Home
Changelog
Back to All

February 2026

March 10th, 2026 by Divya Papneja

Support for Usernames / BSUID

Meta is introducing Usernames on WhatsApp in 2026, which will be associated with a Business Scoped User ID (BSUID). To ensure a smooth transition, Gupshup will support this change in phases.

Phase 1 – Pre-GA (Starting March 31, 2026)

Beginning March 31, 2026, Meta will start including BSUID along with the phone number in DLRs, if end-user has adopted phone number. This rollout will happen gradually over the next 1–2 months, as end users begin adopting usernames.

What Gupshup Will Do

Gupshup will begin storing the mapping between BSUID and phone number whenever both identifiers are received.


Default Behaviour (No Change Required For You)

By default, Gupshup will continue passing only the phone number, exactly as it works today. No changes are required on your side.


On-Demand Behaviour (Optional)

For partners who want to start working with usernames early, we will provide an optional capability to fetch the BSUID. Updated documentation for this capability will be shared in the coming weeks.


Phase 2 – GA Rollout (Expected in H2 2026)

During the General Availability phase, Meta may start sending BSUID-only identifiers without the phone number. Gupshup will share a detailed transition plan ahead of this phase to ensure partners do not have to make multiple changes to their integrations.


What You Need To Do

For now, no action is required. Partners who wish to start using BSUID can opt-in once the updated documentation is released. Keep an eye on this article for further updates.



Security Update About Account-Level API Keys on Gupshup

As part of our continued focus on strengthening platform security, we are implementing an important update to API key management on Gupshup.

What’s Changed

Account-level API keys will no longer be displayed in the Gupshup interface/s. For existing gupshup.ai accounts, previously generated account-level API keys will continue to function, but not shown in the interface. For new gupshup.ai accounts, account-level API keys will no longer be generated. If you plan to create new gupshup.ai accounts or ask your customers to do so, you will not be able to link apps with the Partner App Linking Endpoint as it needs the Account Level API Key. Customers are advised to do the same by linking it through the gupshup.ai interface App Settings (allowed only limited times in 24 hours). This change is being implemented as a proactive security measure to reduce exposure risk and promote best-practice key management.

Recommended Action for Partners

  1. For Partners Whose Customers Create Gupshup.ai Accounts

We strongly recommend: Ask your customers to link an app within their account with your partner ID. Retrieve the app-level token (for Partner Portal APIs). Retrieve the app-level API key for using gupshup.io APIs (if needed)

App-level credentials provide better isolation, improved access control, and stronger security governance.

  1. For Partners Using Gupshup.ai for Their Own Accounts

Your existing account-level API key will remain active. We strictly recommend keeping frequent rotation of the API keys (3 months at a minimum) as a priority. You can also create applications from Partner Portal or Onboarding APIs. More importantly we strongly recommend transitioning to app-level API keys going forward, as it makes your own partner linked apps within the same account more secure. App-level API keys are also easily rotate-able at any time. You can continue to generate app-level API keys from the Settings section of each app, as has always been recommended.

Why This Matters

Moving from account-level to app-level credentials: Reduces damage radius in case of credential exposure Aligns with industry-standard security practices Provides tighter control over integration-level permissions

This update is purely a security enhancement and does not impact existing integrations unless you are creating new accounts.

Additionally we recommend to -

  1. Use app level api keys and app level partner tokens instead of account level api keys
  2. Enable MFA for all users on partner portal and gupshup.ai. If MFA is through email, do not share credentials with anyone and keep rotating password periodically.
  3. Rotate api keys and tokens frequently (at a minimum of 3 months)
  4. Do not share your client keys, tokens, api keys with anyone or do not store it in areas that may be at risk of getting exposed (curls / postman / github / google sheets)

DEPRECATION : ‘Allow category change’ flag for template creation

As Meta has deprecated this feature during template application, Gupshup will also be not supporting or passing this field to Meta any more. Hence it is recommended to not pass this field in your template creation requests.


REMINDER : Gupshup Partner Terms of Use – Action Required

The Gupshup Partner Terms of Use are available on Partner Portal. Please refer to the official link below for the Partner Terms of Use: https://www.gupshup.ai/partner-terms-of-use These terms are also available in the Partner Portal → Resources → Legal section.

Why this matters?

The partner terms of use is Gupshup's endeavor to provide you a single, always-updated source of truth, improve compliance, and ensure uninterrupted access to partner features. It thereby provides 100% clarity and transparency between Gupshup and you, thus leading to smoother collaboration going forward.

Acceptance Required for Partners

We have started capturing acceptance of the terms on the Partner Portal once you login. Acceptance must be completed by a partner account admin Recommended deadline: March 31 2026 Partners who do not accept the Terms by this date may start losing access to certain partner features

We request you to review and accept the Terms within the stipulated timeline.


REMINDER : Expiry of Unused Commissions till March 31 2025, due soon

As per our commission validity policy, commissions earned between April 1 of a given year (Year 1) and March 31 of the following year (Year 2) (referred to as the "Commission Year") must be redeemed by March 31 of the subsequent year (Year 3). Thus any commissions (earned till March 31, 2025) not redeemed before April 1 2026 shall automatically expire and be reversed from the Partner's account. Such expired commissions shall become unredeemable and shall not be reinstated under any circumstances.