RemotIQ — let's make your process intelligent
16 Feb, 2026 · Engineering

Stop paying per OTP — how we built WhatsApp-based 2FA for Keycloak 26.x

A drop-in Keycloak 26.x plugin that delivers OTPs over WhatsApp via the Meta Cloud API. No SMS bill.

Stop paying per OTP — how we built WhatsApp-based 2FA for Keycloak 26.x

SMS OTPs are reliable — and expensive. At scale, per-message fees quietly become one of the largest lines in an auth budget.

We built wa2fa: a Keycloak 26.x plugin that delivers one-time passwords over WhatsApp via the Meta Cloud API. It drops into the existing authentication flow with no custom UI.

The result: the same second factor your users already trust, without the per-OTP SMS bill.

Back to Insights