Table of Contents
1. Overview
What WhatsApp Integration is, what it owns, what the ERP owns, why it is not a full framework, its relationship with the Notification Framework and the ERP Communication/Inbox modules.
2. Architecture
Standalone library boundary, ERP host boundary, runtime ownership, dependency graph, package graph, the two-layer model (provider library + ERP business layer).
3. Packages
Shumoul.WhatsAppIntegration.Contracts, .Abstractions, .Core, the test project, current version
(1.0.1), and each package's allowed/forbidden responsibilities.
4. Configuration
Every configuration key (no secret values), Graph API version, BaseUrl, tenant-scoped credentials, and the
SecretsManifest relationship.
5. Runtime Flows
Mermaid sequence diagrams for every runtime flow: send template, send OTP, send activation, send invoice, receive webhook, verify webhook, reply from inbox, upload/send/download media, delivery status, error handling.
6. API Reference
All 74 HTTP endpoints across the 9 WhatsApp-related controllers, each with method, route, purpose, authorization, permission, request/response models, example JSON, error cases, backend service, Meta API interaction, and Angular/Flutter usage notes.
7. SignalR
The WhatsAppHub real-time layer: route, groups, client-invokable methods, server-broadcast events,
authentication, Angular/Flutter usage.
8. Webhooks
GET verification handshake, POST webhook receive, HMAC signature validation, payload structure, message status updates, incoming messages, the ProfileName parsing fix, and failure handling.
9. Templates
Template message structure, variables/components, the OTP/Activation/business-document templates in use, and error cases.
10. Inbox / Conversation
Conversation lifecycle, notes, tags, saved replies, timeline, media, the reply flow, and tenant credentials.
11. Security
Webhook signature verification, token handling, secret handling, permission gates, diagnostic endpoint risks, production safety notes.
12. Testing
Standalone library tests, ERP tests, webhook parser tests, signature tests, phone normalization tests, and how QA should test using Postman.
13. Troubleshooting
Common failure scenarios and their resolutions.
14. Appendix
DTO index, enum index, configuration index, controller index, runtime call graph, glossary.
15. SDK Code Examples
cURL (Linux/macOS and Windows), JavaScript (fetch()/Axios), C# (HttpClient), and Flutter (Dio) for every
one of the 74 certified endpoints — see also the official Postman collection.
16. Architecture Validation
Phase 2.2's independent re-verification of the Phase 1 consolidation guarantees, plus two new findings (documented, not fixed).
17. SDK Usage Guide
How another Shumoul module should consume this library: DI/registration, credential override, tenant context, media handling, error handling and retries, webhook registration.
18. Configuration Reference
Platform configuration, tenant configuration, secrets, environment variables, feature flags, and default values — presented as separate, certification-grade tables.
19. Webhook Payload Catalog
Real JSON examples for every Meta message and status type, annotated with exactly what the parser extracts versus what survives only in the raw payload.
20. Meta Error Reference
Every Meta error signature this system actively classifies, plus a reference list of additional Meta platform codes not yet handled.
21. Sequence Diagrams
The ten certification-required Mermaid diagrams: send template, receive webhook, OTP, activation, media upload, media download, conversation flow, delivery status, background retry, failed delivery.
