Business verified
✔ Billing enabled
✔ System User created
✔ App assigned
✔ WABA assigned
✔ Correct permissions
✔ Permanent token generated
If all ✔ → WhatsApp API is production-ready.
🏢 How Anjok Technologies Helps
Anjok Technologies provides:
✔ Permanent access token setup
✔ System User & Business Manager configuration
✔ Billing & eligibility fixing
✔ Webhook setup
✔ Template approval support
✔ PHP / Laravel integration
✔ White-label WhatsApp platforms
We ensure your WhatsApp API never stops suddenly.
📞 Contact Anjok Technologies
📱 +91 80729 70517
🌐 anjoktechnologies.in
👉 Ask for WhatsApp Cloud API Permanent Token Setup (2026)