🔐Channel permissions and setup (by platform)
This page explains what each channel is, what permissions or data we request, and why we need them. Use it when connecting a channel from Integrations or Campaigns.
Web Chat
What it is: A chat widget embedded on your website. Visitors open the widget and chat; conversations appear in your OnRaven Inbox. No third-party social account is linked.
What we request: Nothing from you at connect time. When you save the campaign, OnRaven generates a unique API key for that Web Chat campaign. You use that key in the embed code on your site so the widget can send and receive messages through OnRaven.
Why: The API key identifies your widget and ensures only your allowed domains can use it. No OAuth or social permissions are involved.
WhatsApp Business
What it is: Messaging channel using the WhatsApp Business API (Cloud). You send and receive messages with customers on WhatsApp; conversations appear in the Inbox.
What we request:
Meta Business verification — Your business must be verified in Meta Business Manager (required for production).
WhatsApp Business phone number — A number dedicated to the WhatsApp Business API; it cannot be used with a personal WhatsApp account.
Message templates — For business-initiated messages, you create and submit templates for Meta approval (typically 24–48 hours).
Why: Meta requires business verification and approved templates for the Cloud API. The phone number is the channel identifier for delivery and webhooks.
Permissions: The app uses the WhatsApp Cloud API. Required API permissions (e.g. whatsapp_business_management, whatsapp_business_messaging) are configured in the Meta app; you do not see a scope list during connect. Ensure your Meta app has the correct WhatsApp product and permissions.
WhatsApp voice calling
What it is: Customers can start a voice call with your business in WhatsApp (in addition to chat). Agents answer in the OnRaven Inbox; audio runs through WhatsApp, not your PSTN line.
What you do: In the WhatsApp campaign’s profile / business settings, enable Calling when the option is available. Meta may require WhatsApp Calling to be approved or enabled for your Business Account — if the toggle fails or is missing, check Meta Business Manager or contact support.
Why: Voice calling uses separate Meta APIs and webhooks. Enabling it lets inbound calls ring in the app so agents can answer, reject, or end calls like a softphone inside WhatsApp.
For day-to-day use, see Send and reply to messages — WhatsApp voice calls and What’s new.
Facebook Messenger
What it is: Messaging channel for your Facebook Page. When someone messages your Page, the conversation appears in the OnRaven Inbox so you (or your bot) can reply.
What we request:
Facebook login — You sign in with Facebook and choose the Page to connect. The exact permissions are defined by the Facebook Login for Business configuration (config) in the Meta app; you see the consent screen Meta provides for that config.
Page admin access — You must be an admin of the Page so the app can receive and send messages on its behalf.
Webhook subscription — After connect, we subscribe your Page to webhooks for messages and feed so we receive new messages and relevant feed activity.
Why: Page access and the “messages” subscription are required to read and reply to Messenger conversations. “Feed” can be used for feed-related features (e.g. comments) if you enable them.
Instagram Direct (Instagram Messenger)
What it is: Direct messages (DMs) to your Instagram Professional (Business or Creator) account. When someone sends a DM, it appears in the OnRaven Inbox.
What we request:
During Instagram Login (OAuth)
When you click Connect and are sent to Instagram to log in, we request these permissions (scopes):
instagram_business_basic
Access to your Instagram Business/Creator account and basic profile so we can link the right account.
instagram_business_manage_messages
Read and send DMs so we can show conversations in the Inbox and reply (including automated replies).
instagram_business_manage_comments
Manage comments on your posts (e.g. if you use comment-to-DM or feed features).
instagram_business_content_publish
Optional: publish content on your behalf if you use scheduling or publishing features.
instagram_business_manage_insights
Optional: read insights (reach, engagement) if you use analytics for that account.
Why: We need at least basic account access and message access to receive and send DMs. Comment and publish/insights permissions support extra features (comments, publishing, analytics) if you use them.
After connect (webhooks)
We subscribe your Instagram Business account to these webhook fields so we get real-time events:
messages — Incoming and outgoing DMs.
messaging_postbacks — Button/postback clicks in conversations.
messaging_seen — Read receipts.
messaging_handover — Handover protocol (e.g. human takeover).
messaging_referral — Referrals (e.g. from ads or entry points).
messaging_optins — Opt-in events (e.g. user subscribed to messaging).
message_edit — When a message is edited.
comments — Comments on your posts (if you use comment-related features).
mentions — When your account is mentioned.
story_reactions — Reactions to your stories.
Why: These subscriptions tell us when new messages arrive, when users interact with buttons, and when comments/mentions happen so we can keep the Inbox and automations in sync.
Instagram Feed / Facebook Feed
What it is: Capture of comments and live comments on your Instagram or Facebook content. These can be routed into the Inbox or used for moderation and engagement.
What we request: Same Facebook/Instagram login and Page (or Instagram account) access as for Messenger or Instagram Direct. We may also request feed capture to be enabled for the connected Page/account so we can subscribe to comment and live-comment events.
Why: Feed features need access to the same Meta assets (Page, Instagram account) and permission to receive comment webhooks.
Threads
What it is: Messaging and engagement on Threads (Meta’s app). You can receive and reply to Threads content (e.g. replies, mentions, DMs) and optionally publish or read insights.
What we request:
During Threads OAuth
When you authorize via Threads, we request these permissions (scopes):
threads_basic
Basic profile and account access so we can link your Threads account.
threads_content_publish
Publish posts/replies on your behalf if you use publishing features.
threads_read_replies
Read replies to your posts so we can show them in the Inbox and support engagement.
threads_manage_replies
Create and manage replies (e.g. reply from OnRaven).
threads_manage_insights
Read Threads insights (reach, engagement) if you use analytics.
Why: Basic access identifies the account; reply read/manage and optional publish/insights support conversation and content features.
Webhooks
We subscribe to Threads webhook events such as comments, likes, replies, mentions, and direct_messages so you get real-time updates in the Inbox.
TikTok Messenger
What it is: Messaging channel for TikTok Business accounts. Messages sent to your TikTok Business account can be handled in the OnRaven Inbox.
What we request:
TikTok Business account — Your account must be set up as a Business account.
TikTok for Business / Business Center — You need access via TikTok for Business and a Business Center.
Admin permissions — You must be an admin of the Business Center so the app can connect the right assets.
Why: TikTok’s API for messaging and webhooks is available only for Business accounts and Business Center admins. We do not request a separate list of “scopes” in the UI; the exact API permissions are defined when the TikTok app is configured.
LinkedIn
What it is: Integration with LinkedIn for organization or member social features (e.g. managing posts, replying to comments, or posting on behalf of a Company Page).
What we request:
When you connect via LinkedIn OAuth, we request these permissions (scopes):
rw_organization_admin
Read/write access to organization (Company Page) admin data so we can manage the Page if you use that.
w_organization_social
Post on behalf of the organization (Company Page).
r_organization_social
Read organization posts and engagement.
r_basicprofile
Read your basic profile (e.g. name) to show who is connected.
r_emailaddress
Read your email address for account linking.
r_liteprofile
Read lite profile information.
w_member_social
Post on your behalf as a member (e.g. personal posts) if you use that feature.
Why: Organization scopes are needed to manage and post for Company Pages; member and profile scopes support identity and optional member posting. Some permissions may require LinkedIn app verification.
Telegram
What it is: Messaging channel using a Telegram bot. Users message your bot; conversations appear in the OnRaven Inbox.
What we request: A Bot Token from @BotFather on Telegram. You create a bot, get the token, and paste it when connecting the campaign. No OAuth or scope list.
Why: The token is the only credential Telegram uses for the Bot API. It identifies your bot and allows us to receive updates and send messages.
SMS / RCS (Mobile)
What it is: SMS or RCS (Rich Communication Services) messaging. You send and receive text (and rich) messages with customers via a provider OnRaven integrates with.
What we request: Provider-specific credentials and the phone number(s) you use for sending and receiving. These are usually entered in the campaign or provider setup (e.g. API keys, account IDs). No OAuth scopes.
Why: The provider needs to authenticate your account and know which number to use for delivery and webhooks.
Email
What it is: Email as a channel. Emails to/from addresses you configure are shown in the Inbox so you (or your bot) can reply by email.
What we request:
Sending domain — Either a custom domain you verify (e.g.
mail.yourcompany.com) by adding DNS records we provide, or our shared domain (e.g.[email protected]) to get started without DNS.Optionally From address and From name for the sending identity.
No OAuth or social permissions. We never ask for your email password.
Why: We need a verified sending domain (or the shared domain) so emails are delivered reliably and not marked as spam. Receiving is handled by our infrastructure once the channel is set up.
Redirect URI (Meta: Facebook / Instagram)
When you connect Facebook or Instagram, your browser is sent to Meta’s login page and then redirected back to OnRaven. That return URL is the redirect URI.
Production: We use
https://app.onraven.com/integrationsas the redirect URI. This must be added in your Meta for Developers app under Valid OAuth Redirect URIs (Facebook Login / Instagram) or the connection will fail with “Invalid redirect URI.”Custom: If your team uses a different base URL (e.g. for white-label), the redirect URI may be set via configuration (e.g.
VITE_INSTAGRAM_REDIRECT_URI). That exact URI must be allowed in the Meta app.Note: The app redirects from
/integrationsto the workspace-scoped page (e.g./workspace/:id/integrations) while preserving OAuthcodeandstate.
Summary
Web Chat
API key (generated)
None from you; key restricts by domain.
Meta Business + phone + templates
Business verification, number, template approval.
Facebook Messenger
Facebook Login + Page
Page admin; webhooks: messages, feed.
Instagram Direct
Instagram Login (OAuth)
Business basic, manage messages/comments, optional publish/insights; webhooks for messages, comments, etc.
Instagram / Facebook Feed
Same as Messenger/Instagram
Feed capture and comment-related webhooks.
Threads
Threads OAuth
threads_basic, read/manage replies, optional publish/insights; webhooks for comments, replies, DMs.
TikTok Messenger
TikTok Business
Business account, Business Center, admin.
LinkedIn OAuth
Organization admin/social, member social, profile, email.
Telegram
Bot token
Token from BotFather.
SMS / RCS
Provider credentials
API keys, phone number(s).
Domain or shared domain
DNS verification or shared domain; no password.
If a platform is not listed here, check the in-app steps when connecting; the same principles apply: we only request what we need to receive messages, send replies, and (where applicable) manage comments or insights.
For step-by-step connection flows, see Connect a channel (Web Chat or social).
Last updated
Was this helpful?