fix(wati_service): Update OTP template parameter names to numeric placeholders

- Change OTP parameter name from "otp_code" to "1" to match WhatsApp auth template format
- Change expiry parameter name from "expiry_time" to "2" for numeric placeholder compliance
- Update comments to reference Facebook WhatsApp Business Management API documentation
- Add decode_wati_token.py utility script for JWT token inspection and debugging
- Align parameter naming with WATI API and WhatsApp authentication template requirements

app/auth/services/wati_service.py

@@ -84,19 +84,20 @@ class WatiService:
             url = f"{self.api_endpoint}/api/v1/sendTemplateMessage"
             params = {"whatsappNumber": whatsapp_number}
             
-            # Build request payload
-            # Parameters array should match the template placeholders
-            # Typically: [OTP_CODE, EXPIRY_TIME]
+            # Build request payload for WhatsApp Authentication Template
+            # WhatsApp auth templates use numeric placeholders: {{1}}, {{2}}, etc.
+            # Format based on WATI API and Facebook WhatsApp documentation
+            # Reference: https://developers.facebook.com/docs/whatsapp/business-management-api/authentication-templates
             payload = {
                 "template_name": template,
                 "broadcast_name": "OTP_Login",
                 "parameters": [
                     {
-                        "name": "otp_code",
+                        "name": "1",
                         "value": otp
                     },
                     {
-                        "name": "expiry_time", 
+                        "name": "2", 
                         "value": str(expiry_minutes)
                     }
                 ]

decode_wati_token.py

@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+"""
+Decode WATI JWT token to see what's inside.
+"""
+import base64
+import json
+
+def decode_jwt(token):
+    """Decode JWT token without verification."""
+    try:
+        # Split token into parts
+        parts = token.split('.')
+        if len(parts) != 3:
+            print("❌ Invalid JWT format")
+            return
+        
+        header_b64, payload_b64, signature = parts
+        
+        # Decode header
+        header_padding = '=' * (4 - len(header_b64) % 4)
+        header_json = base64.urlsafe_b64decode(header_b64 + header_padding)
+        header = json.loads(header_json)
+        
+        # Decode payload
+        payload_padding = '=' * (4 - len(payload_b64) % 4)
+        payload_json = base64.urlsafe_b64decode(payload_b64 + payload_padding)
+        payload = json.loads(payload_json)
+        
+        print("=" * 80)
+        print("WATI Token Decoded")
+        print("=" * 80)
+        
+        print("\nHeader:")
+        print(json.dumps(header, indent=2))
+        
+        print("\nPayload:")
+        print(json.dumps(payload, indent=2))
+        
+        print("\n" + "=" * 80)
+        print("Key Information")
+        print("=" * 80)
+        
+        print(f"\nEmail: {payload.get('email', 'N/A')}")
+        print(f"Tenant ID: {payload.get('tenant_id', 'N/A')}")
+        print(f"Database: {payload.get('db_name', 'N/A')}")
+        print(f"Role: {payload.get('http://schemas.microsoft.com/ws/2008/06/identity/claims/role', 'N/A')}")
+        print(f"Issuer: {payload.get('iss', 'N/A')}")
+        print(f"Audience: {payload.get('aud', 'N/A')}")
+        
+        # Check expiration
+        exp = payload.get('exp', 0)
+        if exp:
+            from datetime import datetime
+            exp_date = datetime.fromtimestamp(exp)
+            print(f"Expires: {exp_date}")
+            
+            now = datetime.now()
+            if exp_date > now:
+                print(f"✅ Token is valid (expires in {(exp_date - now).days} days)")
+            else:
+                print(f"❌ Token is EXPIRED!")
+        
+        print("\n" + "=" * 80)
+        print("Tenant Information")
+        print("=" * 80)
+        
+        tenant_id = payload.get('tenant_id', '')
+        print(f"\nTenant ID from token: {tenant_id}")
+        print(f"API Endpoint: https://live-mt-server.wati.io/104318")
+        
+        if tenant_id == "104318":
+            print("✅ Tenant ID matches API endpoint")
+        elif tenant_id == "1043182":
+            print("⚠️  Tenant ID has extra '2' at the end")
+            print(f"   Token tenant: {tenant_id}")
+            print(f"   Endpoint tenant: 104318")
+            print("\n   This might be the issue!")
+            print("   Try using endpoint: https://live-mt-server.wati.io/1043182")
+        else:
+            print(f"❌ Tenant ID mismatch!")
+            print(f"   Token tenant: {tenant_id}")
+            print(f"   Endpoint tenant: 104318")
+        
+        print("\n" + "=" * 80)
+        
+    except Exception as e:
+        print(f"❌ Error decoding token: {str(e)}")
+        import traceback
+        traceback.print_exc()
+
+if __name__ == "__main__":
+    token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6ImN0b0BjdWF0cm9sYWJzLmNvbSIsIm5hbWVpZCI6ImN0b0BjdWF0cm9sYWJzLmNvbSIsImVtYWlsIjoiY3RvQGN1YXRyb2xhYnMuY29tIiwiYXV0aF90aW1lIjoiMDIvMDYvMjAyNiAxMjoyMzoyNiIsInRlbmFudF9pZCI6IjEwNDMxODIiLCJkYl9uYW1lIjoibXQtcHJvZC1UZW5hbnRzIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiQURNSU5JU1RSQVRPUiIsImV4cCI6MjUzNDAyMzAwODAwLCJpc3MiOiJDbGFyZV9BSSIsImF1ZCI6IkNsYXJlX0FJIn0.z5lE4gK903PpsSVIZgdNlpsdeXKAeSsGe-Kdr5WT19c"
+    
+    decode_jwt(token)