Fri Sep 12 2025

WhatsApp Business Calling with SIP

WhatsApp has rolled out something that could be a real game changer: the ability for businesses to take and make calls directly over SIP.

For years, WhatsApp has been one of the most popular apps where people message their friends, family, and increasingly, businesses. But with Business Calling, WhatsApp is now bridging into voice - and doing it in a way that connects straight into your existing telephony setup.

This isn’t just another CPaaS feature. For businesses running PBXs, SIP SBCs, or cloud voice stacks like Asterisk, FreeSWITCH, or Jambonz, it means you can now plug WhatsApp’s two billion users straight into your infrastructure - with proper HD Opus audio, all encrypted and no PSTN in sight (apart from that WhatsApp business number you’ll use for users to find you… that’s still on the PSTN)

Diagram showing WhatsApp User -> WhatsApp → SIP → PBX -> Extension/AI Agent

Why This Matters for Businesses

We’re seeing a surge in AI voice agents; everything from customer service bots to sales assistants. These rely on high-quality audio and flexible call flows. With WhatsApp Business Calling:

You get direct Opus audio into your telephony stack.
You can bypass the PSTN with all its pitfalls.
You instantly gain access to WhatsApp’s user base, without needing your customers to ever dial a PSTN number.
You don’t need Twilio (or anyone else) in the middle; it’s direct, cheaper, and under your control.
Inbound calls are free.

Diagram showing AI voice agent → SIP → WhatsApp user

For businesses that care about global reach and modern voice experiences, this could be a massive unlock in connectivity to their users right where they already are - WhatsApp.

Business Setup Requirements

Now I’ve told you why you should be excited about WhatsApp making Business Calling widely available, let’s get you set up. Before you touch SIP, you need to go through the business onboarding flow.

You’ll need to create a Facebook App over at developers.facebook.com. (Yes… why are you making a Facebook App to enable WhatsApp - its a good question)
When making that app you then add WhatsApp capabilities to that app.
Part of that process involves verifying your business (legal entity checks, uploading documents).
You’ll also need a privacy policy and supporting documentation for review.
Then you need to associate a phone number with WhatsApp.

That last step can be a pain point. If you use a mobile number, WhatsApp just sends an SMS verification code. But if you’re trying to onboard a non-mobile PSTN number (your “office” number for example), the process gets much trickier. You’ll need to request a voice call verification; don’t get disheartened when no phone call comes… or the call comes but it won’t accept your DTMF tones to get the code… keep going and you’ll get there eventually. The voice verification process doesn’t feel as complete and issue free as the SMS version.

Screenshot of the Whatsapp Business Manager

No CPaaS Middleman - Direct SIP Access

One of the biggest shifts here is that you don’t need to go through a provider like Twilio (or any other CPaaS) to get WhatsApp voice. You can do it directly.

That means:

Fewer moving parts - no external SBCs or CPaaS APIs in the middle.
Lower latency - the call path is just WhatsApp ↔ your SIP infrastructure.
Tighter control - you own the dialplan, the routing, and the integrations.

And the pricing? Honestly, it’s kind of amazing considering all of the pros like audio quality and that connection to the end user:

Inbound calls are free - you pay nothing when a WhatsApp user calls you.
Outbound calls start at 0.71p in the UK when calling another UK number. Pricing is different based on your volumes, the country of your phone number and the country of the number you’re calling.
Once a conversation is started and the customer replies, you can continue messaging them completely free for a certain time window.

Pricing table - inbound free, outbound starts at 0.71p/min

We’ve even put together a helper script that will set up your phone number for SIP calling and handle the initial configuration for you:

👉 github.com/nimbleape/whatsapp-business-sip-setup

SIP & Media Requirements

Once you’re through onboarding, here’s what the SIP side looks like:

SIP over TLS is mandatory.
SRTP for media (or DTLS if you’re using WebRTC).
Opus is the required codec.
No re-INVITEs are supported - your setup needs to handle calls without them.
WhatsApp publishes IP ranges for signalling/media that you’ll probably want to allowlist (but there’s over 1000 IP ranges to whitelist).

![Placeholder: table of SIP/media requirements]

Calling Limitations

Here’s the bit you can’t ignore: you can’t just pick up the phone and call a WhatsApp user out of the blue.

If a user calls you or messages, you get a 24-hour callback window where you’re allowed to call them back.
Outside of that window, the only way to initiate a call is to send the user a WhatsApp message requesting telephone permissions.

This is all about protecting users from spam, but it does mean you need to design your call flows around these rules.

Our attempt at understanding the rules around outbound calling. It may or may not be right.

Example Configurations

Asterisk PJSIP Setup

Here’s a minimal config you can drop into your pjsip.conf:

Copied to clipboard!

[whatsapp-in]
type=endpoint
context=from-whatsapp
disallow=all
allow=opus
auth=whatsapp-auth
aors=whatsapp-aor
media_encryption=sdes

[whatsapp-auth]
type=auth
auth_type=userpass
username=<phone_number>
password=<sip_password>

[whatsapp-aor]
type=aor
max_contacts=1

[whatsapp-identify]
type=identify
endpoint=whatsapp-in
match_header=X-FB-External-Domain: wa.meta.vc

Notice the X-FB-External-Domain: wa.meta.vc header; this is a useful way to identify whether the call is coming from WhatsApp to get into the right configuration inside PJSIP.

If you want to go further, you can validate calls against the published IP ranges (docs). The catch: there are a lot of them (1001 ranges at time of writing), which makes it unwieldy to maintain in a PBX config. This may be required if your VoIP platform doesn’t support authentication challenges on inbound SIP.

Jambonz Setup

Jambonz can work with WhatsApp Business Calling, but there are some important quirks you need to know.

1. No inbound SIP authentication

Jambonz doesn’t currently support authentication challenges on inbound SIP, so you can’t just rely on user/pass like you can with Asterisk. That leaves you with two options:

Manually maintain the current 1001 IP ranges that WhatsApp publishes, or
Start by letting the inbound traffic hit your SBC logs, see which IPs are denied, and add those incrementally - which is far from a foolproof way of doing this… but gets you to a point of receiving calls quickly.

Neither is perfect… until Jambonz gains inbound auth support, this is the reality.

2. Patch for media anchoring

You’ll also need to apply a patch we submitted to the Jambonz project to ensure media is anchored correctly: PR #1310. (You also need to set the anchor environment variable on your jambonz feature server process.

3. Carrier settings

Your carrier config in Jambonz needs some careful setup:

Outbound auth is required using the details given to you during SIP setup.
You must set an “active” network address for inbound - see the note above about setting these up.
For outbound, use wa.meta.vc with the port 5061 with TLS/SRTP and pad crypto enabled.

You also need to set the register_from_domain setting but you can’t really do this in the UI without unintended consequences. If you don’t set this via the API, outbound calls won’t work correctly.

Copied to clipboard!

curl -X PUT https://jambonz-api.domain.com/v1/VoipCarriers/specific-carrier-uuid \
     -H "Authorization: Bearer api-key" \
     -H "Content-Type: application/json" \
     -d '{
  "register_from_domain": "sip.domain.com"
}'

Screenshot of the Jambonz Carrier settings

Beyond SIP: Meta Graph API

It’s worth noting: SIP isn’t the only way to do this. Meta also exposes a Graph API for Business Calling. That gives you more flexibility if you want to build your own call control logic at the API layer. You end up dealing with webhooks to tell you about inbound calls along with SDP… it gives you a tonne of flexibility to build it into your app if you haven’t already got a VoIP platform using SIP.

SIP is just the easier path if you can take it…

Gotchas & Tips

✅ Make sure your firewall rules include WhatsApp’s published IP ranges and automate this; dealing with 1001 different ranges that potentially change daily isn’t fun.
✅ Enable Opus on your VoIP system, which might mean doing more transcoding.
✅ No re-INVITEs; WhatsApp will just say no and your call will fail.
✅ Keep track of the 24-hour callback rule if you’re doing Outbound calling.
✅ Jambonz users: remember to patch + configure IP ranges, set register_from_domain, and anchor media.

WhatApp UI showing calls to and from Everycast Labs

Closing Thoughts

WhatsApp has become more than a chat app. With Business Calling, it’s giving enterprises a SIP entry point to reach their customers at scale, with the same infrastructure they already use for voice.

Whether you’re running your VoIP server in a server closet or orchestrating AI-powered voice agents in the cloud, this has the potential of enabling better communications with your customers with rich interaction - not just by chat but also by voice.

For once, the barrier isn’t cost; inbound is free, outbound is cheap, and the reach is global. The real challenge is in the details: configs, auth models, and making sure your VoIP stack can handle WhatsApp’s quirks.

If your company is looking for help getting this all set up, Nimble Ape can help get you set up: https://nimblea.pe - [email protected].

whatsapp sip webrtc pstn