Completes the verification flow: This operation calls POST /{phoneNumberId}/verify_code with the code field. On success, Meta sets code_verification_status to VERIFIED for the number, enabling it to send messages.
When to Use
- Completing new number onboarding: After an operator retrieves the SMS/voice code from the physical device and enters it, this node submits it to Meta to finalise verification of the new phone number.
- Re-verification after deregistration: Following a deregister/register cycle, this node completes the re-verification step so the number can resume sending messages.
- Human-in-the-loop integration: A BizFirst HIL (Human-in-the-Loop) node collects the code from the operator via a form or approval step, then passes it to this node as the
code field value.
- Provisioning pipeline completion: The final step in an automated number provisioning pipeline — the workflow is resumed by the operator entering the code, and this node confirms verification before marking the number ready for use.
- Audit-triggered reverification: A security audit identifies a number with
code_verification_status: NOT_VERIFIED; the ops team initiates re-verification and this node is the final automated step after code collection.
Configuration
Connection
| Field | Required | Description |
accessToken | Required | Permanent System User access token. Store in BizFirst Credentials Manager. |
phoneNumberId | Required | Numeric string ID of the phone number being verified. |
apiVersion | Optional | Meta Graph API version. Defaults to v18.0. |
Operation
| Field | Required | Description |
phoneNumberId | Optional | Override the connection-level Phone Number ID. |
code | Required | The 6-digit verification code received via SMS or voice call on the physical device. |
Sample Configuration
{
"resource": "phone-number",
"operation": "verify-code",
"accessToken": "{{ $credentials.whatsAppToken }}",
"phoneNumberId": "123456789012345",
"code": "{{ $input.verificationCode }}"
}
Validation Errors
| Error | Cause |
accessToken is required | The accessToken field is empty. |
phoneNumberId is required | No Phone Number ID at connection or operation level. |
code is required | No verification code was provided. |
132015 (Meta) | Wrong verification code — the 6-digit code does not match what Meta sent. |
132016 (Meta) | Verification code expired — the code was not submitted within the validity window (typically 10 minutes). |
100 (Meta) | Invalid Phone Number ID. |
Output
Success Port
| Field | Type | Description |
success | bool | true when the code was accepted and the number is now verified. |
status | string | "verified". |
rawResponse | string | Full raw JSON from the Meta Graph API. |
Error Port
| Field | Type | Description |
status | string | "failed" or "error". |
errorCode | string | Meta error code or "timeout". |
errorMessage | string | Human-readable error description. |
Sample Output
{
"success": true,
"status": "verified",
"rawResponse": "{\"success\":true}"
}
Expression Reference
| Value | Expression | Notes |
| Verification success | {{ $output.verifyCode.success }} | Gate provisioning completion steps on this boolean. |
| Status string | {{ $output.verifyCode.status }} | Log to provisioning audit trail: expected "verified". |
Node Policies & GuardRails
| Policy Area | Recommendation |
| Credential storage | Store the access token in BizFirst Credentials Manager. |
| Code handling | Never log or store the 6-digit verification code in any database or workflow variable after use. It is single-use and time-limited — treat it like a one-time password. |
| Expiry handling | If a 132016 expired code error is returned, route back to phone-number/requestVerificationCode to request a fresh code. Do not retry with the same expired code. |
| Wrong code handling | On a 132015 wrong code error, prompt the operator to re-enter carefully. After three failed attempts, initiate a fresh code request rather than continuing to retry the same code. |
| Post-verification confirmation | After a successful verify, call phone-number/get to confirm codeVerificationStatus is VERIFIED before marking the provisioning workflow complete. |
Examples
HIL-Driven Verification Completion
{
"resource": "phone-number",
"operation": "verify-code",
"accessToken": "{{ $credentials.whatsAppToken }}",
"phoneNumberId": "{{ $workflow.phoneNumberId }}",
"code": "{{ $approval.verificationCode }}"
}
The provisioning workflow pauses at a BizFirst HIL (Human-in-the-Loop) node after phone-number/requestVerificationCode. The operator enters the SMS code into the approval form. The HIL node resumes the workflow with $approval.verificationCode set to the entered code, which this node submits to Meta. On success: true, the workflow marks the number as active in the provisioning database.
Re-Verification After Deregister/Register Cycle
{
"resource": "phone-number",
"operation": "verify-code",
"accessToken": "{{ $credentials.whatsAppToken }}",
"phoneNumberId": "{{ $input.phoneNumberId }}",
"code": "{{ $input.smsCode }}"
}
A phone number migration workflow deregisters a number, migrates it to a new WABA, registers it there, requests a verification code (SMS), then calls this node with the code collected from the physical device to restore the number to verified status. After success, a phone-number/get confirms the new status.