Hi everyone,
I’m stuck on the very last step of the WhatsApp Business Embedded Signup flow inside a Bubble app and would really appreciate some guidance.
Overall flow
- Facebook docs followed: Custom Flows → Onboarding Business App Users
https://developers.facebook.com/docs/whatsapp/embedded-signup/custom-flows/onboarding-business-app-users - Goal: complete the embedded signup, receive
code / waba_id / business_id
, then exchange thecode
for anaccess_token
using/oauth/access_token
.
My implementation in Bubble
-
Load Facebook SDK in the page header
<script> window.fbAsyncInit = function () { FB.init({ appId: '167150665*******', autoLogAppEvents: true, xfbml: true, version: 'v23.0' }); }; </script> <script async defer crossorigin="anonymous" src="https://connect.facebook.net/en_US/sdk.js"></script>
-
Listener for Embedded Signup events
<script> window.addEventListener('message', e => { if (!['https://www.facebook.com', 'https://web.facebook.com'].includes(e.origin)) return; let data; try { data = JSON.parse(e.data); } catch { return; } if (data.type !== 'WA_EMBEDDED_SIGNUP') return; if (['FINISH', 'FINISH_WHATSAPP_BUSINESS_APP_ONBOARDING'].includes(data.event)) { bubble_fn_waEmbeddedSignup({ output1: null, // code comes via FB.login output2: data.data?.waba_id, output3: data.data?.phone_number_id, output4: data.data?.business_id }); } }); </script>
-
Trigger the flow in a “Run JavaScript” action
function fbLoginCallback(res) { if (res.authResponse?.code) { bubble_fn_waEmbeddedSignup({ output1: res.authResponse.code }); } } FB.login(fbLoginCallback, { config_id: '4069075906679749', response_type: 'code', override_default_response_type: true, extras: { version: 'v3', featureType: 'whatsapp_business_app_onboarding' } });
-
Exchange
code
foraccess_token
(Bubble API Connector)POST https://graph.facebook.com/v23.0/oauth/access_token { "client_id": "<client_id>", "client_secret": "<client_secret>", "code": "<code>", "grant_type": "authorization_code", "redirect_uri": "<redirect_uri>" }
Error returned
HTTP 400 {
"error": {
"message": "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.",
"type": "OAuthException",
"code": 191,
"fbtrace_id": "AHmw-Xgttbirwh050y6E79I"
}
}
- Both App Domains and Valid OAuth Redirect URIs already include:
https://app.bubble.io
(editor)
https://my-app.bubbleapps.io
(dev & live)
What I’ve verified / tried
- Exact match:
redirect_uri
in the/access_token
POST is identical to the one used inFB.login
(protocol, path, trailing slash). - Added both dev and live sub‑domains in App Domains.
- Confirmed the
code
hasn’t expired (tested instantly). - Checked docs and examples for Graph v22.0 vs v23.0 – no change.
Any insight, workaround, or sample config would be incredibly helpful. I’ve combed through docs and examples but can’t get past this 400.
Thanks a lot in advance!