WhatsApp Cloud API
You bring the WABA, phone number ID, app secret, and verify token. Inbound is signed with X-Hub-Signature-256. Templates and pricing stay on your Meta account.
Feature · BYOK
Your numbers. Your providers. Your relationships.
OrcaLinq never sits between you and the channel. Bring your own WhatsApp, Telegram, LINE, Meta, Shopify, and model credentials. Cancel us and your traffic keeps flowing on your own keys.
What BYOK is
Your providers. Your credentials. Your relationships.
BYOK means the channel — and the customer relationship that lives on it — is owned by your business, not the messaging platform. The platform conducts; it doesn't resell.
Telegram Bot API
Your bot token. Webhook or long-poll. Webhook secret. The number stays with you if you ever leave.
LINE Official Account
Your channel secret, push token, reply token. Rich messages, LIFF handoff, and quotas all on your own LINE account.
Meta Messenger / Instagram
One Meta app covers both. Page access tokens, IG business ID, HMAC-verified deliveries on your account.
Shopify event webhook
Order, cart-abandoned, customer-created. HMAC-SHA256 base64 verified. Maps to your tenant inbox automatically.
Model keys
Bring compatible model-provider keys on Agency. Use the model gateway for routing, fallback, and instrumentation.
Why BYOK matters
No reseller markup. No lock-in.
- No hidden fees. WhatsApp, SMS, and provider charges go directly to your provider account. The platform does not mark them up.
- No platform lock-in. Your numbers, templates, and history continue working on your own provider account if you ever leave.
- No credential surprises. Provider relationships, billing, support, and quotas all stay with you.
- Compliance you can audit. Provider audit logs reflect your business as the actor — not a reseller.
How keys are stored
Encryption, isolation, and rotation
Provider keys are treated as secrets — encrypted at rest, never returned in API responses, never logged, and rotateable in one click.
Encrypted at rest
Symmetric encryption with per-tenant key envelopes. Decrypted only at the moment of provider call.
Never returned
Keys are write-only from the dashboard. Reads return masked metadata only.
Audit on every change
Adding, rotating, or revoking a key writes to the Wake with timestamp, actor, and reason.
Tenant-scoped
Keys are scoped to a single tenant. Cross-tenant access is impossible by construction.
BYOK FAQ
Frequently asked questions
Why does BYOK matter?
Provider relationships and credentials are business assets. BYOK keeps them with the business — not the platform. If you ever leave, your numbers, templates, and history continue working on your own provider account.
Which channels are BYOK?
WhatsApp Cloud API, Telegram Bot API, LINE Official Account, Meta Messenger and Instagram, Shopify event webhooks, and custom webhook endpoints. Compatible model-provider keys are BYOK on Agency.
Are credentials encrypted?
Yes. Channel and AI keys are encrypted at rest, never returned in API responses, never written to logs, and scoped to the tenant that owns them.
What if a provider rotates a token?
You rotate it in the dashboard. The platform picks up the new value on the next outbound call. No service interruption beyond the rotation window.
Can the platform see my AI prompts?
Operationally, yes — for routing, audit, and abuse prevention. With BYOK on Agency, AI requests can be routed through your own provider account so the data path matches your security posture.
Related pages
Keep exploring
Bring your channel keys to the demo.
If you have a sandbox WABA, Telegram bot, or LINE channel, we'll wire it during the call so you can see BYOK end-to-end.