System Overview

WhatsApp Team Inbox is a self-hosted application that connects your WhatsApp Business API account to a collaborative inbox interface for your team.
System Architecture

High-Level Architecture

How Messages Flow

1. Customer Sends Message

1

Customer Initiates

Customer sends WhatsApp message to your business number
2

Meta Receives

Meta WhatsApp Business API receives the message
3

Webhook Triggered

Meta sends webhook POST request to your Team Inbox backend
4

Message Stored

Backend validates, stores message in PostgreSQL database
5

Real-Time Update

WebSocket server broadcasts message to all connected team members
6

Team Notified

Team members see new message instantly + browser notification

2. Team Member Replies

1

Agent Types Reply

Team member types response in Team Inbox interface
2

API Request

Frontend sends message to backend API
3

Send to WhatsApp

Backend calls Meta WhatsApp API to send message
4

Store Locally

Backend stores sent message in database
5

Broadcast Update

WebSocket broadcasts sent message to all team members
6

Customer Receives

Customer receives message on their WhatsApp

Core Components

Frontend (Next.js)

Web Application

Technology: Next.js 14, React, TypeScript, TailwindCSSResponsibilities:
  • Team inbox interface
  • Real-time message updates via WebSocket
  • Conversation management UI
  • Contact management
  • Team collaboration features
  • Push notification subscription
  • Multi-language support
Key Features:
  • Server-Side Rendering for fast initial page loads
  • WebSocket Connection for real-time updates
  • Optimistic UI Updates for snappy user experience
  • Service Worker for push notifications when tab closed

Backend (Express.js)

API Server

Technology: Express.js, TypeScript, Prisma ORMResponsibilities:
  • WhatsApp webhook handling
  • REST API for frontend
  • WebSocket server for real-time updates
  • Authentication & authorization
  • Push notification delivery
  • Email notifications
  • Business logic and validation
Key Endpoints: 
POST   /api/webhook/whatsapp    - Receive WhatsApp messages
GET    /api/conversations        - List conversations
GET    /api/conversations/:id    - Get conversation details
POST   /api/conversations/:id/messages - Send message
GET    /api/contacts             - List contacts
POST   /api/auth/login           - Team member login

Database (PostgreSQL)

Data Storage

Technology: PostgreSQL with Prisma ORMStores:
  • Conversations and messages
  • Contacts and profiles
  • Team members and authentication
  • Push notification subscriptions
  • System settings and configuration
Key Tables:
  • User - Team members with auth credentials
  • Contact - Customer profiles and metadata
  • Conversation - WhatsApp conversation threads
  • Message - Individual messages (sent/received)
  • PushSubscription - Browser push notification endpoints

WhatsApp Business API

Meta Cloud API

Provider: Meta (Facebook)Purpose:
  • Official WhatsApp messaging for businesses
  • Send/receive messages
  • Media handling (images, documents, etc.)
  • Message status tracking
  • Conversation pricing

Real-Time Communication

WebSocket Architecture

Team Inbox uses WebSocket for instant updates: 
// When message arrives
Backend receives webhook

Stores in database

Broadcasts via WebSocket to all connected clients

All team members see update instantly (< 100ms)
Events Broadcast:
  • New incoming messages
  • New outgoing messages
  • Conversation assignment changes
  • Typing indicators
  • Team member presence (online/offline)
  • Message read receipts

Push Notifications

When team members don’t have the app open:
1

Browser Subscribes

Service Worker registers push notification subscription
2

Backend Stores

Backend stores subscription in database
3

Message Arrives

New WhatsApp message received
4

Push Sent

Backend sends push notification via Web Push API
5

Browser Shows

Browser displays notification even if tab closed
6

Click Opens

Clicking notification opens conversation in Team Inbox

Conversation Workflow

New Conversation

Ongoing Conversation

Security Flow

Authentication

1

Login

Team member enters email + password
2

Verification

Backend verifies credentials against database
3

JWT Token

Backend generates JWT token with user ID and role
4

Store Token

Frontend stores token in localStorage
5

API Requests

All API requests include Authorization: Bearer <token> header
6

Validation

Backend validates JWT on every request

WhatsApp Webhook Security

// Webhook verification flow
1. Meta sends webhook with signature header
2. Backend computes HMAC with app secret
3. Compares computed signature with received signature
4. Only processes if signatures match
5. Prevents unauthorized webhook calls

Data Flow Examples

Sending a WhatsApp Message

// 1. Frontend request
POST /api/conversations/123/messages
Body: { content: "Hello! How can I help?" }
Headers: { Authorization: "Bearer <jwt>" }

// 2. Backend processing
- Validates JWT token
- Checks user has access to conversation
- Calls WhatsApp API to send message
- Stores message in database
- Broadcasts via WebSocket

// 3. WhatsApp API
- Delivers message to customer
- Sends delivery receipt webhook
- Backend updates message status

// 4. All team members see message instantly

Receiving a WhatsApp Message

// 1. Meta webhook
POST /api/webhook/whatsapp
Body: {
  object: "whatsapp_business_account",
  entry: [{
    changes: [{
      value: {
        messages: [{
          from: "1234567890",
          text: { body: "I need help" }
        }]
      }
    }]
  }]
}

// 2. Backend processing
- Verifies webhook signature
- Extracts message data
- Finds or creates contact
- Finds or creates conversation
- Stores message
- Broadcasts to WebSocket clients

// 3. Frontend receives
- WebSocket event triggers
- Conversation list updates
- Notification shown
- Unread count increments

Deployment Architecture

Single Server Deployment (Small Teams)

┌─────────────────────────────────┐
│     Cloud Server (Railway)      │
│                                 │
│  ┌─────────┐  ┌──────────┐    │
│  │ Backend │  │ Frontend │    │
│  │ Node.js │  │ Next.js  │    │
│  └─────────┘  └──────────┘    │
└─────────────────────────────────┘

┌─────────────────────────────────┐
│   Managed PostgreSQL Database   │
└─────────────────────────────────┘

Scalable Deployment (Growing Teams)

┌────────────┐     ┌────────────┐
│  Frontend  │     │  Frontend  │
│  (Vercel)  │     │  (Vercel)  │
└────────────┘     └────────────┘
         ↓                ↓
    ┌──────────────────────────┐
    │    Load Balancer (AWS)   │
    └──────────────────────────┘
         ↓                ↓
┌────────────┐     ┌────────────┐
│  Backend   │     │  Backend   │
│  Instance  │     │  Instance  │
└────────────┘     └────────────┘
         ↓                ↓
    ┌──────────────────────────┐
    │  PostgreSQL (AWS RDS)    │
    └──────────────────────────┘

What Makes It Fast

WebSocket Real-Time

Sub-100ms message delivery using persistent connections

Optimistic Updates

UI updates immediately before server confirmation

Database Indexing

Optimized queries with proper indexes on conversations

Next.js SSR

Server-side rendering for instant page loads

Monitoring & Observability

Built-in logging and monitoring help you track system health
What Gets Logged:
  • All WhatsApp webhook events
  • API request/response times
  • Database query performance
  • WebSocket connection events
  • Push notification delivery
  • Error stack traces
Recommended Monitoring:
  • Set up alerts for failed webhooks
  • Monitor database connection pool
  • Track API response times
  • Watch error rates in logs

Next Steps

Deploy Your Instance

Get Team Inbox running in 30 minutes

Technical Architecture

Deep dive into deployment architecture