npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

whatsapp-business-mcp-server

v1.1.0

Published

MCP Server for WhatsApp Business API - manage templates, phone numbers, send messages. Supports stdio and HTTP (Streamable/SSE) transports.

Readme

WhatsApp Business MCP Server

MCP server for the WhatsApp Business / Meta Graph API. List business accounts and phone numbers, manage message templates, send template messages, and look up message status.

Supports two transports:

  • stdio — default; for local Claude Desktop / Claude Code / Cursor.
  • HTTP (Streamable / SSE) — for remote deployment (Railway, Fly.io, Render, your own container).

Tools

| Tool | Read-only | Description | |---|---|---| | wa_get_business_accounts | yes | Discovery — start here. List WABAs owned by a Meta Business. | | wa_get_phone_numbers | yes | List phone numbers on a WABA (returns phone_number_id for sending). | | wa_get_templates | yes | List templates with filters (status, language, name) and pagination. | | wa_create_template | no | Create a new message template (goes through Meta review). | | wa_delete_template | destructive | Delete a template by name (all languages). | | wa_send_template | no | Send an approved template message. Validates phone (E.164), template name, locale. | | wa_get_message_status | yes | Look up a message by wamid. | | wa_api_call | restricted | Escape hatch — only whitelisted WhatsApp Business paths. |

Resources

The server also exposes the same inventory as MCP resources so the host can cache them:

  • whatsapp://business-accounts/{business_id}
  • whatsapp://phone-numbers/{waba_id}
  • whatsapp://templates/{waba_id}

Environment variables

| Variable | Required | Default | Description | |---|---|---|---| | WHATSAPP_TOKEN | yes | — | Meta Graph API access token (system user token recommended). | | WHATSAPP_API_VERSION | no | v23.0 | Graph API version. | | MCP_TRANSPORT | no | stdio | stdio or http. | | PORT | no | 3000 | HTTP transport port. | | HOST | no | 0.0.0.0 | HTTP transport bind address. | | MCP_HTTP_PATH | no | /mcp | HTTP transport endpoint path. | | MCP_BEARER_TOKEN | no | — | If set, HTTP requests must send Authorization: Bearer <token>. |

Install

npm install
npm test

Run locally (stdio)

WHATSAPP_TOKEN=... npm start

Run as an HTTP server

WHATSAPP_TOKEN=... MCP_BEARER_TOKEN=... npm run start:http
# → MCP listening on http://0.0.0.0:3000/mcp
# → Health check at GET /health

Configure in Claude Code / Desktop (stdio)

Once published to npm:

{
  "mcpServers": {
    "whatsapp-business": {
      "command": "npx",
      "args": ["-y", "whatsapp-business-mcp-server"],
      "env": { "WHATSAPP_TOKEN": "your-token-here" }
    }
  }
}

Or from a local checkout:

{
  "mcpServers": {
    "whatsapp-business": {
      "command": "node",
      "args": ["/absolute/path/to/whatsapp-business-mcp/src/server.mjs"],
      "env": { "WHATSAPP_TOKEN": "your-token-here" }
    }
  }
}

Configure as a remote HTTP MCP

{
  "mcpServers": {
    "whatsapp-business": {
      "url": "https://your-host.example.com/mcp",
      "headers": { "Authorization": "Bearer your-bearer-token" }
    }
  }
}

Docker

docker build -t whatsapp-business-mcp .
docker run --rm -p 3000:3000 \
  -e WHATSAPP_TOKEN=... \
  -e MCP_BEARER_TOKEN=... \
  whatsapp-business-mcp

Deployment

Railway

  1. New project → Deploy from GitHub.
  2. Railway detects the Dockerfile. Set service variables:
    • WHATSAPP_TOKEN
    • MCP_BEARER_TOKEN (shared secret for the HTTP endpoint)
  3. PORT is provided automatically by Railway; the server respects it.
  4. Public URL → https://<service>.up.railway.app/mcp.

Fly.io

fly launch --no-deploy
fly secrets set WHATSAPP_TOKEN=... MCP_BEARER_TOKEN=...
fly deploy

Ensure the [http_service] block in fly.toml uses internal_port = 3000.

Render

  1. New → Web Service → connect repo. Render detects the Dockerfile.
  2. Add environment variables WHATSAPP_TOKEN and MCP_BEARER_TOKEN.
  3. Health check path: /health.

Security notes

  • Always set MCP_BEARER_TOKEN when exposing the HTTP transport publicly. Without it, anyone who reaches the endpoint can use your WhatsApp Business token.
  • The token is read from the server's environment, never accepted from MCP clients.
  • wa_api_call is restricted to a whitelist of WhatsApp Business paths; arbitrary Graph endpoints are rejected.
  • Inputs are validated before requests reach Meta: phone numbers must be E.164, template names match [a-z0-9_]+, locales match xx or xx_YY.

Error handling

The server classifies Graph API failures and returns structured hints to the LLM:

  • token_expired / token_invalid (HTTP 401, code 190) — refresh credentials.
  • permission_denied (HTTP 403, code 10/200) — scopes/asset access missing.
  • rate_limited (HTTP 429, code 4) — back off and retry.
  • not_found (HTTP 404).
  • upstream_error (5xx).
  • network_error — fetch failed before reaching Meta.